Pop up warning

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Pop up warning

Post by rabare on 31st January 2010, 5:08 pm

Everytime I click a link I get a pop up that says windows cannot find that web address.
Anyone have a clue why this is happening..
Thanks in advance

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 31st January 2010, 7:53 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

OTL.txt

Post by rabare on 31st January 2010, 10:04 pm

OTL logfile created on: 1/31/2010 4:56:24 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Richard Abare\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.52 Gb Total Space | 113.84 Gb Free Space | 50.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICHARDABARE-PC
Current User Name: Richard Abare
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/31 16:56:06 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Richard Abare\Downloads\OTL.exe
PRC - [2010/01/17 20:22:40 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/17 20:22:39 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/01/17 20:22:39 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/17 20:22:39 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/01/17 20:22:39 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/17 20:22:29 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2010/01/06 10:43:32 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/07 13:28:42 | 000,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/07 13:25:08 | 001,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/19 22:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/13 21:15:56 | 000,356,352 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/13 21:15:28 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/30 20:15:46 | 000,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/07/30 20:15:44 | 000,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 01:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/17 13:36:12 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/09/10 21:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/08/14 10:40:44 | 000,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/08/14 10:40:36 | 001,348,904 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/05/05 13:52:21 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/04/24 20:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/23 00:03:10 | 000,671,744 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008/04/17 02:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 02:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/11 02:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/08 17:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/03/19 15:35:44 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/02/06 15:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/02/06 15:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2008/01/20 21:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/06/15 23:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2006/11/02 07:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/01/31 16:56:06 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Richard Abare\Downloads\OTL.exe
MOD - [2010/01/17 20:23:27 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/17 20:22:29 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/20 12:18:43 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/12/07 13:25:08 | 001,028,432 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/20 08:54:33 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/13 21:15:28 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/08 12:31:36 | 000,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2009/07/08 12:31:32 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2009/07/08 12:31:12 | 001,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/17 13:36:12 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/09/10 21:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/09/05 10:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/08/08 20:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/05/05 13:52:21 | 001,245,064 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/04/24 20:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/23 00:03:10 | 000,671,744 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 17:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/11 02:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/02/20 19:02:00 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/02/06 15:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/29 12:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/06 23:20:56 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 23:20:52 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/08/21 06:21:00 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () [Disabled | Stopped] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 16:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/01/17 20:23:04 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/01/17 20:22:52 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/17 20:22:50 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/12/07 13:31:54 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/16 03:13:14 | 000,216,576 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/08/25 03:00:00 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091002.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/08/25 03:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091002.003\NAVENG.SYS -- (NAVENG)
DRV - [2009/08/24 09:38:23 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/19 12:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/02/19 12:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/01/09 15:18:02 | 000,027,136 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/07/30 16:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/05/20 19:33:50 | 000,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2008/04/28 18:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/23 02:36:32 | 003,551,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/10 23:25:30 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/09 20:00:04 | 002,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/02 19:26:08 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/02/22 21:38:33 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/01/30 22:51:00 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/01/30 22:51:00 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/01/30 22:51:00 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/01/20 21:24:49 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/17 13:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/14 13:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/07/03 19:59:10 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2007/07/03 19:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 19:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 19:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/30 13:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 5A 95 A6 16 8A CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?refresh=1"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.11.6
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.18.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.3.3
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/17 20:22:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 10:43:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/25 12:41:15 | 000,000,000 | ---D | M]

[2009/12/14 10:02:41 | 000,000,000 | ---D | M] -- C:\Users\Richard Abare\AppData\Roaming\Mozilla\Extensions
[2010/01/31 16:51:43 | 000,000,000 | ---D | M] -- C:\Users\Richard Abare\AppData\Roaming\Mozilla\Firefox\Profiles\3iipee3r.default\extensions
[2010/01/03 10:06:44 | 000,000,000 | ---D | M] -- C:\Users\Richard Abare\AppData\Roaming\Mozilla\Firefox\Profiles\3iipee3r.default\extensions\amznUWL@amazon.com
[2010/01/31 16:51:43 | 000,000,000 | ---D | M] -- C:\Users\Richard Abare\AppData\Roaming\Mozilla\Firefox\Profiles\3iipee3r.default\extensions\ChoiceGuard@Microsoft
[2010/01/29 14:02:59 | 000,000,000 | ---D | M] -- C:\Users\Richard Abare\AppData\Roaming\Mozilla\Firefox\Profiles\3iipee3r.default\extensions\foxyproxy@eric.h.jung
[2010/01/25 12:58:51 | 000,000,000 | ---D | M] -- C:\Users\Richard Abare\AppData\Roaming\Mozilla\Firefox\Profiles\3iipee3r.default\extensions\piclens@cooliris.com
[2010/01/25 12:58:43 | 000,000,000 | ---D | M] -- C:\Users\Richard Abare\AppData\Roaming\Mozilla\Firefox\Profiles\3iipee3r.default\extensions\wisestamp@wisestamp.com
[2009/12/27 09:09:18 | 000,002,171 | ---- | M] () -- C:\Users\Richard Abare\AppData\Roaming\Mozilla\Firefox\Profiles\3iipee3r.default\searchplugins\bing.xml
[2010/01/25 12:41:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe File not found
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files\Jumpstart\jswtrayutil.exe File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} [You must be registered and logged in to see this link.] (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Richard Abare\Pictures\CARS\Challenger\Dodge_Challenger_SRT_by_hussain1.jpg
O24 - Desktop BackupWallPaper: C:\Users\Richard Abare\Pictures\CARS\Challenger\Dodge_Challenger_SRT_by_hussain1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/31 16:51:24 | 000,000,000 | ---D | C] -- C:\Users\Richard Abare\AppData\Local\IsolatedStorage
[2010/01/31 16:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Earth 3D
[2010/01/28 11:49:01 | 000,000,000 | ---D | C] -- C:\Users\Richard Abare\Desktop\misc
[2010/01/25 12:59:00 | 000,000,000 | ---D | C] -- C:\Users\Richard Abare\AppData\Local\Cooliris
[2010/01/25 12:41:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/01/25 12:41:15 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/01/25 12:41:15 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/01/25 12:41:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/01/25 12:41:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/01/22 08:28:17 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/22 08:28:17 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/22 08:28:17 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/22 08:28:17 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/22 08:28:16 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/22 08:28:16 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/22 08:28:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/22 08:28:16 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/22 08:28:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/22 08:28:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/22 08:28:16 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/22 08:28:16 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/22 08:28:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/22 08:28:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/19 11:27:57 | 000,000,000 | ---D | C] -- C:\Users\Richard Abare\AppData\Local\Adobe
[2010/01/18 09:02:39 | 000,195,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/18 08:24:13 | 000,000,000 | ---D | C] -- C:\Users\Richard Abare\AppData\Roaming\Skype
[2010/01/17 20:23:33 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/01/17 20:23:27 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/01/17 20:23:04 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/01/17 20:22:52 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/01/17 20:22:50 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/01/17 20:22:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/01/17 18:22:03 | 000,000,000 | ---D | C] -- C:\Windows\55A6283C638A4EE0B49151118554BDA2.TMP
[2010/01/17 17:47:28 | 000,000,000 | ---D | C] -- C:\Users\Richard Abare\AppData\Local\avjpod
[2010/01/17 16:52:08 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/01/13 08:52:52 | 000,000,000 | ---D | C] -- C:\a55246872a5f253742d9d07fa527
[2010/01/13 08:09:03 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/13 08:09:03 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/03 14:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2010/01/02 12:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/01/02 12:21:08 | 000,000,000 | ---D | C] -- C:\Users\Richard Abare\AppData\Local\Apps
[2010/01/02 12:21:07 | 000,000,000 | ---D | C] -- C:\Users\Richard Abare\AppData\Local\Deployment
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/31 16:59:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{830FAA70-CE2D-4248-8F80-6AFD8F5C3873}.job
[2010/01/31 16:56:28 | 002,097,152 | -HS- | M] () -- C:\Users\Richard Abare\NTUSER.DAT
[2010/01/31 16:51:03 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Bing Maps 3D.lnk
[2010/01/31 16:40:03 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/31 16:39:37 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/31 16:39:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/31 16:10:27 | 000,524,288 | -HS- | M] () -- C:\Users\Richard Abare\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/31 16:10:27 | 000,065,536 | -HS- | M] () -- C:\Users\Richard Abare\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/31 16:10:18 | 003,563,331 | -H-- | M] () -- C:\Users\Richard Abare\AppData\Local\IconCache.db
[2010/01/31 15:51:20 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6F6388E8-E3A2-4FA3-BBA6-F552F9A58020}.job
[2010/01/31 12:23:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/31 12:23:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/31 12:23:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/31 12:23:00 | 2950,516,736 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/31 10:39:29 | 000,000,680 | ---- | M] () -- C:\Users\Richard Abare\AppData\Local\d3d9caps.dat
[2010/01/31 08:54:05 | 054,915,603 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/30 09:19:01 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/30 09:19:01 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/30 09:19:01 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/28 13:44:11 | 000,002,838 | ---- | M] () -- C:\Windows\machine.ver
[2010/01/27 11:44:26 | 000,086,016 | ---- | M] () -- C:\Users\Richard Abare\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/25 13:40:03 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/01/25 12:39:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/01/25 12:39:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/01/25 12:39:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/01/25 12:39:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/01/20 09:19:02 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/01/17 20:23:28 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/01/17 20:23:27 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/01/17 20:23:04 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/01/17 20:22:52 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/01/17 20:22:50 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/01/17 20:22:50 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/01/17 20:22:49 | 006,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/01/17 20:22:49 | 000,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/01/17 17:28:13 | 000,000,008 | ---- | M] () -- C:\ProgramData\sysReserve.ini
[2010/01/13 08:40:17 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/03 13:25:19 | 331,183,749 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/02 12:21:35 | 000,070,984 | ---- | M] () -- C:\Users\Richard Abare\g2mdlhlpx.exe
[2010/01/02 01:33:32 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/02 01:33:32 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/02 01:32:51 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/02 01:32:46 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/02 01:32:33 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/02 01:32:33 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/02 01:32:33 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/02 01:32:32 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/02 01:32:32 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/02 01:32:26 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/01 23:57:00 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/01 23:56:50 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/01 23:56:14 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/01 23:55:54 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/31 16:51:03 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Bing Maps 3D.lnk
[2010/01/18 07:27:51 | 2950,516,736 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/17 20:23:28 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/01/17 20:22:49 | 054,915,603 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/17 20:22:49 | 000,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/01/17 20:22:49 | 000,142,495 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/01/17 20:22:49 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/01/17 20:22:48 | 006,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/01/17 16:52:14 | 000,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2010/01/13 08:40:17 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/03 14:18:35 | 000,000,680 | ---- | C] () -- C:\Users\Richard Abare\AppData\Local\d3d9caps.dat
[2010/01/02 12:21:34 | 000,070,984 | ---- | C] () -- C:\Users\Richard Abare\g2mdlhlpx.exe
[2009/11/26 10:28:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/13 11:04:01 | 000,000,122 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/09/18 07:48:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/16 05:45:11 | 000,331,048 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2009/08/11 09:33:29 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/08/10 08:26:19 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2009/08/03 20:09:46 | 000,086,016 | ---- | C] () -- C:\Users\Richard Abare\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 02:08:35 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/08/03 02:08:35 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/08/03 02:08:35 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/08/03 02:08:35 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009/08/02 23:30:47 | 000,000,015 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/08/02 23:30:44 | 000,000,006 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/05/05 13:41:42 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/04/24 20:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 20:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 20:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 20:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 20:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 20:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2008/04/23 00:05:08 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
< End of report >

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Extras.txt

Post by rabare on 31st January 2010, 10:05 pm

OTL Extras logfile created on: 1/31/2010 4:56:24 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Richard Abare\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.52 Gb Total Space | 113.84 Gb Free Space | 50.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICHARDABARE-PC
Current User Name: Richard Abare
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26B4DA53-EBE6-4FB3-A1E5-53A74155FC62}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B5DE46B-67D8-4463-AA48-B8B10B531071}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{62636592-47FF-4F69-9738-A0A5386FD92F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{9D78B35C-7626-445A-BBB6-1A9E9317EEEC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{225A902B-19BA-4378-942E-9BACA94E4A8C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{53352701-3242-431C-A1D7-F1765A005B3E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6CEDCB90-4AAC-49B9-BE6D-58D4BB708FD6}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{777853E2-79A0-4015-B8A6-E7A2EF0C0D2D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{91F9AC7F-AC88-4B51-854C-BCA008BE9DBF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{942B875B-E735-4935-BAC3-E1B39B838E23}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9C2B3D36-08F5-41E2-88A4-919FC054ED1B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BB5FDC80-AF5E-4F89-9E98-6D317C0F2B80}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CF71853D-FD1A-4115-BDDD-C1395451B20E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E884DD6B-1ABB-41AE-984F-776DAE428E0B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FB526360-B997-4552-88D4-E292F381332A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{053140B4-F4A9-77F0-2731-B18B398737BD}" = Catalyst Control Center HydraVision Full
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0B59A227-CAC2-4688-8759-580B4DC5F220}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184DD386-229C-460F-BA0C-9C2FEF071699}" = SymNet
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20CE4A2A-F567-C4A6-EF89-9BC4C199DFF1}" = Catalyst Control Center Graphics Full Existing
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2D8AAF99-68C9-0EA2-E54E-B174E1805822}" = Catalyst Control Center Graphics Previews Vista
"{2E7ED8FA-4D7B-DAB8-01EC-08B97BAD5D16}" = ccc-utility
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{394D3898-192A-1D05-1829-791D922E6495}" = Catalyst Control Center Graphics Previews Common
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E5F43C6-4DF2-49F4-AE2C-0E29CA6B9887}" = iLike Sidebar
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{508818E0-1364-1A0A-F5C5-BAB208FB9038}" = Catalyst Control Center Graphics Light
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{59A0E96B-4EAB-659D-F564-F48754C43F82}" = ccc-core-static
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5B5DDC17-A924-9BF2-F587-5FFA5EB25CF5}" = CCC Help English
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{68BEE9AE-D577-4CFA-9201-02B0CF288FC5}" = Memeo AutoBackup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{8912A802-1DD4-41F3-8450-B3209081BDB9}" = Sprint media manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A2F0810-3619-4E86-9072-973FBE1679C5}" = QuickBooks Simple Start 2009
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3365448-B694-468D-BBF0-D7A4CCDF955F}" = BlackBerry® Media Sync
"{A5F3F9C9-A05A-27D3-030C-41681E282F53}" = Catalyst Control Center Localization All
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B79B2945-96B0-E6D7-BB74-5C2A078CDF3C}" = Catalyst Control Center Core Implementation
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BD3B2898-FB23-3202-3F4F-8DBADBCB9D1E}" = Catalyst Control Center InstallProxy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CA4454BC-35F6-C8B4-38CD-57D54D873FC8}" = ATI Catalyst Install Manager
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D51E491C-EF3C-8016-4706-A49B64690711}" = Catalyst Control Center Graphics Full New
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{F818A41D-3535-4949-83BB-E41121697A97}" = Sprint Desktop Sync
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{68BEE9AE-D577-4CFA-9201-02B0CF288FC5}" = Memeo AutoBackup
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Picasa2" = Picasa 2
"PROHYBRIDR" = 2007 Microsoft Office system
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/26/2010 10:50:09 AM | Computer Name = RichardAbare-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 1/26/2010 10:50:09 AM | Computer Name = RichardAbare-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 1/26/2010 10:51:33 AM | Computer Name = RichardAbare-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/26/2010 11:36:12 AM | Computer Name = RICHARDABARE-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 1/26/2010 11:36:12 AM | Computer Name = RICHARDABARE-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 1/26/2010 11:36:12 AM | Computer Name = RICHARDABARE-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 1/26/2010 11:36:13 AM | Computer Name = RichardAbare-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 1/26/2010 11:36:13 AM | Computer Name = RichardAbare-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 1/26/2010 11:36:14 AM | Computer Name = RichardAbare-PC | Source = ATIeRecord | ID = 16387
Description =

Error - 1/26/2010 11:37:39 AM | Computer Name = RichardAbare-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11/14/2009 9:22:44 AM | Computer Name = RichardAbare-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/14/2009 9:22:44 AM | Computer Name = RichardAbare-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/14/2009 9:24:39 AM | Computer Name = RichardAbare-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 11/14/2009 9:32:05 AM | Computer Name = RichardAbare-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:27:39 AM on 11/14/2009 was unexpected.

Error - 11/14/2009 9:33:12 AM | Computer Name = RichardAbare-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/14/2009 9:48:50 AM | Computer Name = RichardAbare-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 11/17/2009 3:46:04 AM | Computer Name = RichardAbare-PC | Source = DCOM | ID = 10010
Description =

Error - 11/17/2009 4:13:58 AM | Computer Name = RichardAbare-PC | Source = DCOM | ID = 10005
Description =

Error - 11/17/2009 4:13:58 AM | Computer Name = RichardAbare-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/17/2009 4:13:58 AM | Computer Name = RichardAbare-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 1st February 2010, 12:23 am

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    IE - HKCU\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 1st February 2010, 1:11 am

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!

OTL by OldTimer - Version 3.1.27.1 log created on 01312010_201024

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 1st February 2010, 1:23 am

Hello.
Did you miss :OTL as the top line? cause the script didn't work right.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 1st February 2010, 1:56 am

won't work w/ :OTL on top line?

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 1st February 2010, 8:07 pm

I suspect Adaware is interfering here.

Please disable Ad-Watch, as it may hinder the removal of some HijackThis entries. You can re-enable it after your computer is clean. Please see here for instructions on how to disable it:

1. Right-click on the Ad-Watch icon in the system tray (located down by the system clock for most configurations)
2. Choose *Settings* from the dropdown menu
3. Under the *General Settings* tab turn OFF (red x) the option to "Load Ad-Watch at Startup" (if enabled)

4. Click on the *Status* button in the left hand menu
5. Turn OFF (red x) the option for *Regshield*
6. Close that window, then right-click on the Ad-Watch icon shield again down in the system tray next to the clock.
7. Choose *Turn off Ad-Watch* from the drop menu

Try the fix again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 2nd February 2010, 3:16 pm

I use adware free edition..
When I disable it I still cannot run the fix..
Sorry to be a pain in the arse..

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 2nd February 2010, 7:14 pm

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

hijackthis log

Post by rabare on 3rd February 2010, 1:51 pm

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Users\Richard Abare\Documents\Documents\Downloads\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

--
End of file - 14283 bytes

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 3rd February 2010, 8:04 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 4th February 2010, 3:59 pm

Malwarebytes' Anti-Malware 1.44
Database version: 3688
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

2/4/2010 10:58:33 AM
mbam-log-2010-02-04 (10-58-33).txt

Scan type: Quick Scan
Objects scanned: 125949
Time elapsed: 8 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WS9E3IQBKY (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 4th February 2010, 8:53 pm

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

I am still getting these pop ups

Post by rabare on 5th February 2010, 1:59 pm

Windows cannot find 'http:[You must be registered and logged in to see this link.]
.
Make sure you typed the name correctly, then try again.
I get this everytime I click a link from my email or a web page.
But the page always open up?
There is a red circle w. an X and a OK button in the pop up.
I tried to do a screen shot w/ the pop up warning but it will not work.
Again thanks for all your help...

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 5th February 2010, 4:49 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 5th February 2010, 5:15 pm

Caused my computer to crash?
It started in on a dos screen..
As it was running I got a blue scrambbled screen That had type saying my system crashed to reboot...

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 5th February 2010, 5:17 pm

I did disable my Avira Antivirus...
I did get a warning that I should run fix from a different site?

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 5th February 2010, 6:44 pm

Did Combofix warn of Virut?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 5th February 2010, 8:57 pm

never finished because it crashed....
SHould I try again?

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 5th February 2010, 9:07 pm

Yes please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 5th February 2010, 9:42 pm

ComboFix 10-02-05.02 - Richard Abare 02/05/2010 16:27:54.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1810 [GMT -5:00]
Running from: c:\users\Richard Abare\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3270954652-3410097223-3268541396-500
C:\LOG.TXT

.
((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.

2010-02-05 21:35 . 2010-02-05 21:37 -------- d-----w- c:\users\Richard Abare\AppData\Local\temp
2010-02-05 21:35 . 2010-02-05 21:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-05 21:35 . 2010-02-05 21:35 -------- d-----w- c:\users\Veda\AppData\Local\temp
2010-02-05 21:35 . 2010-02-05 21:35 -------- d-----w- c:\users\Cindy\AppData\Local\temp
2010-02-04 14:55 . 2010-02-04 14:56 -------- d-----w- c:\program files\iTunes
2010-02-04 14:50 . 2010-02-04 14:50 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-31 23:34 . 2010-02-01 00:25 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-31 23:34 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-31 23:34 . 2010-01-31 23:34 -------- d-----w- c:\programdata\Avira
2010-01-31 23:34 . 2010-01-31 23:34 -------- d-----w- c:\program files\Avira
2010-01-31 21:51 . 2010-01-31 21:51 -------- d-----w- c:\users\Richard Abare\AppData\Local\IsolatedStorage
2010-01-31 21:50 . 2010-01-31 21:51 -------- d-----w- c:\program files\Virtual Earth 3D
2010-01-25 17:59 . 2010-01-25 17:59 -------- d-----w- c:\users\Richard Abare\AppData\Local\Cooliris
2010-01-25 17:58 . 2010-01-06 17:08 4726272 ----a-w- c:\users\Richard Abare\AppData\Roaming\Mozilla\Firefox\Profiles\3iipee3r.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-01-25 17:58 . 2010-01-06 17:08 103424 ----a-w- c:\users\Richard Abare\AppData\Roaming\Mozilla\Firefox\Profiles\3iipee3r.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-01-25 17:58 . 2010-01-06 17:08 57856 ----a-w- c:\users\Richard Abare\AppData\Roaming\Mozilla\Firefox\Profiles\3iipee3r.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-01-25 17:58 . 2010-01-06 17:08 545280 ----a-w- c:\users\Richard Abare\AppData\Roaming\Mozilla\Firefox\Profiles\3iipee3r.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-25 17:58 . 2010-01-06 17:08 4725760 ----a-w- c:\users\Richard Abare\AppData\Roaming\Mozilla\Firefox\Profiles\3iipee3r.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-01-25 17:58 . 2010-01-06 17:08 153600 ----a-w- c:\users\Richard Abare\AppData\Roaming\Mozilla\Firefox\Profiles\3iipee3r.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-01-25 17:58 . 2010-01-06 17:08 344064 ----a-w- c:\users\Richard Abare\AppData\Roaming\Mozilla\Firefox\Profiles\3iipee3r.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-01-25 17:41 . 2010-01-25 17:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-21 22:42 . 2010-01-21 22:42 -------- d-----w- c:\users\Cindy\AppData\Local\Adobe
2010-01-21 00:41 . 2010-01-23 23:33 -------- d-----w- c:\users\Cindy\AppData\Roaming\skypePM
2010-01-19 19:12 . 2010-01-19 19:12 -------- d-----w- c:\users\Cindy\AppData\Local\Apple Computer
2010-01-19 16:27 . 2010-01-19 16:28 -------- d-----w- c:\users\Richard Abare\AppData\Local\Adobe
2010-01-18 14:02 . 2010-01-14 16:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-18 13:24 . 2010-01-30 18:43 -------- d-----w- c:\users\Richard Abare\AppData\Roaming\Skype
2010-01-17 23:22 . 2010-01-17 23:22 -------- d-----w- c:\windows\55A6283C638A4EE0B49151118554BDA2.TMP
2010-01-17 22:47 . 2010-01-20 18:57 -------- d-----w- c:\users\Richard Abare\AppData\Local\avjpod
2010-01-17 21:52 . 2010-01-17 21:52 -------- d-----w- c:\windows\Sun
2010-01-13 13:52 . 2010-01-13 13:59 -------- d-----w- C:\a55246872a5f253742d9d07fa527
2010-01-13 13:09 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 13:09 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 13:48 . 2009-08-03 04:31 119680 ----a-w- c:\users\Richard Abare\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-04 15:43 . 2009-08-10 02:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-04 14:55 . 2009-09-27 21:04 -------- d-----w- c:\program files\iPod
2010-02-04 14:55 . 2009-09-27 20:59 -------- d-----w- c:\program files\Common Files\Apple
2010-01-31 15:39 . 2010-01-03 19:18 680 ----a-w- c:\users\Richard Abare\AppData\Local\d3d9caps.dat
2010-01-28 22:06 . 2008-05-05 18:34 -------- d-----w- c:\program files\Google
2010-01-28 22:04 . 2009-08-10 02:21 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-28 11:47 . 2009-10-10 14:21 -------- d-----w- c:\program files\Yahoo!
2010-01-25 17:41 . 2008-05-05 18:33 -------- d-----w- c:\program files\Common Files\Java
2010-01-25 17:39 . 2008-05-05 18:33 -------- d-----w- c:\program files\Java
2010-01-23 23:36 . 2009-12-09 19:48 -------- d-----w- c:\users\Cindy\AppData\Roaming\Skype
2010-01-22 15:43 . 2009-09-24 14:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 15:20 . 2009-08-11 14:35 -------- d-----w- c:\programdata\Intuit
2010-01-20 14:21 . 2008-05-13 17:03 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-17 23:23 . 2008-05-05 18:50 -------- d-----w- c:\programdata\Symantec
2010-01-17 23:22 . 2008-05-05 18:49 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-17 23:19 . 2008-05-05 18:52 -------- d-----w- c:\program files\Norton 360
2010-01-17 12:14 . 2009-08-13 16:47 -------- d-----w- c:\program files\Sprint Instinct Applications
2010-01-13 14:00 . 2009-08-03 06:42 -------- d-----w- c:\programdata\Microsoft Help
2010-01-13 13:59 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-07 21:07 . 2009-08-10 02:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-08-10 02:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 19:16 . 2009-08-03 07:09 -------- d-----w- c:\program files\Atheros
2010-01-03 19:15 . 2010-01-03 19:15 -------- d-----w- c:\program files\Cisco
2010-01-03 19:08 . 2009-10-22 15:36 -------- d-----w- c:\users\Richard Abare\AppData\Roaming\InstallShield
2010-01-02 17:21 . 2010-01-02 17:21 -------- d-----w- c:\program files\Citrix
2010-01-02 17:21 . 2010-01-02 17:21 70984 ----a-w- c:\users\Richard Abare\g2mdlhlpx.exe
2010-01-02 06:38 . 2010-01-22 13:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 13:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 13:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 13:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-27 14:08 . 2009-12-27 14:08 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-12-27 14:07 . 2009-12-27 14:03 -------- d-----w- c:\program files\Windows Live
2009-12-27 14:06 . 2009-12-27 14:06 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-12-27 14:05 . 2009-12-27 14:05 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-12-27 14:04 . 2009-12-27 13:57 -------- d-----w- c:\program files\Microsoft
2009-12-27 14:03 . 2009-12-27 14:03 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-27 13:58 . 2009-12-27 13:58 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-27 10:33 . 2009-12-27 10:33 -------- d-----w- c:\users\Richard Abare\AppData\Roaming\Amazon
2009-12-22 15:15 . 2009-12-22 15:15 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-20 15:53 . 2009-12-20 15:53 234016 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-12-14 18:41 . 2009-12-14 18:41 2353992 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-07 18:34 . 2009-12-07 18:34 314712 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-07 18:34 . 2009-12-07 18:34 25440 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-12-07 18:34 . 2009-12-07 18:34 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-12-07 18:34 . 2009-12-07 18:34 168800 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-07 18:34 . 2009-12-07 18:34 349008 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-07 18:34 . 2009-12-07 18:34 17632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-12-07 18:34 . 2009-12-07 18:34 298336 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-07 18:34 . 2009-12-07 18:34 84320 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-07 18:32 . 2009-12-07 18:32 1630560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-07 18:32 . 2009-12-07 18:32 246640 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-07 18:32 . 2009-12-07 18:32 40288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-07 18:31 . 2009-12-07 18:31 68640 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-12-07 18:31 . 2009-12-07 18:31 303976 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-12-07 18:31 . 2009-12-14 18:42 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-07 18:31 . 2009-12-07 18:31 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-12-07 18:31 . 2009-12-07 18:31 85352 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-12-07 18:31 . 2009-12-07 18:31 664936 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-07 18:31 . 2009-12-07 18:31 3695616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-07 18:29 . 2009-12-07 18:29 562552 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-07 18:29 . 2009-12-07 18:29 566632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-07 18:28 . 2009-12-07 18:28 640760 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-12-07 18:28 . 2009-12-07 18:28 520024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-07 18:25 . 2009-12-07 18:25 1028432 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-05 13:42 . 2009-12-05 13:42 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2558.tmp.exe
2009-12-03 19:14 . 2009-08-11 21:09 119680 ----a-w- c:\users\Veda\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-03 14:27 . 2009-12-03 14:27 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-12-03 14:27 . 2009-07-22 15:24 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-12-01 23:30 . 2009-08-10 11:43 119680 ----a-w- c:\users\Cindy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-01 16:02 . 2009-12-01 16:02 69632 ----a-r- c:\users\Richard Abare\AppData\Roaming\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-01 16:02 . 2009-12-01 16:02 69632 ----a-r- c:\users\Richard Abare\AppData\Roaming\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-01 16:02 . 2009-12-01 16:02 69632 ----a-r- c:\users\Richard Abare\AppData\Roaming\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-01 16:02 . 2009-12-01 16:02 69632 ----a-r- c:\users\Richard Abare\AppData\Roaming\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-01 16:02 . 2009-12-01 16:02 69632 ----a-r- c:\users\Richard Abare\AppData\Roaming\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-01 16:02 . 2009-12-01 16:02 69632 ----a-r- c:\users\Richard Abare\AppData\Roaming\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-01 16:02 . 2009-12-01 16:02 69632 ----a-r- c:\users\Richard Abare\AppData\Roaming\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-12-01 16:02 . 2009-12-01 16:02 49152 ----a-r- c:\users\Richard Abare\AppData\Roaming\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-12-01 16:02 . 2009-12-01 16:02 49152 ----a-r- c:\users\Richard Abare\AppData\Roaming\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-12-01 16:02 . 2009-12-01 16:02 69632 ----a-r- c:\users\Richard Abare\AppData\Roaming\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\DesktopMgr.exe
2009-12-01 16:02 . 2009-12-01 16:02 49152 ----a-r- c:\users\Richard Abare\AppData\Roaming\Microsoft\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-11-26 15:28 . 2009-11-26 15:28 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-11-17 13:13 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-12 18:59 . 2009-11-12 18:59 69632 ----a-r- c:\users\Richard Abare\AppData\Roaming\Microsoft\Installer\{1BD05B04-7A33-409A-A714-613163E41935}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-12 18:59 . 2009-11-12 18:59 69632 ----a-r- c:\users\Richard Abare\AppData\Roaming\Microsoft\Installer\{1BD05B04-7A33-409A-A714-613163E41935}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-12 18:59 . 2009-11-12 18:59 69632 ----a-r- c:\users\Richard Abare\AppData\Roaming\Microsoft\Installer\{1BD05B04-7A33-409A-A714-613163E41935}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-12 18:59 . 2009-11-12 18:59 69632 ----a-r- c:\users\Richard Abare\AppData\Roaming\Microsoft\Installer\{1BD05B04-7A33-409A-A714-613163E41935}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-12 18:59 . 2009-11-12 18:59 69632 ----a-r- c:\users\Richard Abare\AppData\Roaming\Microsoft\Installer\{1BD05B04-7A33-409A-A714-613163E41935}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-12 18:59 . 2009-11-12 18:59 69632 ----a-r- c:\users\Richard Abare\AppData\Roaming\Microsoft\Installer\{1BD05B04-7A33-409A-A714-613163E41935}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-12 18:59 . 2009-11-12 18:59 69632 ----a-r- c:\users\Richard Abare\AppData\Roaming\Microsoft\Installer\{1BD05B04-7A33-409A-A714-613163E41935}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-11-12 18:59 . 2009-11-12 18:59 69632 ----a-r- c:\users\Richard Abare\AppData\Roaming\Microsoft\Installer\{1BD05B04-7A33-409A-A714-613163E41935}\DesktopMgr.exe
2009-11-09 22:28 . 2009-10-24 17:58 680 ----a-w- c:\users\Veda\AppData\Local\d3d9caps.dat
2009-11-09 12:31 . 2009-12-11 18:33 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-11 18:33 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-11 18:33 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-08-03 04:30 . 2009-08-03 04:30 15 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-08-03 04:30 . 2009-08-03 04:30 6 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-20 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-14 98304]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-07 520024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-25 988512]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

c:\users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-9-10 984352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3b,70,56,c5,30,3a,ca,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [12/14/2009 1:42 PM 64160]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [8/3/2009 2:11 AM 20384]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [8/13/2009 9:15 PM 172032]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/31/2010 6:34 PM 108289]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [4/17/2008 2:19 AM 40960]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1028432]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/17/2008 4:37 PM 149352]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [5/5/2008 1:06 PM 7168]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [4/24/2008 8:35 PM 73728]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/19/2009 12:31 PM 41008]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/20/2009 12:19 PM 135664]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [1/11/2008 11:32 PM 23888]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 9:23 PM 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [12/27/2009 9:08 AM 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [8/3/2009 2:11 AM 954368]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-02-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 18:29]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 17:18]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 17:18]

2010-02-05 c:\windows\Tasks\User_Feed_Synchronization-{6F6388E8-E3A2-4FA3-BBA6-F552F9A58020}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]

2010-02-05 c:\windows\Tasks\User_Feed_Synchronization-{830FAA70-CE2D-4248-8F80-6AFD8F5C3873}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Richard Abare\AppData\Roaming\Mozilla\Firefox\Profiles\3iipee3r.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\users\Richard Abare\AppData\Roaming\Mozilla\Firefox\Profiles\3iipee3r.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Richard Abare\AppData\Roaming\Mozilla\Firefox\Profiles\3iipee3r.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-05 16:37
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
FBSSA = c:\program files\SGPSA\ie3sh.exe?Fast Browser Search\?.*???????????????????????????????????????????

scanning hȋdden files ...


c:\users\RICHAR~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hȋdden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-02-05 16:40:14
ComboFix-quarantined-files.txt 2010-02-05 21:40

Pre-Run: 122,384,326,656 bytes free
Post-Run: 123,387,977,728 bytes free

- - End Of File - - 8A1B9778618E78E01639E0BF06039AFD

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 5th February 2010, 10:23 pm

Hello.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\program files\SGPSA

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FBSSA"=-


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 5th February 2010, 11:02 pm

========== FILES ==========
File/Folder c:\program files\SGPSA not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\FBSSA not found.

OTM by OldTimer - Version 3.1.8.0 log created on 02052010_180117

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 5th February 2010, 11:19 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 5th February 2010, 11:47 pm

When I clicked on the link for these response I got the pop up warning again the windows could not find this website, although it did open?
Just not sure whats up..

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 6th February 2010, 12:14 am

What browser are you using?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 6th February 2010, 12:32 am

I use firefox..
I use windows mail for email..

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 6th February 2010, 12:36 am

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Let me know if you still get them errors.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 6th February 2010, 1:46 am

Everything appears OK..
Thanks alot....

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 6th February 2010, 2:20 pm

Pop ups are still happening...Damn!

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 6th February 2010, 7:21 pm

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 7th February 2010, 12:34 am

Wont work at all because windows keeps blocking it, even in safe mode.

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 7th February 2010, 1:17 am

Please close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.

  • Please download RootRepeal.zip from [You must be registered and logged in to see this link.].
  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.


  • Select ALL of the checkboxes and then click OK and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 7th February 2010, 3:03 pm

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/02/07 09:16
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: axkdrkow.sys
Image Path: C:\Users\RICHAR~1\AppData\Local\Temp\axkdrkow.sys
Address: 0x9CD64000 Size: 93056 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8EAE7000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x8EAF2000 Size: 40960 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9CD87000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{082b8195-0b75-11df-aa9b-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1fc77291-0aa8-11df-9a77-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e1b2df42-1360-11df-9e75-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{eb117eef-043d-11df-853b-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3bca4111-0e8d-11df-bceb-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3bca4115-0e8d-11df-bceb-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{45ee005d-0eca-11df-9fe2-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{82191230-0887-11df-b0fc-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8303ec1a-0f29-11df-a950-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8303ec56-0f29-11df-a950-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8303ec93-0f29-11df-a950-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8303ed07-0f29-11df-a950-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{833696e5-11a6-11df-9f4d-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ae34e845-0c5b-11df-bb35-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{4c07f35f-11da-11df-859f-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{703a9c24-0ec4-11df-8061-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{703a9c35-0ec4-11df-8061-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7ded2c20-045e-11df-bd3a-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7ded2c70-045e-11df-bd3a-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7ded2e88-045e-11df-bd3a-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{821911d8-0887-11df-b0fc-001e339ff073}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET CLR Data\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for SqlServer\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\91ca50cec42075fff02b366323bf3b45d2053b24544bd12b622b65621bd0edd5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\f8209ee440679adcdab198fe5262dd5ff95c1d654f488816d0f33c8a45d5e8d8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\3582cf91bea0e0e7b5f4b8a168a2e4bf248a01f764aa3c5d7c4f352ebc681e9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a951d53950c367acc37622f0dd619a954df5de2c4ec40296e6636605aa33714a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\6404bc9cb3e4e1c5b38e2b30c572adc4cfa78ac96aea8997b1e713f62b18ca50.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d14225a52543aa5a9605b00dd7574812bf89c605ebc73a9730e1e386bfc965f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\5effcbd6bfe308cd94c31922a126a132ef26282a495f9fc0963000a8e158d866.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\f7bf65ca621d8ad32ead1500a08827be239d0f49d83dc20dabf57d2eb17adbd7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\70f19edeeb8e3329aad18f744094ea0319d2ecc78dd6a12559a1e765c42418f7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\26340819d2ef86080d9001c6f2737d70fd6602ddf4b86b6c26b326ef81cc3342.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\2d3cb7907b1336ea5889a2b731d5e97ad40903a4efd2287c1c117bc30f208f46.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01b24643b308750c38685daaed50bcddf61c18460dee.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_code_b03f5f7f11d50a3a_6.0.6001.18111_none_7cb73347b98b718a\APPLIC~1.CS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6001.18111_none_fbec0de7b7901200\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6001.18111_none_fbec0de7b7901200\GLOBAL~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.16720_none_04c87b54ba4ac535\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.20883_none_ee0091f8d3ed0a28\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.18111_none_04a3600aba9cd1d6\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.22230_none_edd7d0a6d4424ae9\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\NAVIGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WED669~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\NAVIGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WED669~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\NAVIGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WED669~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\NAVIGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WEBADM~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WEBADM~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WEBADM~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WEBADM~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WED669~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda3ee0ba\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda3ee0ba\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3e125ad\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3e125ad\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da90ed5b\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da90ed5b\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f436666e\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f436666e\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.16720_none_62b207ce0c996d96\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.20883_none_4bea1e72263bb289\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.18111_none_628cec840ceb7a37\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.22230_none_4bc15d202690f34a\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.16720_none_c39efe8a3f927437\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.20883_none_acd7152e5934b92a\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.18111_none_c379e3403fe480d8\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.22230_none_acae53dc5989f9eb\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_2c88b9b71ca44e71\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_15c0d05b36469364\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_2c639e6d1cf65b12\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_15980f09369bd425\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.16720_none_9b01a5fdd9371aff\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.20883_none_9b4d641ef282ae74\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.18111_none_9cf3b4d9d654a956\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.22230_none_9d66b182ef8367ab\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1324 Status: Locked to the Windows API!

SSDT
-------------------
#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "" at address 0x8693e7e0

#: 078 Function Name: NtCreateThread
Status: Hooked by "" at address 0x98d19dac

#: 194 Function Name: NtOpenProcess
Status: Hooked by "" at address 0x98d19d98

#: 201 Function Name: NtOpenThread
Status: Hooked by "" at address 0x98d19d9d

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "" at address 0x98d19da7

==EOF==

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 8th February 2010, 12:00 am

Hello.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
axkdrkow.sys

Files to delete:
C:\Users\RICHAR~1\AppData\Local\Temp\axkdrkow.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 8th February 2010, 12:35 am

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\axkdrkow.sys" not found!
Deletion of driver "axkdrkow.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Users\RICHAR~1\AppData\Local\Temp\axkdrkow.sys" not found!
Deletion of file "C:\Users\RICHAR~1\AppData\Local\Temp\axkdrkow.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 8th February 2010, 1:07 am

Still getting popups?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 8th February 2010, 1:18 am

Yep, I again click on your rely link from my mail and got the popup..
I was wondering would it have something to do w/ windows mail?

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 8th February 2010, 8:20 pm

What kind of popups are they? or popunders?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 9th February 2010, 3:43 pm

It is a seperate warning box that says windows is unable to find the website of the link I click.
But this only happens the 1st time I click the link.
If Iclick it a second time I do not get the warning....

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 9th February 2010, 6:54 pm

Please download [You must be registered and logged in to see this link.] by DragonMaster Jay.
  • Save it to your Desktop.
  • Right-click on the file and select Extract All...
  • Choose a location to save extracted files and keep pressing Next until Finish.
  • Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
  • Follow the prompts, and when finished it will launch a log.
  • Post that log in your next reply.
  • After posting the log, delete the folder RenewMyDNS.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 10th February 2010, 2:53 pm

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows [Version 6.0.6002]


(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))



Windows IP Configuration

Host Name . . . . . . . . . . . . : RichardAbare-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : nycap.rr.com

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1E-33-9F-F0-73
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : nycap.rr.com
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-24-D2-0E-48-B7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b153:b2a:536a:2398%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, February 09, 2010 9:40:05 AM
Lease Expires . . . . . . . . . . : Thursday, February 11, 2010 9:15:49 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 285222098
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-08-3D-69-00-1E-33-9F-F0-73
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{5AB35A41-0025-4712-B9AE-F59D907E6B96}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.nycap.rr.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e50:c92:32c8:3f57:fe9b(Preferred)
Link-local IPv6 Address . . . . . : fe80::c92:32c8:3f57:fe9b%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful
The requested operation requires elevation.


(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))

Pinging yahoo.com [209.131.36.159] with 32 bytes of data:
Reply from 209.131.36.159: bytes=32 time=89ms TTL=51
Reply from 209.131.36.159: bytes=32 time=92ms TTL=51
Reply from 209.131.36.159: bytes=32 time=88ms TTL=51
Reply from 209.131.36.159: bytes=32 time=88ms TTL=51

Ping statistics for 209.131.36.159:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 88ms, Maximum = 92ms, Average = 89ms

Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:
Reply from 64.202.189.170: bytes=32 time=91ms TTL=110
Reply from 64.202.189.170: bytes=32 time=91ms TTL=110
Reply from 64.202.189.170: bytes=32 time=91ms TTL=110
Reply from 64.202.189.170: bytes=32 time=91ms TTL=110

Ping statistics for 64.202.189.170:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 91ms, Maximum = 91ms, Average = 91ms

Pinging facebook.com [69.63.187.17] with 32 bytes of data:
Reply from 69.63.187.17: bytes=32 time=21ms TTL=237
Reply from 69.63.187.17: bytes=32 time=21ms TTL=237
Reply from 69.63.187.17: bytes=32 time=22ms TTL=237
Reply from 69.63.187.17: bytes=32 time=22ms TTL=237

Ping statistics for 69.63.187.17:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 22ms, Average = 21ms

Pinging microsoft.com [207.46.232.182] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 207.46.232.182:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

********************
EOF

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 10th February 2010, 6:47 pm

Hello.
Please run that again, but this time, right click, select Run as Administrator.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 11th February 2010, 3:14 pm

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows [Version 6.0.6002]


(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))



Windows IP Configuration

Host Name . . . . . . . . . . . . : RichardAbare-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : nycap.rr.com

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1E-33-9F-F0-73
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : nycap.rr.com
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-24-D2-0E-48-B7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b153:b2a:536a:2398%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, February 11, 2010 9:54:02 AM
Lease Expires . . . . . . . . . . : Friday, February 12, 2010 9:54:03 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 285222098
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-08-3D-69-00-1E-33-9F-F0-73
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{5AB35A41-0025-4712-B9AE-F59D907E6B96}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : nycap.rr.com
Description . . . . . . . . . . . : isatap.nycap.rr.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e74:8f7:2aee:3f57:fe9b(Preferred)
Link-local IPv6 Address . . . . . : fe80::8f7:2aee:3f57:fe9b%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))

Pinging yahoo.com [209.131.36.159] with 32 bytes of data:
Reply from 209.131.36.159: bytes=32 time=89ms TTL=51
Reply from 209.131.36.159: bytes=32 time=89ms TTL=51
Reply from 209.131.36.159: bytes=32 time=89ms TTL=51
Reply from 209.131.36.159: bytes=32 time=89ms TTL=51

Ping statistics for 209.131.36.159:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 89ms, Maximum = 89ms, Average = 89ms

Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:
Reply from 64.202.189.170: bytes=32 time=90ms TTL=110
Reply from 64.202.189.170: bytes=32 time=91ms TTL=110
Reply from 64.202.189.170: bytes=32 time=99ms TTL=110
Reply from 64.202.189.170: bytes=32 time=90ms TTL=110

Ping statistics for 64.202.189.170:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 90ms, Maximum = 99ms, Average = 92ms

Pinging facebook.com [69.63.187.19] with 32 bytes of data:
Reply from 69.63.187.19: bytes=32 time=48ms TTL=237
Reply from 69.63.187.19: bytes=32 time=48ms TTL=237
Reply from 69.63.187.19: bytes=32 time=47ms TTL=237
Reply from 69.63.187.19: bytes=32 time=47ms TTL=237

Ping statistics for 69.63.187.19:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 47ms, Maximum = 48ms, Average = 47ms

Pinging microsoft.com [207.46.197.32] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 207.46.197.32:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

********************
EOF

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 11th February 2010, 9:02 pm

Okay, is it any better now? still get popups?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 12th February 2010, 3:23 pm

Pop ups still...Yes

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by rabare on 22nd February 2010, 2:25 pm

Is there anything else I should try?
I still get the pop up notices?
Thanks, Rich

rabare
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-01-18
OS OS : Vista
Points Points : 25611
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Pop up warning

Post by Belahzur on 22nd February 2010, 8:57 pm

Please re-run Combofix.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum