Infected with worm32, adwares etc. pls help!

View previous topic View next topic Go down

Infected with worm32, adwares etc. pls help!

Post by Jourdana on 30th January 2010, 3:38 pm

Hi,

I have been trying to remove all these worms and adwares using different anti-virus and anti-spywares but I am not sure if my pc is still infected. I would appreciate it very much if you can help me on this. Thanking the GeekPolice in advance. Here's my hijackthis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:40 PM, on 1/30/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Chikka Messenger\Chikka v.4\ChikkaLauncher.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\PSI\psi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Adobe9.3\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca06271e01a3b8) (gupdate1ca06271e01a3b8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10744 bytes

Jourdana
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-30
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25243
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Belahzur on 30th January 2010, 4:55 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Jourdana on 31st January 2010, 4:51 am

Hi Belahzur,

Thank you very much for your quick reply. I really appreciate it Smile. Please find below my MBAM log.

Malwarebytes' Anti-Malware 1.44
Database version: 3664
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

1/31/2010 6:28:44 AM
mbam-log-2010-01-31 (06-28-44).txt

Scan type: Full Scan (C:\|E:\|G:\|)
Objects scanned: 363472
Time elapsed: 1 hour(s), 36 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Jourdana
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-30
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25243
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Belahzur on 31st January 2010, 8:06 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Jourdana on 31st January 2010, 11:44 pm

Hi,

Just a quick question. Do I have to turn off my antivirus when I run this? Thanks Smile

Jourdana
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-30
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25243
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Jourdana on 1st February 2010, 12:19 am

OTL logfile created on: 2/1/2010 3:03:05 AM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\toshiba\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.96 Gb Total Space | 22.02 Gb Free Space | 29.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 72.62 Gb Total Space | 37.71 Gb Free Space | 51.93% Space Free | Partition Type: NTFS
Drive F: | 2.16 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 232.83 Gb Total Space | 167.79 Gb Free Space | 72.07% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-PC
Current User Name: toshiba
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/01 02:40:52 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\toshiba\Desktop\OTL.exe
PRC - [2010/01/23 03:28:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/11/16 09:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/10/11 00:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/21 17:36:28 | 001,045,904 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TemproTray.exe
PRC - [2009/04/21 17:36:06 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
PRC - [2009/04/11 09:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 09:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 16:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/12/12 14:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/07 17:28:16 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/24 21:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/11 13:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008/01/21 05:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/17 19:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/10/17 02:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/08/28 20:11:36 | 000,036,864 | ---- | M] () -- C:\Program Files\Chikka Messenger\Chikka v.4\ChikkaLauncher.exe
PRC - [2007/02/12 11:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/02/01 02:40:52 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\toshiba\Desktop\OTL.exe
MOD - [2009/04/11 09:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/20 12:20:36 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/12/15 20:18:36 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/11/16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/09/25 04:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/16 18:07:01 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca06271e01a3b8) Google Update Service (gupdate1ca06271e01a3b8)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/21 17:36:06 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2008/12/12 14:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/07 17:28:16 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 21:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/11 13:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/01/21 05:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/21 05:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/21 05:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008/01/17 19:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/17 02:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/03/12 03:35:02 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/02/12 11:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/11/08 16:35:38 | 000,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 000,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/11/02 15:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 16:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/01/08 08:13:12 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/01/05 07:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/18 15:02:26 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009/12/18 15:02:26 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009/11/16 09:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/11/16 08:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/07/02 04:30:08 | 000,168,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009/06/17 15:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/06/10 05:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/06/01 06:58:52 | 000,009,728 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/11 07:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/11/04 09:45:46 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2008/11/04 09:45:46 | 000,108,200 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2008/11/04 09:45:46 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2008/11/04 09:45:44 | 000,114,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2008/11/04 09:45:44 | 000,086,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2008/11/04 09:45:44 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2008/11/04 09:45:44 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/10/01 16:01:28 | 000,032,000 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/07/18 21:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/06/20 07:37:06 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/06/12 13:43:16 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/04/15 20:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/15 05:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/04/04 13:57:00 | 000,310,272 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/03/25 15:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008/03/25 10:41:30 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/03/25 10:39:20 | 000,207,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/03/25 10:38:32 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/03/19 13:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008/03/04 20:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/02/13 03:00:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/01/22 22:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008/01/21 05:24:49 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/01/21 05:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 05:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 05:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 05:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 05:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 05:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 05:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 05:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 05:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 05:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 05:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 05:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 05:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 05:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 05:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 05:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 05:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 05:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 05:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 05:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 05:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 05:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 05:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 05:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 05:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/17 14:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/29 19:58:56 | 000,196,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/29 11:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/18 16:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/10/17 02:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/02 13:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/04/23 13:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007/04/09 18:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2006/11/02 12:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 12:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 12:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 12:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 12:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 12:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 12:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 12:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 12:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 12:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 12:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 11:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 11:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 11:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 11:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 11:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 11:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 10:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 10:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006/11/02 09:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/18 13:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/06/18 01:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/04/13 04:04:39 | 000,049,664 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/04/13 04:04:39 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/04/13 04:04:39 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/01/07 07:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 C4 85 83 9C 9A CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.6.0.10
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.42
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/23 03:28:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/30 18:19:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/01/29 15:36:04 | 000,000,000 | ---D | M]

[2009/05/08 18:36:03 | 000,000,000 | ---D | M] -- C:\Users\toshiba\AppData\Roaming\Mozilla\Extensions
[2010/02/01 02:22:57 | 000,000,000 | ---D | M] -- C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\cl8e7ish.default\extensions
[2009/08/08 18:43:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\cl8e7ish.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/31 02:53:36 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\cl8e7ish.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/01/23 08:27:37 | 000,000,000 | ---D | M] (WOT) -- C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\cl8e7ish.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/08/21 11:04:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\cl8e7ish.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/01/23 03:29:00 | 000,000,000 | ---D | M] -- C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\cl8e7ish.default\extensions\autopager@mozilla.org
[2010/01/22 16:45:03 | 000,002,171 | ---- | M] () -- C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\cl8e7ish.default\searchplugins\bing.xml
[2009/08/21 11:04:26 | 000,005,407 | ---- | M] () -- C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\cl8e7ish.default\searchplugins\fast-browser-search.xml
[2010/01/31 14:17:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

Jourdana
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-30
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25243
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Jourdana on 1st February 2010, 12:25 am

O1 HOSTS File: ([2006/09/19 00:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] E:\Adobe9.3\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] E:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [ChikkaDefault] C:\Program Files\Chikka Messenger\Chikka v.4\ChikkaLauncher.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: E:\Pictures\IMG000044.jpg
O24 - Desktop BackupWallPaper: E:\Pictures\IMG000044.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 00:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/15 21:34:02 | 000,000,061 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{412a8faa-fd3c-11dd-8241-002163a2f07b}\Shell\AutoRun\command - "" = dhrhyje.bat
O33 - MountPoints2\{412a8faa-fd3c-11dd-8241-002163a2f07b}\Shell\open\Command - "" = dhrhyje.bat
O33 - MountPoints2\{466e6033-25aa-11de-babc-00238b39c186}\Shell\AutoRun\command - "" = k36fevhw.cmd
O33 - MountPoints2\{466e6033-25aa-11de-babc-00238b39c186}\Shell\explore\Command - "" = k36fevhw.cmd
O33 - MountPoints2\{466e6033-25aa-11de-babc-00238b39c186}\Shell\open\Command - "" = k36fevhw.cmd
O33 - MountPoints2\{466e603b-25aa-11de-babc-00238b39c186}\Shell\AutoRun\command - "" = nq0cq.cmd
O33 - MountPoints2\{466e603b-25aa-11de-babc-00238b39c186}\Shell\explore\Command - "" = nq0cq.cmd
O33 - MountPoints2\{466e603b-25aa-11de-babc-00238b39c186}\Shell\open\Command - "" = nq0cq.cmd
O33 - MountPoints2\{4761a931-50d5-11de-8476-00037a9b165b}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{4df742b4-f613-11dd-935a-00238b39c186}\Shell - "" = AutoRun
O33 - MountPoints2\{4df742b4-f613-11dd-935a-00238b39c186}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{77a99170-e322-11de-a907-00037a9b165b}\Shell\AutoRun\command - "" = D:\dhrhyje.bat -- File not found
O33 - MountPoints2\{77a99170-e322-11de-a907-00037a9b165b}\Shell\open\Command - "" = D:\dhrhyje.bat -- File not found
O33 - MountPoints2\{80d645d6-4417-11de-820c-00238b39c186}\Shell\AutoRun\command - "" = D:\uhoxajc.cmd -- File not found
O33 - MountPoints2\{80d645d6-4417-11de-820c-00238b39c186}\Shell\open\Command - "" = D:\uhoxajc.cmd -- File not found
O33 - MountPoints2\{d7c707e0-3520-11de-825a-00238b39c186}\Shell\AutoRun\command - "" = i.cmd
O33 - MountPoints2\{d7c707e0-3520-11de-825a-00238b39c186}\Shell\open\Command - "" = i.cmd
O33 - MountPoints2\G\Shell\AutoRun\command - "" = dhrhyje.bat
O33 - MountPoints2\G\Shell\open\Command - "" = dhrhyje.bat
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/01 02:40:32 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\toshiba\Desktop\OTL.exe
[2010/01/31 14:17:14 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/01/31 14:17:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/01/31 14:17:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/01/31 03:10:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/31 03:10:09 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/30 20:14:18 | 000,000,000 | ---D | C] -- C:\Users\toshiba\AppData\Local\Seven Zip
[2010/01/30 18:28:00 | 000,396,288 | ---- | C] (Trend Micro Inc.) -- C:\HijackThis.exe
[2010/01/30 08:26:25 | 000,000,000 | ---D | C] -- C:\Users\toshiba\AppData\Local\VS Revo Group
[2010/01/30 08:26:17 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2010/01/29 19:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/01/29 19:30:15 | 000,000,000 | ---D | C] -- C:\Users\toshiba\AppData\Roaming\SUPERAntiSpyware.com
[2010/01/29 19:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/29 15:37:30 | 000,000,000 | ---D | C] -- C:\Users\toshiba\AppData\Roaming\ESET
[2010/01/29 15:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010/01/29 09:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/01/29 09:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/01/29 09:36:16 | 003,012,768 | ---- | C] (Javacool Software LLC ) -- C:\Users\toshiba\Desktop\spywareblastersetup42.exe
[2010/01/29 06:49:26 | 027,386,256 | ---- | C] ( ) -- C:\Users\toshiba\Desktop\AdbeRdr930_en_US.exe
[2010/01/28 18:48:41 | 000,000,000 | ---D | C] -- C:\Users\toshiba\AppData\Local\MigWiz
[2010/01/28 17:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010/01/28 08:28:01 | 000,000,000 | ---D | C] -- C:\Users\toshiba\AppData\Roaming\WinPatrol
[2010/01/28 08:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/01/28 08:26:29 | 000,999,160 | ---- | C] (BillP Studios) -- C:\Users\toshiba\Desktop\winpatrolsetup.exe
[2010/01/28 06:38:14 | 000,000,000 | ---D | C] -- C:\Users\toshiba\Desktop\PROGRAMS
[2010/01/28 06:32:31 | 000,000,000 | ---D | C] -- C:\Users\toshiba\Desktop\CJ
[2010/01/28 06:31:13 | 000,000,000 | ---D | C] -- C:\Users\toshiba\Desktop\SCANRESULTS
[2010/01/27 15:06:13 | 000,000,000 | ---D | C] -- C:\Users\toshiba\Desktop\Azel
[2010/01/27 15:05:19 | 000,000,000 | ---D | C] -- C:\Users\toshiba\Desktop\DDS
[2010/01/27 03:34:37 | 000,000,000 | ---D | C] -- C:\Users\toshiba\AppData\Roaming\BitDefender
[2010/01/27 03:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2010/01/27 03:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2010/01/26 12:44:47 | 013,944,160 | ---- | C] (Microsoft Corporation) -- C:\Users\toshiba\Desktop\IE8-WindowsVista-x86-ENU.exe
[2010/01/25 21:10:43 | 000,000,000 | ---D | C] -- C:\Users\toshiba\AppData\Roaming\Uniblue
[2010/01/25 20:06:20 | 000,670,072 | ---- | C] (Sysinternals - [You must be registered and logged in to see this link.] -- C:\Users\toshiba\Desktop\autoruns.exe
[2010/01/24 11:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/24 08:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/01/23 20:46:19 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/01/23 18:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2010/01/23 17:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/01/22 22:32:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/01/22 21:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/01/22 21:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/01/22 19:18:45 | 000,000,000 | ---D | C] -- C:\Users\toshiba\AppData\Roaming\Malwarebytes
[2010/01/22 19:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/22 04:54:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/22 04:54:31 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/22 04:54:31 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/22 04:54:31 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/22 04:54:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/22 04:54:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/22 04:54:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/22 04:54:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/22 04:54:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/22 04:54:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/22 04:54:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/22 04:54:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/22 04:54:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/22 04:54:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/16 17:01:06 | 000,000,000 | R-SD | C] -- C:\Users\toshiba\Documents\My Stationery
[2010/01/14 03:26:04 | 000,000,000 | ---D | C] -- C:\Users\toshiba\Tracing
[2010/01/14 03:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/01/14 03:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/01/14 03:21:54 | 000,054,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2010/01/14 03:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/01/14 03:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/01/14 03:17:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/01/14 03:17:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/01/14 03:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/01/14 03:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/01/13 18:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/01/13 18:35:44 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/01/13 14:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/01/13 14:13:18 | 000,000,000 | -HSD | C] -- C:\Users\toshiba\Documents\%APPDATA%
[2010/01/13 14:13:18 | 000,000,000 | ---D | C] -- C:\Users\toshiba\Documents\_hiddenPbk
[2010/01/13 14:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\ghostscript
[2010/01/13 06:22:31 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/13 06:22:31 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/08 08:13:12 | 000,033,096 | ---- | C] (ESET) -- C:\Windows\System32\drivers\epfwndis.sys
[2010/01/07 19:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2010/01/07 16:48:51 | 000,000,000 | ---D | C] -- C:\Users\toshiba\Documents\Adobe
[2010/01/05 08:39:30 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/01/05 08:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/02 07:30:03 | 000,000,000 | ---D | C] -- C:\Users\toshiba\AppData\Local\PSPatchator
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/01 03:05:25 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D0256E33-364E-483C-9A4B-D004275A6365}.job
[2010/02/01 03:02:53 | 005,505,024 | -HS- | M] () -- C:\Users\toshiba\ntuser.dat
[2010/02/01 03:00:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1767612472-3748800986-3064159603-1000UA.job
[2010/02/01 02:40:52 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\toshiba\Desktop\OTL.exe
[2010/02/01 02:31:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/01 01:54:20 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/01 01:54:09 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/01 01:54:08 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/01 01:53:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/01 01:53:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/01 01:53:50 | 3079,524,352 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/31 18:08:07 | 000,065,536 | -HS- | M] () -- C:\Users\toshiba\ntuser.dat{26d5c84c-3979-11de-ad3c-00238b39c186}.TM.blf
[2010/01/31 18:08:06 | 000,524,288 | -HS- | M] () -- C:\Users\toshiba\ntuser.dat{26d5c84c-3979-11de-ad3c-00238b39c186}.TMContainer00000000000000000001.regtrans-ms
[2010/01/31 18:08:02 | 002,880,416 | -H-- | M] () -- C:\Users\toshiba\AppData\Local\IconCache.db
[2010/01/31 18:00:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1767612472-3748800986-3064159603-1000Core.job
[2010/01/31 14:06:38 | 000,000,685 | ---- | M] () -- C:\Users\toshiba\Desktop\jre6 - Shortcut.lnk
[2010/01/31 03:10:19 | 000,000,514 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/30 18:28:03 | 000,000,309 | ---- | M] () -- C:\Users\toshiba\Desktop\HijackThis.lnk
[2010/01/30 18:28:00 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
[2010/01/30 18:19:11 | 000,001,495 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/30 17:10:15 | 000,000,726 | ---- | M] () -- C:\Users\toshiba\Desktop\jre1.6.0_02 - Shortcut.lnk
[2010/01/30 17:10:07 | 000,000,726 | ---- | M] () -- C:\Users\toshiba\Desktop\jre1.6.0_06 - Shortcut.lnk
[2010/01/30 08:26:18 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2010/01/29 19:30:20 | 000,000,907 | ---- | M] () -- C:\Users\toshiba\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/29 19:27:11 | 007,520,288 | ---- | M] () -- C:\Users\toshiba\Desktop\SUPERAntiSpyware.exe
[2010/01/29 15:14:39 | 000,081,984 | ---- | M] () -- C:\Windows\System32\bdod.bin
[2010/01/29 14:52:16 | 000,013,838 | ---- | M] () -- C:\Users\toshiba\Desktop\LISTOFVIRUSES.docx
[2010/01/29 14:15:40 | 038,881,280 | ---- | M] () -- C:\Users\toshiba\Desktop\ess_nt32_enuESET.msi
[2010/01/29 11:49:59 | 000,010,272 | ---- | M] () -- C:\Users\toshiba\Desktop\processlistwithdlljan29
[2010/01/29 11:48:40 | 000,003,190 | ---- | M] () -- C:\Users\toshiba\Desktop\hijackthisprocesslistjan29
[2010/01/29 09:37:25 | 000,000,817 | ---- | M] () -- C:\Users\toshiba\Desktop\SpywareBlaster.lnk
[2010/01/29 09:36:43 | 003,012,768 | ---- | M] (Javacool Software LLC ) -- C:\Users\toshiba\Desktop\spywareblastersetup42.exe
[2010/01/29 09:35:49 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/01/29 09:19:19 | 000,048,031 | ---- | M] () -- C:\Users\toshiba\Documents\geekstogoguide.docx
[2010/01/29 06:53:56 | 027,386,256 | ---- | M] ( ) -- C:\Users\toshiba\Desktop\AdbeRdr930_en_US.exe
[2010/01/29 05:00:30 | 000,051,344 | ---- | M] () -- C:\Users\toshiba\Desktop\mouse.jpg
[2010/01/28 08:27:07 | 000,999,160 | ---- | M] (BillP Studios) -- C:\Users\toshiba\Desktop\winpatrolsetup.exe
[2010/01/28 07:06:20 | 000,001,729 | ---- | M] () -- C:\Users\toshiba\Desktop\Mozilla Firefox.lnk
[2010/01/28 07:06:20 | 000,001,723 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/01/28 03:57:47 | 000,006,648 | ---- | M] () -- C:\Users\toshiba\AppData\Local\d3d9caps.dat
[2010/01/27 11:49:13 | 000,028,932 | ---- | M] () -- C:\Users\toshiba\Documents\cc_20100127_114652registrybackup.reg
[2010/01/26 14:03:32 | 000,000,000 | ---- | M] () -- C:\Users\toshiba\Desktop\settings.dat
[2010/01/26 12:47:15 | 013,944,160 | ---- | M] (Microsoft Corporation) -- C:\Users\toshiba\Desktop\IE8-WindowsVista-x86-ENU.exe
[2010/01/26 03:46:47 | 000,049,496 | ---- | M] () -- C:\Users\toshiba\Documents\rina.jpg
[2010/01/25 21:10:42 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/01/25 21:05:07 | 007,168,961 | ---- | M] () -- C:\Users\toshiba\Desktop\AutoRuns01262010.arn
[2010/01/25 20:06:21 | 000,670,072 | ---- | M] (Sysinternals - [You must be registered and logged in to see this link.] -- C:\Users\toshiba\Desktop\autoruns.exe
[2010/01/22 21:18:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/01/20 13:42:49 | 000,634,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/20 13:42:48 | 000,747,142 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/20 13:42:48 | 000,117,244 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/14 11:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/14 03:18:36 | 000,000,766 | ---- | M] () -- C:\Users\toshiba\Documents\My Sharing Folders.lnk
[2010/01/10 16:46:19 | 000,000,030 | ---- | M] () -- C:\Users\toshiba\Documents\MSO2057.acl
[2010/01/10 16:26:24 | 000,000,162 | -H-- | M] () -- C:\Users\toshiba\Desktop\~$e Four Management Functionsfcd.docx
[2010/01/10 15:39:57 | 000,102,912 | ---- | M] () -- C:\Users\toshiba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/08 08:13:12 | 000,033,096 | ---- | M] (ESET) -- C:\Windows\System32\drivers\epfwndis.sys
[2010/01/07 19:44:57 | 000,001,648 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/02 09:33:32 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/02 09:33:32 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/02 09:32:51 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/02 09:32:46 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/02 09:32:33 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/02 09:32:33 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/02 09:32:33 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/02 09:32:32 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/02 09:32:32 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/02 09:32:26 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/02 07:57:00 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/02 07:56:50 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/02 07:56:14 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/02 07:55:54 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/31 14:06:38 | 000,000,685 | ---- | C] () -- C:\Users\toshiba\Desktop\jre6 - Shortcut.lnk
[2010/01/31 03:10:19 | 000,000,514 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/30 18:27:15 | 000,000,309 | ---- | C] () -- C:\Users\toshiba\Desktop\HijackThis.lnk
[2010/01/30 18:19:11 | 000,001,495 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/30 17:10:15 | 000,000,726 | ---- | C] () -- C:\Users\toshiba\Desktop\jre1.6.0_02 - Shortcut.lnk
[2010/01/30 17:10:07 | 000,000,726 | ---- | C] () -- C:\Users\toshiba\Desktop\jre1.6.0_06 - Shortcut.lnk
[2010/01/30 08:26:18 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2010/01/29 19:30:20 | 000,000,907 | ---- | C] () -- C:\Users\toshiba\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/29 19:26:05 | 007,520,288 | ---- | C] () -- C:\Users\toshiba\Desktop\SUPERAntiSpyware.exe
[2010/01/29 14:52:13 | 000,013,838 | ---- | C] () -- C:\Users\toshiba\Desktop\LISTOFVIRUSES.docx
[2010/01/29 14:08:40 | 038,881,280 | ---- | C] () -- C:\Users\toshiba\Desktop\ess_nt32_enuESET.msi
[2010/01/29 11:49:52 | 000,010,272 | ---- | C] () -- C:\Users\toshiba\Desktop\processlistwithdlljan29
[2010/01/29 11:48:39 | 000,003,190 | ---- | C] () -- C:\Users\toshiba\Desktop\hijackthisprocesslistjan29
[2010/01/29 09:37:25 | 000,000,817 | ---- | C] () -- C:\Users\toshiba\Desktop\SpywareBlaster.lnk
[2010/01/29 09:19:17 | 000,048,031 | ---- | C] () -- C:\Users\toshiba\Documents\geekstogoguide.docx
[2010/01/29 05:00:20 | 000,051,344 | ---- | C] () -- C:\Users\toshiba\Desktop\mouse.jpg
[2010/01/28 07:06:20 | 000,001,729 | ---- | C] () -- C:\Users\toshiba\Desktop\Mozilla Firefox.lnk
[2010/01/27 11:47:04 | 000,028,932 | ---- | C] () -- C:\Users\toshiba\Documents\cc_20100127_114652registrybackup.reg
[2010/01/27 08:44:10 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2010/01/27 03:45:46 | 000,049,496 | ---- | C] () -- C:\Users\toshiba\Documents\rina.jpg
[2010/01/27 02:13:20 | 3079,524,352 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/26 14:03:32 | 000,000,000 | ---- | C] () -- C:\Users\toshiba\Desktop\settings.dat
[2010/01/25 21:10:42 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/01/25 21:05:05 | 007,168,961 | ---- | C] () -- C:\Users\toshiba\Desktop\AutoRuns01262010.arn
[2010/01/10 16:46:19 | 000,000,030 | ---- | C] () -- C:\Users\toshiba\Documents\MSO2057.acl
[2010/01/10 16:26:24 | 000,000,162 | -H-- | C] () -- C:\Users\toshiba\Desktop\~$e Four Management Functionsfcd.docx
[2010/01/07 19:44:57 | 000,001,648 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
[2009/09/24 12:33:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/14 10:33:40 | 000,006,648 | ---- | C] () -- C:\Users\toshiba\AppData\Local\d3d9caps.dat
[2009/06/04 11:55:35 | 000,000,753 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/05/19 17:14:07 | 000,077,824 | ---- | C] () -- C:\Windows\System32\HPZIDS01.dll
[2009/03/21 19:16:00 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/02/09 22:56:32 | 000,102,912 | ---- | C] () -- C:\Users\toshiba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/08 22:09:44 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/08/05 13:44:14 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/05 13:15:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/05 13:15:08 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/05 13:15:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/05 13:15:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/05 13:15:08 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/05 13:15:08 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/05 12:57:46 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/08/05 12:57:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/08/05 12:57:46 | 000,009,484 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/08/05 12:57:46 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/08/05 12:55:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/08/05 12:52:46 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/08/05 12:52:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/04/24 21:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 21:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 21:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 21:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 21:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 21:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/21 18:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 15:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 23:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >

Jourdana
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-30
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25243
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Jourdana on 1st February 2010, 12:26 am

OTL Extras logfile created on: 2/1/2010 3:03:05 AM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\toshiba\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.96 Gb Total Space | 22.02 Gb Free Space | 29.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 72.62 Gb Total Space | 37.71 Gb Free Space | 51.93% Space Free | Partition Type: NTFS
Drive F: | 2.16 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 232.83 Gb Total Space | 167.79 Gb Free Space | 72.07% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-PC
Current User Name: toshiba
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1767612472-3748800986-3064159603-1000]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{255E25CF-E14A-48DC-A423-516FF7115047}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=c:\windows\system32\svchost.exe |
"{366CA0D4-F917-4C0A-A865-E21589B42AD9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{36B373F3-B89C-427F-8B4B-8CB16AC02835}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36E1299A-57CA-413A-AA82-A666375FE915}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{479A3F5E-D97E-4A9E-BBE2-BCFC2F0078AB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{53F06A3A-7CC8-44E1-9FAF-D23A1C4F0FA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{70CA46D9-ABE5-4663-807C-2D66455008B1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7EBF4BE4-1530-46C1-A6E2-C5146317E596}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B7092564-7EC1-408A-B2A8-0678CBDB9ED5}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BF344A93-1545-4A25-B678-9737DAABFD0B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=c:\windows\system32\svchost.exe |
"{BFED92DD-66F5-4891-951E-C85146B56135}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D9B80F1C-DD65-4322-85F0-972AC061ABE9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EC548638-C8EF-4E2C-AF8E-36EF9DD53BD6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EE764FE2-F5B1-42E9-A4C4-973680ECC81F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FA21BF56-AAA9-45A5-AA3D-7B7AE321D09B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1373725E-C73D-4371-9E3A-55944098872B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{264F8DA0-6944-45BA-8D1C-42FE6396AE6D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A2AC575-C82A-41B2-9F76-26F041EBCC1E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{342CFB1A-C142-4664-A69D-80555A47E169}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4D54F192-1624-458C-9217-C1097D25CCBD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4EECDF48-002C-4C6F-AAFA-ADB75D1A5D8B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{506B4177-8D03-4870-B091-D8DDA80987F1}" = protocol=17 | dir=in | app=e:\sony media manager\mediamanager.exe |
"{54D23EF1-B218-4F45-B722-2EAEA1BDAD23}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C5499AB-6D9F-4FA7-A15C-528A8F9F892A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{69D786BD-9D72-46B5-B015-BF37AF84C990}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DA7089A-9036-4C32-81E7-37CBE6C8C8C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8080F77E-E631-4E9C-AB54-A6F74231EDDD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8091323B-E2E0-4B05-BFBF-F758F41DA7B2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{812EC0BD-C0F5-4D6F-BB01-C0449707D4A0}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8C62068B-4C7C-4687-A086-8E53E99FFD66}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DB724EF-E598-4B25-BED9-AA6B83EC40D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DD894D7-E064-4622-9E69-6BB85A6019E9}" = protocol=6 | dir=in | app=e:\sony media manager\mediamanager.exe |
"{8F1134C6-7448-4FA1-9EC4-16DA3D9E4FC2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{902F8007-3C32-41B3-B2CC-32C9F6AB4661}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B24C4C84-6CAD-4DB2-9C7D-85ACBF8FDEE0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B38ED1F7-EF15-44CF-8D73-F5F672A1EE4A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA3F1DE4-7163-48B9-ADBA-99BDAEB72B12}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D23A8F2D-08C1-49DD-A082-9E83F859F6E7}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{D7764A0E-B45B-4463-BD8B-1CBC6FF9995A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC22FA8E-135A-48F4-8A03-DD8E7EBE5341}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DFEAB613-0597-4621-BFB2-2BEF1BDEA2F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB5FC3BD-2D74-49A7-8652-F17C8D5D576D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EB6C3E91-B5FC-4D38-A477-CA147BD1182A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EBE65768-6C16-4727-9503-23DD43451450}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F1856F22-A65F-43AF-8777-6C940FA31B4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{FE747792-3702-4339-ACF8-CB552DE8D37D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{BC7DC7D0-10A5-4204-8BE0-DBE6705DA765}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{156E98D0-1AEC-4013-A41A-94A1A01BFD68}" = O2Micro Flash Memory Card Reader Driver (x86)
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 18
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.0.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C30283C-8DC7-4FBB-805E-52BEA5F580E8}" = Toshiba TEMPRO
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}" = HP Photosmart All-In-One Software 9.0
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}" = WhiteSmoke
"{9EB1504E-FD95-4BCD-8E93-B4039F59C469}" = Sony Ericsson Media Manager 1.2
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE09FBC2-74BF-42A5-8FFF-12E784BAA42C}" = ESET Smart Security
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}" = TOSHIBA Manuals
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"Chikka Messenger V4" = Chikka Messenger V4
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"mpegable Player" = mpegable Player
"myphotobook" = myphotobook 3.5
"Picasa2" = Picasa 2
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.85
"Secunia PSI" = Secunia PSI
"Software Informer_is1" = Software Informer 1.0 BETA
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol 2009
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2010 12:26:12 AM | Computer Name = toshiba-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/28/2010 5:14:01 AM | Computer Name = toshiba-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/28/2010 5:37:37 AM | Computer Name = toshiba-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module GoogleDesktopCommon.dll, version 5.9.911.3589, time
stamp 0x4af0fa68, exception code 0xc0000005, fault offset 0x00001a87, process id
0x4c0, application start time 0x01ca9ffd860be867.

Error - 1/28/2010 5:38:41 AM | Computer Name = toshiba-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18882 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 15b4 Start Time: 01ca9ffd91439ca7 Termination Time: 12

Error - 1/28/2010 6:03:06 AM | Computer Name = toshiba-PC | Source = Application Error | ID = 1000
Description = Faulting application WinPatrolEx.exe, version 17.0.2010.0, time stamp
0x4acf6d3a, faulting module WinPatrolEx.exe, version 17.0.2010.0, time stamp 0x4acf6d3a,
exception code 0xc0000409, fault offset 0x0000ecee, process id 0x118c, application
start time 0x01caa000050f3fc7.

Error - 1/28/2010 10:15:56 AM | Computer Name = toshiba-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/28/2010 12:56:57 PM | Computer Name = toshiba-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18882 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 101c Start Time: 01caa03ad5535cde Termination Time: 18

Error - 1/28/2010 8:51:49 PM | Computer Name = toshiba-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/28/2010 11:55:15 PM | Computer Name = toshiba-PC | Source = iNOSSO(R) | ID = 0
Description =

Error - 1/28/2010 11:56:05 PM | Computer Name = toshiba-PC | Source = MsiInstaller | ID = 11316
Description =

[ Media Center Events ]
Error - 3/12/2009 4:06:17 AM | Computer Name = toshiba-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/15/2009 3:30:29 PM | Computer Name = toshiba-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/8/2009 10:42:10 AM | Computer Name = toshiba-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/8/2009 10:42:15 AM | Computer Name = toshiba-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/27/2009 3:24:31 PM | Computer Name = toshiba-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 6/4/2009 8:44:35 AM | Computer Name = toshiba-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10880
seconds with 180 seconds of active time. This session ended with a crash.

Error - 8/10/2009 1:52:51 PM | Computer Name = toshiba-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5052
seconds with 720 seconds of active time. This session ended with a crash.

Error - 10/29/2009 8:11:59 PM | Computer Name = toshiba-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 732 seconds with 480 seconds of active time. This session ended with a crash.

Error - 1/10/2010 8:43:49 AM | Computer Name = toshiba-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 58
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/23/2010 9:04:25 AM | Computer Name = toshiba-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3099
seconds with 1440 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/31/2010 5:51:36 AM | Computer Name = toshiba-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did
not allow the name to be claimed by this computer.

Error - 1/31/2010 5:56:46 AM | Computer Name = toshiba-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did
not allow the name to be claimed by this computer.

Error - 1/31/2010 6:01:56 AM | Computer Name = toshiba-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did
not allow the name to be claimed by this computer.

Error - 1/31/2010 6:07:06 AM | Computer Name = toshiba-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did
not allow the name to be claimed by this computer.

Error - 1/31/2010 6:12:16 AM | Computer Name = toshiba-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did
not allow the name to be claimed by this computer.

Error - 1/31/2010 6:17:26 AM | Computer Name = toshiba-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did
not allow the name to be claimed by this computer.

Error - 1/31/2010 6:22:36 AM | Computer Name = toshiba-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did
not allow the name to be claimed by this computer.

Error - 1/31/2010 6:27:46 AM | Computer Name = toshiba-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did
not allow the name to be claimed by this computer.

Error - 1/31/2010 6:53:59 PM | Computer Name = toshiba-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 002163A2F07B has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/31/2010 7:11:08 PM | Computer Name = toshiba-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 002163A2F07B has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

Jourdana
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-30
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25243
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Belahzur on 1st February 2010, 1:02 am

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O32 - AutoRun File - [2010/01/15 21:34:02 | 000,000,061 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ]
    O33 - MountPoints2\{412a8faa-fd3c-11dd-8241-002163a2f07b}\Shell\AutoRun\command - "" = dhrhyje.bat
    O33 - MountPoints2\{412a8faa-fd3c-11dd-8241-002163a2f07b}\Shell\open\Command - "" = dhrhyje.bat
    O33 - MountPoints2\{466e6033-25aa-11de-babc-00238b39c186}\Shell\AutoRun\command - "" = k36fevhw.cmd
    O33 - MountPoints2\{466e6033-25aa-11de-babc-00238b39c186}\Shell\explore\Command - "" = k36fevhw.cmd
    O33 - MountPoints2\{466e6033-25aa-11de-babc-00238b39c186}\Shell\open\Command - "" = k36fevhw.cmd
    O33 - MountPoints2\{466e603b-25aa-11de-babc-00238b39c186}\Shell\AutoRun\command - "" = nq0cq.cmd
    O33 - MountPoints2\{466e603b-25aa-11de-babc-00238b39c186}\Shell\explore\Command - "" = nq0cq.cmd
    O33 - MountPoints2\{466e603b-25aa-11de-babc-00238b39c186}\Shell\open\Command - "" = nq0cq.cmd
    O33 - MountPoints2\{4761a931-50d5-11de-8476-00037a9b165b}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
    O33 - MountPoints2\{4df742b4-f613-11dd-935a-00238b39c186}\Shell - "" = AutoRun
    O33 - MountPoints2\{4df742b4-f613-11dd-935a-00238b39c186}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{77a99170-e322-11de-a907-00037a9b165b}\Shell\AutoRun\command - "" = D:\dhrhyje.bat -- File not found
    O33 - MountPoints2\{77a99170-e322-11de-a907-00037a9b165b}\Shell\open\Command - "" = D:\dhrhyje.bat -- File not found
    O33 - MountPoints2\{80d645d6-4417-11de-820c-00238b39c186}\Shell\AutoRun\command - "" = D:\uhoxajc.cmd -- File not found
    O33 - MountPoints2\{80d645d6-4417-11de-820c-00238b39c186}\Shell\open\Command - "" = D:\uhoxajc.cmd -- File not found
    O33 - MountPoints2\{d7c707e0-3520-11de-825a-00238b39c186}\Shell\AutoRun\command - "" = i.cmd
    O33 - MountPoints2\{d7c707e0-3520-11de-825a-00238b39c186}\Shell\open\Command - "" = i.cmd
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = dhrhyje.bat
    O33 - MountPoints2\G\Shell\open\Command - "" = dhrhyje.bat



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Jourdana on 1st February 2010, 1:11 am

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
G:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{412a8faa-fd3c-11dd-8241-002163a2f07b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{412a8faa-fd3c-11dd-8241-002163a2f07b}\ not found.
File dhrhyje.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{412a8faa-fd3c-11dd-8241-002163a2f07b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{412a8faa-fd3c-11dd-8241-002163a2f07b}\ not found.
File dhrhyje.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466e6033-25aa-11de-babc-00238b39c186}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466e6033-25aa-11de-babc-00238b39c186}\ not found.
File k36fevhw.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466e6033-25aa-11de-babc-00238b39c186}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466e6033-25aa-11de-babc-00238b39c186}\ not found.
File k36fevhw.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466e6033-25aa-11de-babc-00238b39c186}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466e6033-25aa-11de-babc-00238b39c186}\ not found.
File k36fevhw.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466e603b-25aa-11de-babc-00238b39c186}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466e603b-25aa-11de-babc-00238b39c186}\ not found.
File nq0cq.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466e603b-25aa-11de-babc-00238b39c186}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466e603b-25aa-11de-babc-00238b39c186}\ not found.
File nq0cq.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466e603b-25aa-11de-babc-00238b39c186}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466e603b-25aa-11de-babc-00238b39c186}\ not found.
File nq0cq.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4761a931-50d5-11de-8476-00037a9b165b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4761a931-50d5-11de-8476-00037a9b165b}\ not found.
File D:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4df742b4-f613-11dd-935a-00238b39c186}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4df742b4-f613-11dd-935a-00238b39c186}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4df742b4-f613-11dd-935a-00238b39c186}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4df742b4-f613-11dd-935a-00238b39c186}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77a99170-e322-11de-a907-00037a9b165b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77a99170-e322-11de-a907-00037a9b165b}\ not found.
File D:\dhrhyje.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77a99170-e322-11de-a907-00037a9b165b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77a99170-e322-11de-a907-00037a9b165b}\ not found.
File D:\dhrhyje.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80d645d6-4417-11de-820c-00238b39c186}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80d645d6-4417-11de-820c-00238b39c186}\ not found.
File D:\uhoxajc.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80d645d6-4417-11de-820c-00238b39c186}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80d645d6-4417-11de-820c-00238b39c186}\ not found.
File D:\uhoxajc.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7c707e0-3520-11de-825a-00238b39c186}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7c707e0-3520-11de-825a-00238b39c186}\ not found.
File i.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7c707e0-3520-11de-825a-00238b39c186}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7c707e0-3520-11de-825a-00238b39c186}\ not found.
File i.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
File dhrhyje.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File dhrhyje.bat not found.

OTL by OldTimer - Version 3.1.27.1 log created on 02012010_040900

Jourdana
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-30
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25243
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Belahzur on 1st February 2010, 1:24 am

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Jourdana on 1st February 2010, 2:25 am

Hi again,

I am using my sister's pc now since I dont want to interrupt anything that is running on my laptop. I already followed your instructions re Combofix and ran it. I dont see any window. How do I know if it's still running? How long will it take? Thank you very much for your help and patience Smile

Jourdana
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-30
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25243
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Jourdana on 1st February 2010, 2:42 am

I realized that the combofix did not run. I just want inform you that when I first tried to install combofix, a popup said that it has some errors and need to download it again. When I downloaded it a message said that svchost already exists and asked me If i want to overwrite it, which I did. It was automatically named as scvhost(2). Then when I ran it for the second time, message said that I need to turn off my Chikka application so I quickly turned it off. I ran the combofix but didn't see any window. What should I do now? I am not familiar with these things Smile and not sure if I did it right. I will just wait for further instructions. Thanks again for your time.


Just an update:

I deleted the previous downloads of combofix and downloaded it again. I named it as "svchost" as per your instructions. I saw the icon on my desktop and it was named as "Combofix". Then all of a sudden it started running and I have not even double-clicked it yet. And worst, my antivirus was still on! I did not attempt to stop it because I don't want to mess it up further. I don't know what's happening to my laptop now. Please find below my combofix log. I'm pretty sure it's not really accurate since my AV was on during the scan Sad tearing

ComboFix 10-01-31.03 - toshiba 02/01/2010 6:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2936.1726 [GMT 3]
Running from: c:\users\toshiba\Desktop\ComboFix.exe
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2010-01-01 to 2010-02-01 )))))))))))))))))))))))))))))))
.

2010-02-01 03:34 . 2010-02-01 03:34 -------- d-----w- c:\users\toshiba\AppData\Local\temp
2010-02-01 03:34 . 2010-02-01 03:34 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-02-01 01:09 . 2010-02-01 01:09 -------- d-----w- C:\_OTL
2010-01-31 00:10 . 2010-01-07 13:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-31 00:10 . 2010-01-07 13:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-30 17:14 . 2010-01-30 17:14 -------- d-----w- c:\users\toshiba\AppData\Local\Seven Zip
2010-01-30 15:28 . 2010-01-30 15:28 396288 ----a-w- C:\HijackThis.exe
2010-01-30 10:10 . 2010-01-30 10:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ESET
2010-01-30 05:26 . 2010-01-30 05:26 -------- d-----w- c:\users\toshiba\AppData\Local\VS Revo Group
2010-01-30 05:26 . 2009-12-30 08:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-01-29 18:52 . 2010-01-29 18:52 52224 ----a-w- c:\users\acarla\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-29 18:52 . 2010-01-29 18:52 117760 ----a-w- c:\users\acarla\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-29 18:52 . 2010-01-29 18:52 -------- d-----w- c:\users\acarla\AppData\Roaming\SUPERAntiSpyware.com
2010-01-29 18:25 . 2010-01-29 18:25 -------- d-----w- c:\users\acarla\AppData\Roaming\VSRevoGroup
2010-01-29 17:30 . 2010-01-29 17:30 -------- d-----w- c:\users\acarla\AppData\Local\MigWiz
2010-01-29 17:12 . 2010-01-29 17:12 -------- d-----w- c:\users\acarla\AppData\Roaming\WinPatrol
2010-01-29 16:49 . 2010-01-29 16:49 -------- d-----w- c:\users\acarla\AppData\Roaming\Malwarebytes
2010-01-29 16:31 . 2010-01-29 16:31 52224 ----a-w- c:\users\toshiba\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-29 16:31 . 2010-01-30 16:40 117760 ----a-w- c:\users\toshiba\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-29 16:30 . 2010-01-29 16:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-29 16:30 . 2010-01-29 16:30 5120 ----a-r- c:\users\toshiba\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2010-01-29 16:30 . 2010-01-29 16:30 65024 ----a-r- c:\users\toshiba\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2010-01-29 16:30 . 2010-01-29 16:30 18944 ----a-r- c:\users\toshiba\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2010-01-29 16:30 . 2010-01-29 16:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-29 16:30 . 2010-01-29 16:30 -------- d-----w- c:\users\toshiba\AppData\Roaming\SUPERAntiSpyware.com
2010-01-29 06:37 . 2010-01-30 16:23 -------- d-----w- c:\program files\SpywareBlaster
2010-01-28 15:48 . 2010-01-28 15:49 -------- d-----w- c:\users\toshiba\AppData\Local\MigWiz
2010-01-28 05:28 . 2006-09-18 21:43 10 ----a-w- c:\users\toshiba\AppData\Roaming\WinPatrol\Config.sys
2010-01-28 05:28 . 2006-09-18 21:43 24 ----a-w- c:\users\toshiba\AppData\Roaming\WinPatrol\Autoexec.bat
2010-01-28 05:28 . 2010-01-28 05:28 -------- d-----w- c:\users\toshiba\AppData\Roaming\WinPatrol
2010-01-28 05:27 . 2010-01-28 05:27 -------- d-----w- c:\program files\BillP Studios
2010-01-27 05:44 . 2010-01-29 12:14 81984 ----a-w- c:\windows\system32\bdod.bin
2010-01-27 00:34 . 2010-01-27 00:34 -------- d-----w- c:\users\toshiba\AppData\Roaming\BitDefender
2010-01-27 00:34 . 2010-01-27 05:46 -------- d-----w- c:\programdata\BitDefender
2010-01-27 00:32 . 2010-01-29 12:15 -------- d-----w- c:\program files\Common Files\BitDefender
2010-01-25 18:10 . 2010-01-25 18:10 -------- d-----w- c:\users\toshiba\AppData\Roaming\Uniblue
2010-01-24 08:16 . 2010-01-24 08:16 -------- d-----w- c:\program files\Trend Micro
2010-01-24 05:44 . 2010-01-29 12:36 -------- d-----w- c:\program files\ESET
2010-01-23 17:46 . 2010-01-23 17:46 -------- d-----w- c:\windows\BDOSCAN8
2010-01-23 15:26 . 2010-01-23 15:26 -------- d-----w- c:\programdata\Comodo
2010-01-23 14:58 . 2010-01-29 18:09 -------- d-----w- c:\program files\Panda Security
2010-01-22 18:17 . 2010-01-29 17:07 -------- d-----w- c:\program files\Alwil Software
2010-01-22 18:17 . 2010-01-22 18:17 -------- d-----w- c:\programdata\Alwil Software
2010-01-22 16:18 . 2010-01-22 16:18 -------- d-----w- c:\users\toshiba\AppData\Roaming\Malwarebytes
2010-01-22 16:18 . 2010-01-22 16:18 -------- d-----w- c:\programdata\Malwarebytes
2010-01-14 02:50 . 2010-01-29 17:08 -------- d-----w- c:\users\acarla\Tracing
2010-01-14 00:26 . 2010-01-29 00:52 -------- d-----w- c:\users\toshiba\Tracing
2010-01-14 00:22 . 2010-01-22 01:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 00:22 . 2010-01-14 00:22 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-01-14 00:21 . 2009-08-05 19:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-01-14 00:21 . 2010-01-14 00:21 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-01-14 00:19 . 2010-01-14 00:19 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-14 00:17 . 2010-01-14 00:22 -------- d-----w- c:\program files\Microsoft
2010-01-14 00:17 . 2010-01-14 00:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-14 00:16 . 2010-01-14 00:21 -------- d-----w- c:\program files\Windows Live
2010-01-13 15:35 . 2010-01-13 15:35 -------- d-----w- c:\program files\Common Files\Skype
2010-01-13 15:35 . 2010-01-13 15:35 -------- d-----r- c:\program files\Skype
2010-01-13 11:29 . 2010-01-30 05:25 -------- d-----w- c:\program files\VS Revo Group
2010-01-13 11:04 . 2010-01-13 11:04 -------- d-----w- c:\program files\ghostscript
2010-01-13 03:22 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 03:22 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-08 05:13 . 2010-01-08 05:13 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-01-07 16:44 . 2010-01-23 02:12 -------- d-----w- c:\program files\IrfanView
2010-01-07 14:43 . 2007-01-08 08:34 6656 ----a-w- c:\users\acarla\AppData\Roaming\myphotobook\xtras\localXP.exe
2010-01-07 14:43 . 2006-12-21 11:16 21504 ----a-w- c:\users\acarla\AppData\Roaming\myphotobook\xtras\shellExecute.exe
2010-01-07 14:43 . 2006-12-21 11:16 151552 ----a-w- c:\users\acarla\AppData\Roaming\myphotobook\xtras\Proj.dll
2010-01-07 14:43 . 2006-12-21 11:16 9216 ----a-w- c:\users\acarla\AppData\Roaming\myphotobook\xtras\sleep.exe
2010-01-07 14:43 . 2006-12-21 11:16 343040 ----a-w- c:\users\acarla\AppData\Roaming\myphotobook\xtras\msvcrt.dll
2010-01-07 14:43 . 2007-01-01 16:01 9728 ----a-w- c:\users\acarla\AppData\Roaming\myphotobook\xtras\localVista.exe
2010-01-07 14:43 . 2006-12-21 11:16 614400 ----a-w- c:\users\acarla\AppData\Roaming\myphotobook\xtras\Iml32.dll
2010-01-07 14:43 . 2010-01-07 14:43 -------- d-----w- c:\users\acarla\AppData\Roaming\myphotobook
2010-01-07 14:43 . 2006-12-21 11:16 1499136 ----a-w- c:\users\acarla\AppData\Roaming\myphotobook\xtras\Dirapi.dll
2010-01-05 05:29 . 2010-01-05 05:32 -------- d-----w- c:\program files\CCleaner
2010-01-02 04:30 . 2010-01-02 04:30 -------- d-----w- c:\users\toshiba\AppData\Local\PSPatchator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 23:42 . 2009-02-12 14:49 -------- d-----w- c:\users\toshiba\AppData\Roaming\Skype
2010-01-31 11:17 . 2008-08-05 09:48 -------- d-----w- c:\program files\Java
2010-01-30 15:19 . 2008-08-05 10:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-29 18:17 . 2009-12-11 15:13 -------- d-----w- c:\program files\Norton Security Scan
2010-01-29 18:17 . 2009-08-19 13:42 -------- d-----w- c:\programdata\Norton
2010-01-29 18:17 . 2009-08-19 13:42 -------- d-----w- c:\programdata\Symantec
2010-01-29 16:28 . 2008-08-05 10:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-28 00:57 . 2009-08-14 07:33 6648 ----a-w- c:\users\toshiba\AppData\Local\d3d9caps.dat
2010-01-23 11:52 . 2009-08-23 15:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-23 00:20 . 2008-08-05 10:27 -------- d-----w- c:\programdata\McAfee
2010-01-22 19:32 . 2008-08-05 09:48 -------- d-----w- c:\program files\Common Files\Java
2010-01-22 06:21 . 2009-07-15 23:33 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-18 00:01 . 2008-08-05 10:24 -------- d-----w- c:\programdata\Microsoft Help
2010-01-17 13:01 . 2009-02-12 14:52 -------- d-----w- c:\users\toshiba\AppData\Roaming\skypePM
2010-01-14 08:12 . 2009-10-03 14:54 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 23:53 . 2009-02-09 20:28 -------- d-----w- c:\users\toshiba\AppData\Roaming\Yahoo!
2010-01-13 15:35 . 2009-02-12 14:49 -------- d-----w- c:\programdata\Skype
2010-01-13 09:45 . 2010-01-01 11:44 -------- d-----w- c:\program files\Free Download Manager
2010-01-13 07:15 . 2010-01-01 11:45 -------- d-----w- c:\users\acarla\AppData\Roaming\Free Download Manager
2010-01-13 06:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-11 01:04 . 2009-08-08 18:24 -------- d-----w- c:\users\toshiba\AppData\Roaming\Toshiba
2010-01-04 23:42 . 2009-08-27 23:04 -------- d-----w- c:\users\acarla\AppData\Roaming\WhiteSmoke
2010-01-02 06:38 . 2010-01-22 01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 01:54 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 01:54 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 01:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 11:01 . 2009-12-06 13:23 -------- d-----w- c:\users\toshiba\AppData\Roaming\DMCache
2009-12-31 18:15 . 2009-12-31 13:15 -------- d-----w- c:\users\acarla\AppData\Roaming\Skype
2009-12-31 13:22 . 2009-12-31 13:22 -------- d-----w- c:\users\acarla\AppData\Roaming\skypePM
2009-12-31 11:02 . 2009-12-31 11:02 -------- d-----w- c:\users\toshiba\AppData\Roaming\IDM
2009-12-26 02:13 . 2009-12-26 02:13 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-23 16:28 . 2009-05-10 13:10 -------- d-----w- c:\program files\Software Informer
2009-12-22 14:18 . 2009-02-09 20:21 -------- d-----w- c:\programdata\Yahoo! Companion
2009-12-22 11:41 . 2009-05-10 13:10 -------- d-----w- c:\users\toshiba\AppData\Roaming\Software Informer
2009-12-19 09:00 . 2009-12-19 09:00 -------- d-----w- c:\users\acarla\AppData\Roaming\Leadertech
2009-12-19 00:45 . 2009-12-19 00:45 -------- d-----w- c:\users\acarla\AppData\Roaming\Toshiba
2009-12-19 00:33 . 2009-12-19 00:33 -------- d-----w- c:\users\Guest\AppData\Roaming\DivX
2009-12-19 00:33 . 2009-12-19 00:33 -------- d-----w- c:\users\Guest\AppData\Roaming\yahoo!
2009-12-19 00:32 . 2009-12-19 00:32 -------- d-----w- c:\users\Guest\AppData\Roaming\WhiteSmoke
2009-12-19 00:32 . 2009-12-19 00:32 115480 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-19 00:24 . 2009-12-19 00:24 -------- d-----w- c:\users\acarla\AppData\Roaming\DivX
2009-12-19 00:23 . 2009-12-19 00:23 115480 ----a-w- c:\users\acarla\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-19 00:11 . 2009-07-13 19:46 -------- d-----w- c:\users\toshiba\AppData\Roaming\WhiteSmoke
2009-12-18 12:02 . 2009-12-18 12:02 38240 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2009-12-18 12:02 . 2009-12-18 12:02 135048 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-12-17 14:14 . 2009-04-17 18:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-11 15:13 . 2009-08-19 13:42 -------- d-----w- c:\programdata\NortonInstaller
2009-12-05 10:23 . 2009-02-08 19:36 -------- d-----w- c:\program files\Common Files\Real
2009-12-05 10:22 . 2009-12-05 10:22 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-04 07:03 . 2009-12-04 07:03 251376 ----a-w- c:\users\toshiba\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-12-03 23:54 . 2009-11-22 06:38 439816 ----a-w- c:\users\toshiba\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-12-02 03:07 . 2009-12-02 03:07 79368 ----a-w- c:\users\toshiba\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
2009-11-16 06:03 . 2009-11-16 06:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 05:56 . 2009-11-16 05:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-11-09 12:31 . 2009-12-10 00:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 00:07 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 00:07 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-15 17:18 . 2009-12-15 17:18 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ChikkaDefault"="c:\progra~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe" [2007-08-28 36864]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2009-11-10 5244216]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-12-21 1803064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-05 68856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-04-21 1045904]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"Adobe Reader Speed Launcher"="e:\adobe9.3\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Malwarebytes Anti-Malware (reboot)"="e:\malwarebytes' anti-malware\mbam.exe" [2010-01-07 1394000]

c:\users\acarla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 11:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launch WhiteSmoke.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Launch WhiteSmoke.lnk
backup=c:\windows\pss\Launch WhiteSmoke.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^toshiba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^toshiba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk]
path=c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
backup=c:\windows\pss\TRDCReminder.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-03-19 13:35 716800 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 20:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 22:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-11-07 14:16 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-15 17:18 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-21 11:08 133104 ----atw- c:\users\toshiba\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDMICtrlMan]
2008-04-26 15:57 716800 ----a-w- c:\program files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-06-25 07:05 170520 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-10-31 22:01 54608 ----a-w- c:\program files\Toshiba\TBS\HSON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2007-09-28 15:03 75136 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-06-25 07:06 145944 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2008-01-25 13:33 509816 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
2009-11-25 15:50 2011205 ----a-w- c:\program files\Software Informer\softinfo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2008-07-02 13:16 393216 ----a-w- e:\sony ericsson pc suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-11-29 16:58 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-05 10:22 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 08:24 581632 ----a-w- c:\program files\Toshiba\Toshiba Online Product Information\TOPI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2008-01-11 02:07 574864 ----a-w- c:\program files\Toshiba\Registration\ToshibaRegistration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-01-17 16:27 431456 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2008-01-21 02:23 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
2006-11-02 12:35 176128 ----a-w- c:\windows\System32\wpcumi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-11-10 12:39 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ae,8e,73,ed,13,41,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1767612472-3748800986-3064159603-1000]
"EnableNotificationsRef"=dword:00000002

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [11/16/2009 9:03 AM 108792]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [2/8/2009 10:09 PM 25896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [4/17/2008 2:19 AM 40960]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11/16/2009 9:04 AM 735960]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [12/18/2009 3:02 PM 38240]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [4/21/2009 5:36 PM 116104]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [12/3/2007 8:03 PM 126976]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [8/5/2008 12:52 PM 112128]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [4/15/2008 5:13 AM 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [4/9/2007 6:13 PM 8192]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [6/10/2009 5:52 AM 347648]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [4/24/2008 9:35 PM 73728]
S2 gupdate1ca06271e01a3b8;Google Update Service (gupdate1ca06271e01a3b8);c:\program files\Google\Update\GoogleUpdate.exe [7/16/2009 6:07 PM 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/21/2008 5:23 AM 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [1/14/2010 3:21 AM 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/5/2008 1:30 PM 30192]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 1:25 PM 2589184]
S3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [6/17/2009 3:20 PM 12648]
S3 Revoflt;Revoflt;c:\windows\System32\drivers\revoflt.sys [1/30/2010 8:26 AM 27192]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\System32\drivers\s1018bus.sys [8/28/2009 3:29 PM 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\System32\drivers\s1018mdfl.sys [8/28/2009 3:29 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\System32\drivers\s1018mdm.sys [8/28/2009 3:29 PM 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s1018mgmt.sys [8/28/2009 3:29 PM 108200]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\System32\drivers\s1018nd5.sys [8/28/2009 3:29 PM 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\System32\drivers\s1018obex.sys [8/28/2009 3:29 PM 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\System32\drivers\s1018unic.sys [8/28/2009 3:29 PM 109736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 15:07]

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 15:07]

2010-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1767612472-3748800986-3064159603-1000Core.job
- c:\users\toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-21 11:08]

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1767612472-3748800986-3064159603-1000UA.job
- c:\users\toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-21 11:08]

2010-02-01 c:\windows\Tasks\User_Feed_Synchronization-{D0256E33-364E-483C-9A4B-D004275A6365}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uLocal Page = [You must be registered and logged in to see this link.]
uStart Page = yahoo.com
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uCustomizeSearch = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\cl8e7ish.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\toshiba\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\toshiba\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: e:\adobe9.3\Reader\browser\nppdf32.dll
FF - plugin: e:\divx\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: e:\divx\DivX Web Player\npdivx32.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-cfFncEnabler - cfFncEnabler.exe
MSConfigStartUp-Free Download Manager - c:\program files\Free Download Manager\fdm.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-Shockwave Updater - c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-01 06:34
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-02-01 06:38:50
ComboFix-quarantined-files.txt 2010-02-01 03:38

Pre-Run: 23,492,468,736 bytes free
Post-Run: 23,323,402,240 bytes free

- - End Of File - - 0BE9DCE6341D2E90E4664C58ADE74151

Jourdana
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-30
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25243
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Belahzur on 1st February 2010, 8:11 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Jourdana on 1st February 2010, 10:53 pm

Hi,

Combofix uninstalled as per your instructions. There's this strange sound I hear coming from my laptop specially late at night ( something like a beep?) while I'm surfing. It happened again last night. Is that normal? Thanks again Smile

Jourdana
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-30
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25243
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Belahzur on 2nd February 2010, 8:29 pm

A single bleep? can you give anymore info? a single beep could be anything really.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Jourdana on 2nd February 2010, 10:47 pm

It's ok. I didn't hear any strange sounds last night until now. What will I do next? Thanks a lot for your patience Smile

Jourdana
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-30
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25243
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Belahzur on 3rd February 2010, 12:49 am

This should be fine now.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Jourdana on 4th February 2010, 11:58 am

Hi again,

I scanned my pc again using Superantispyware and found a browser hijacker and removed it. I scanned it again using
spybot search and destroy and it found something too. Something like coolwebsearch? Unfortunately, I can't find the log anymore Sad tearing. I also tried updating my Adobe Reader as per recommendation of Update Checker but it was so slow and seemed not downloading at all so I cancelled it. I dont know if my pc is still infected. Please find below the superantispyware log. Thank you very much for your time.


SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 02/03/2010 at 08:54 AM

Application Version : 4.33.1000

Core Rules Database Version : 4549
Trace Rules Database Version: 2361

Scan type : Custom Scan
Total Scan Time : 02:01:49

Memory items scanned : 767
Memory threats detected : 0
Registry items scanned : 7541
Registry threats detected : 5
File items scanned : 92024
File threats detected : 0

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Jourdana
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-30
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25243
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Belahzur on 4th February 2010, 10:53 pm

Just a leftover registry keys. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Jourdana on 5th February 2010, 2:55 am

Great! so I guess I'm all clean now? I really appreciate your patience in dealing with all of us here. Kudos to you and the rest of the GeekPolice team! Thanks a plenty! GeekPolice rocks!

Jourdana
Novice
Novice

Posts Posts : 13
Joined Joined : 2010-01-30
Gender Gender : Female
OS OS : Windows Vista
Points Points : 25243
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with worm32, adwares etc. pls help!

Post by Belahzur on 5th February 2010, 5:00 pm

Yep, SAS didn't find any malicious files, just 1 registry key that got left behind, harmless really....

This should be fine now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum