DNS Redirect Trojan?

View previous topic View next topic Go down

DNS Redirect Trojan?

Post by dangerfield on Mon Mar 29, 2010 12:03 am

From searching google, it seems a zillion people have been having this problems non-stop for 3-4 years. You know the drill. You search and/or type in a website, usually big busy sites like pandora.com, gmail.com, myspace, twitter, facebook and you are redirected to a blank or dummy myspace or facebook page.

It seems zillions of people post zillions of hijackthis logs and get a dozen different answer, often none of them work. I am going to cross my fingers and roll the dice that this will be a success story. Rather than try to give you every serial number for every computer thingy I own, I'll post general info and then you can ask for specifics. It would be so completely lovely, nice, and swell if a wonderful kind soul would volunteer help to me =)

My house has verizon dsl distributed via a linksys WRT router, maybe a 120n or something from internet pictures. I use 3 computers on it. I have a Vista32 Toshiba Sat A215 Laptop using wireless, a frankenstein Vista64 gaming PC connected to the router via a network cable, and a Windows 7 starter netbook using wireless. The netbook works fine but the first two have identical redirect behavior.

Here is the hijackthis log file via random/random scanner thingy.

Logfile of random's system information tool 1.06 (written by random/random)
Run by harrisjc at 2010-03-28 17:38:42
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 23 GB (20%) free of 113 GB
Total RAM: 2941 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:55 PM, on 3/28/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Okidata\OKI B2000 Series Status Monitor\OPSTM050.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\harrisjc\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\harrisjc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\harrisjc\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Assign &hot key - C:\Program Files\Hot Keyboard Pro\IEScript.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\harrisjc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O15 - Trusted Zone: *.line6.net
O16 - DPF: ActiveGS.cab - [You must be registered and logged in to see this link.]
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} (GameTap Player) - [You must be registered and logged in to see this link.]
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: OIservice - Unknown owner - C:\Program Files\OpenIndexer 3\Service\OIserver.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Scramby Server (ScrambyServer) - RapidSolution Software AG - C:\Program Files\RapidSolution\Scramby\ScrambyServer.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9052 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1858452836-573578192-3099488731-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1858452836-573578192-3099488731-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-09-19 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-08 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-15 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-09-19 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-08 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-09 4702208]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2007-03-29 411192]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-06-15 448080]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-10-29 102400]
"NDSTray.exe"=NDSTray.exe []
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-09-19 144792]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2009-04-07 642856]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-01-08 198160]
"PAC207_Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-03-12 2033432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-11 39408]
"Google Update"=C:\Users\harrisjc\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-13 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-05-22 538744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-22 1862144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\harrisjc\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-13 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
C:\Program Files\Microsoft LifeCam\LifeExp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-01-15 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^harrisjc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-12-15 384000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2010-03-28 17:38:42 ----D---- C:\rsit
2010-03-27 21:13:48 ----D---- C:\Program Files\kSolo
2010-03-23 12:49:51 ----D---- C:\Program Files\Babya VST Studio
2010-03-23 12:43:25 ----D---- C:\Program Files\ashost
2010-03-23 12:36:35 ----A---- C:\Windows\rackdata5.ini
2010-03-23 12:36:30 ----D---- C:\Program Files\AirRack
2010-03-18 18:02:20 ----D---- C:\Users\harrisjc\AppData\Roaming\Screaming Bee
2010-03-18 17:58:01 ----D---- C:\Program Files\Screaming Bee
2010-03-18 17:13:30 ----D---- C:\ProgramData\RapidSolution
2010-03-18 17:09:29 ----D---- C:\Program Files\RapidSolution
2010-03-15 16:24:09 ----D---- C:\Windows\system32\hwswchecker
2010-03-15 16:24:09 ----A---- C:\Windows\system32\YSys.dll
2010-03-15 16:24:08 ----D---- C:\Program Files\GameTap Web Player
2010-03-15 16:23:47 ----D---- C:\ProgramData\GameTap Web Player
2010-03-14 12:01:01 ----D---- C:\PSP
2010-03-14 12:01:01 ----A---- C:\Windows\UNWISE.EXE
2010-03-13 15:49:39 ----D---- C:\Program Files\Free WMA to MP3 Converter
2010-03-13 03:26:10 ----D---- C:\Program Files\Downfall Demo
2010-03-12 01:38:46 ----HD---- C:\$AVG
2010-03-12 01:37:25 ----D---- C:\ProgramData\avg9
2010-03-11 04:00:40 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-11 04:00:38 ----A---- C:\Windows\system32\httpapi.dll
2010-03-02 23:59:02 ----D---- C:\Program Files\Steinberg
2010-03-02 23:59:01 ----A---- C:\Windows\GearBox.ini
2010-02-28 12:45:03 ----D---- C:\Users\harrisjc\AppData\Roaming\PACE Anti-Piracy
2010-02-27 22:36:22 ----D---- C:\Users\harrisjc\AppData\Roaming\Line 6
2010-02-27 12:12:14 ----A---- C:\Windows\unins000.exe
2010-02-26 20:17:26 ----D---- C:\Users\harrisjc\AppData\Roaming\Ableton
2010-02-26 20:14:14 ----A---- C:\Windows\system32\REX Shared Library.dll
2010-02-26 20:14:14 ----A---- C:\Windows\system32\ReWire.dll
2010-02-26 20:14:14 ----A---- C:\Windows\system32\msvcr71.dll
2010-02-26 20:13:56 ----D---- C:\Program Files\Ableton
2010-02-26 20:07:05 ----D---- C:\ProgramData\Sonoma Wire Works
2010-02-26 20:07:00 ----D---- C:\Program Files\Sonoma Wire Works
2010-02-26 17:05:50 ----D---- C:\ProgramData\Line 6
2010-02-26 17:05:47 ----D---- C:\Program Files\Line6
2010-02-24 17:41:13 ----D---- C:\Program Files\OpenIndexer 3
2010-02-24 17:24:58 ----D---- C:\Users\harrisjc\AppData\Roaming\AstroGrep
2010-02-24 13:37:49 ----D---- C:\Program Files\Windows Grep
2010-02-23 20:40:45 ----A---- C:\Windows\system32\jscript.dll
2010-02-23 20:40:36 ----A---- C:\Windows\system32\tzres.dll
2010-02-23 20:40:16 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-23 20:40:14 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-23 20:40:10 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-23 20:40:10 ----A---- C:\Windows\system32\secproc.dll
2010-02-23 20:40:10 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-23 20:40:10 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-23 20:40:07 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-23 20:40:07 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-23 20:40:07 ----A---- C:\Windows\system32\msdrm.dll
2010-02-23 11:37:16 ----A---- C:\Windows\system32\msvcsv60.dll
2010-02-23 11:35:34 ----D---- C:\Program Files\Common Files\DigiDesign
2010-02-23 11:35:32 ----D---- C:\Program Files\IK Multimedia
2010-02-23 11:35:26 ----D---- C:\ProgramData\IK Multimedia
2010-02-23 11:22:16 ----D---- C:\Program Files\db-audioware
2010-02-23 11:20:58 ----D---- C:\Program Files\ASIO4ALL v2
2010-02-23 04:38:26 ----D---- C:\ProgramData\ArcSoft
2010-02-23 04:37:30 ----D---- C:\Program Files\Common Files\ArcSoft
2010-02-23 04:37:30 ----D---- C:\Program Files\ArcSoft
2010-02-23 04:37:14 ----D---- C:\Users\harrisjc\AppData\Roaming\ArcSoft
2010-02-23 04:22:54 ----D---- C:\Windows\PixArt
2010-02-09 13:00:52 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-09 13:00:52 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-09 13:00:34 ----A---- C:\Windows\system32\quartz.dll
2010-02-09 13:00:32 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-09 13:00:32 ----A---- C:\Windows\system32\msyuv.dll
2010-02-09 13:00:32 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-09 13:00:32 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-09 13:00:32 ----A---- C:\Windows\system32\msrle32.dll
2010-02-09 13:00:32 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-09 13:00:32 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-09 13:00:32 ----A---- C:\Windows\system32\avifil32.dll
2010-02-09 13:00:32 ----A---- C:\Windows\system32\avicap32.dll
2010-01-31 22:39:16 ----D---- C:\Windows\system32\Adobe
2010-01-27 16:13:30 ----HDC---- C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-27 16:13:10 ----D---- C:\ProgramData\Lavasoft
2010-01-27 16:13:10 ----D---- C:\Program Files\Lavasoft
2010-01-21 13:29:23 ----A---- C:\Windows\system32\mshtml.dll
2010-01-21 13:29:22 ----A---- C:\Windows\system32\ieframe.dll
2010-01-21 13:29:20 ----A---- C:\Windows\system32\wininet.dll
2010-01-21 13:29:20 ----A---- C:\Windows\system32\urlmon.dll
2010-01-21 13:29:20 ----A---- C:\Windows\system32\occache.dll
2010-01-21 13:29:20 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-21 13:29:20 ----A---- C:\Windows\system32\iertutil.dll
2010-01-21 13:29:19 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-21 13:29:19 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-21 13:29:19 ----A---- C:\Windows\system32\ieui.dll
2010-01-21 13:29:19 ----A---- C:\Windows\system32\iepeers.dll
2010-01-21 13:29:19 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-21 13:29:18 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-21 13:29:18 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-21 13:29:18 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-21 13:29:18 ----A---- C:\Windows\system32\iesetup.dll
2010-01-21 13:29:18 ----A---- C:\Windows\system32\iernonce.dll
2010-01-21 13:29:18 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-19 00:58:06 ----D---- C:\ProgramData\Office Genuine Advantage
2010-01-18 23:19:49 ----A---- C:\Windows\system32\mshtmled.dll
2010-01-18 23:19:49 ----A---- C:\Windows\system32\icardie.dll
2010-01-18 23:19:48 ----A---- C:\Windows\system32\mshtmler.dll
2010-01-18 23:19:48 ----A---- C:\Windows\system32\admparse.dll
2010-01-18 23:19:47 ----A---- C:\Windows\system32\msls31.dll
2010-01-18 23:19:47 ----A---- C:\Windows\system32\imgutil.dll
2010-01-18 23:19:47 ----A---- C:\Windows\system32\ieakeng.dll
2010-01-18 23:19:47 ----A---- C:\Windows\system32\dxtmsft.dll
2010-01-18 23:19:47 ----A---- C:\Windows\system32\corpol.dll
2010-01-18 23:19:46 ----A---- C:\Windows\system32\licmgr10.dll
2010-01-18 23:19:46 ----A---- C:\Windows\system32\inseng.dll
2010-01-18 23:19:46 ----A---- C:\Windows\system32\dxtrans.dll
2010-01-18 23:19:45 ----A---- C:\Windows\system32\WinFXDocObj.exe
2010-01-18 23:19:45 ----A---- C:\Windows\system32\wextract.exe
2010-01-18 23:19:45 ----A---- C:\Windows\system32\webcheck.dll
2010-01-18 23:19:45 ----A---- C:\Windows\system32\msrating.dll
2010-01-18 23:19:45 ----A---- C:\Windows\system32\ieakui.dll
2010-01-18 23:19:45 ----A---- C:\Windows\system32\ieaksie.dll
2010-01-18 23:19:44 ----A---- C:\Windows\system32\pngfilt.dll
2010-01-18 23:19:44 ----A---- C:\Windows\system32\mstime.dll
2010-01-18 23:19:44 ----A---- C:\Windows\system32\ieapfltr.dll
2010-01-18 23:19:44 ----A---- C:\Windows\system32\advpack.dll
2010-01-18 23:19:43 ----A---- C:\Windows\system32\vbscript.dll
2010-01-18 23:19:42 ----A---- C:\Windows\system32\url.dll
2010-01-18 23:19:41 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2010-01-18 23:19:41 ----A---- C:\Windows\system32\SetDepNx.exe
2010-01-18 23:19:41 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2010-01-18 23:19:41 ----A---- C:\Windows\system32\PDMSetup.exe
2010-01-18 23:19:41 ----A---- C:\Windows\system32\mshta.exe
2010-01-18 23:19:41 ----A---- C:\Windows\system32\iexpress.exe
2010-01-18 23:19:25 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-17 18:26:43 ----D---- C:\Program Files\Pure Networks
2010-01-17 18:21:02 ----D---- C:\ProgramData\webex
2010-01-17 18:16:35 ----DC---- C:\Windows\system32\DRVSTORE
2010-01-17 18:16:32 ----D---- C:\Program Files\Common Files\Pure Networks Shared
2010-01-17 18:15:56 ----D---- C:\ProgramData\Pure Networks
2010-01-17 18:15:56 ----D---- C:\Program Files\Linksys
2010-01-15 13:11:06 ----D---- C:\Program Files\efs
2010-01-13 09:43:48 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 09:43:48 ----A---- C:\Windows\system32\fontsub.dll
2010-01-08 06:00:06 ----A---- C:\Windows\system32\rmoc3260.dll
2010-01-08 05:59:57 ----A---- C:\Windows\system32\pndx5032.dll
2010-01-08 05:59:56 ----A---- C:\Windows\system32\pndx5016.dll
2010-01-08 05:59:49 ----D---- C:\Program Files\Common Files\xing shared
2010-01-08 05:59:16 ----D---- C:\Program Files\real
2009-12-31 17:51:15 ----D---- C:\Users\harrisjc\AppData\Roaming\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
2009-12-31 17:50:49 ----D---- C:\Program Files\YNAB 3

======List of files/folders modified in the last 3 months======

2010-03-28 17:38:55 ----D---- C:\Windows\Prefetch
2010-03-28 17:38:23 ----D---- C:\Windows\Temp
2010-03-28 14:30:10 ----D---- C:\Windows\Tasks
2010-03-28 13:33:23 ----D---- C:\ProgramData\Google Updater
2010-03-28 00:08:44 ----SHD---- C:\System Volume Information
2010-03-27 21:13:48 ----RD---- C:\Program Files
2010-03-26 09:16:48 ----D---- C:\Windows\system32\Tasks
2010-03-25 20:47:53 ----D---- C:\Users\harrisjc\AppData\Roaming\Lala Music Mover
2010-03-25 09:54:36 ----AD---- C:\Windows\System32
2010-03-25 09:54:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-25 09:54:35 ----D---- C:\Windows\inf
2010-03-24 09:05:45 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-24 06:20:33 ----D---- C:\Program Files\Mozilla Firefox
2010-03-24 03:00:37 ----D---- C:\Windows\winsxs
2010-03-24 03:00:36 ----D---- C:\Program Files\Internet Explorer
2010-03-24 02:07:21 ----D---- C:\Windows\system32\catroot
2010-03-23 12:36:35 ----D---- C:\Windows
2010-03-23 04:35:06 ----D---- C:\Windows\system32\catroot2
2010-03-23 04:34:46 ----HD---- C:\ProgramData
2010-03-22 01:30:15 ----D---- C:\Windows\Minidump
2010-03-18 18:00:55 ----SHD---- C:\Windows\Installer
2010-03-18 18:00:22 ----D---- C:\Windows\system32\drivers
2010-03-18 03:44:31 ----D---- C:\Users\harrisjc\AppData\Roaming\Skype
2010-03-18 00:05:02 ----D---- C:\Users\harrisjc\AppData\Roaming\skypePM
2010-03-16 17:37:59 ----D---- C:\Program Files\Picasa2
2010-03-16 06:52:03 ----SD---- C:\Windows\Downloaded Program Files
2010-03-14 12:01:02 ----D---- C:\Windows\system
2010-03-12 01:38:08 ----A---- C:\Windows\system32\avgrsstx.dll
2010-03-12 01:37:26 ----D---- C:\Program Files\AVG
2010-03-12 01:35:23 ----SD---- C:\Users\harrisjc\AppData\Roaming\Microsoft
2010-03-11 04:22:48 ----D---- C:\Program Files\Windows Mail
2010-03-11 04:22:48 ----D---- C:\Program Files\Movie Maker
2010-03-01 23:30:12 ----A---- C:\Windows\system32\mrt.exe
2010-02-24 10:16:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-24 04:36:59 ----D---- C:\Windows\rescache
2010-02-24 04:17:58 ----D---- C:\Windows\system32\en-US
2010-02-24 04:17:48 ----RSD---- C:\Windows\Fonts
2010-02-23 11:35:34 ----D---- C:\Program Files\Common Files
2010-02-23 04:22:53 ----D---- C:\Windows\twain_32
2010-02-04 01:12:56 ----D---- C:\Program Files\Google
2010-01-27 10:24:21 ----D---- C:\Users\harrisjc\AppData\Roaming\Real
2010-01-22 04:16:47 ----D---- C:\Windows\system32\migration
2010-01-19 00:52:38 ----D---- C:\Windows\PolicyDefinitions
2010-01-18 23:13:44 ----D---- C:\Windows\system32\zh-TW
2010-01-18 23:13:44 ----D---- C:\Windows\system32\zh-HK
2010-01-18 23:13:44 ----D---- C:\Windows\system32\tr-TR
2010-01-18 23:13:44 ----D---- C:\Windows\system32\sv-SE
2010-01-18 23:13:44 ----D---- C:\Windows\system32\pt-BR
2010-01-18 23:13:44 ----D---- C:\Windows\system32\nl-NL
2010-01-18 23:13:44 ----D---- C:\Windows\system32\nb-NO
2010-01-18 23:13:44 ----D---- C:\Windows\system32\ko-KR
2010-01-18 23:13:44 ----D---- C:\Windows\system32\it-IT
2010-01-18 23:13:44 ----D---- C:\Windows\system32\he-IL
2010-01-18 23:13:44 ----D---- C:\Windows\system32\fr-FR
2010-01-18 23:13:44 ----D---- C:\Windows\system32\fi-FI
2010-01-18 23:13:44 ----D---- C:\Windows\system32\es-ES
2010-01-18 23:13:44 ----D---- C:\Windows\system32\el-GR
2010-01-18 23:13:44 ----D---- C:\Windows\system32\de-DE
2010-01-18 23:13:44 ----D---- C:\Windows\system32\da-DK
2010-01-18 23:13:44 ----D---- C:\Windows\system32\ar-SA
2010-01-18 01:02:13 ----SD---- C:\ProgramData\Microsoft
2010-01-08 13:24:10 ----D---- C:\Windows\system32\RTCOM
2010-01-08 13:19:31 ----A---- C:\Windows\DIFxAPI.dll
2010-01-08 06:00:54 ----D---- C:\ProgramData\Real
2010-01-08 06:00:09 ----D---- C:\Program Files\Common Files\Real
2010-01-08 05:59:19 ----A---- C:\Windows\system32\pncrt.dll
2010-01-07 21:03:50 ----D---- C:\Users\harrisjc\AppData\Roaming\TOSHIBA
2010-01-02 15:27:16 ----D---- C:\Users\harrisjc\AppData\Roaming\SecondLife
2009-12-31 17:48:12 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-12-31 15:46:41 ----D---- C:\Program Files\MP3MyMP3 3.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-03-12 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-03-12 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-03-12 360584]
R2 pnarp;Pure Networks Device Discovery Driver; C:\Windows\system32\DRIVERS\pnarp.sys [2009-04-07 24880]
R2 purendis;Pure Networks Wireless Driver; C:\Windows\system32\DRIVERS\purendis.sys [2009-04-07 26416]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 X4HSX32;X4HSX32; \??\C:\Program Files\GameTap Web Player\bin\Release\X4HSX32.Sys [2009-12-21 24576]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-09-29 4450816]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-12-20 234016]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]
R3 scramby;Scramby Microphone; C:\Windows\system32\drivers\scramby.sys [2007-02-13 25896]
R3 scramby_out;Scramby Output; C:\Windows\system32\drivers\scramby_out.sys [2007-08-08 23840]
R3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\Windows\system32\drivers\ScreamingBAudio.sys [2009-12-01 34384]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-18 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IO_Memory;IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys []
S3 L6UX1;Service - Line 6 UX1; C:\Windows\System32\Drivers\L6UX1.sys [2009-07-07 532992]
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-22 7680]
S3 MotDev;Motorola Inc. USB Device; C:\Windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\Windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver; C:\Windows\System32\Drivers\nx6000.sys [2009-03-17 30560]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 PAC207;PC Camer@; C:\Windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ; C:\Windows\system32\DRIVERS\PTDMBus.sys [2007-08-17 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ; C:\Windows\system32\DRIVERS\PTDMMdm.sys [2007-08-17 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ; C:\Windows\system32\DRIVERS\PTDMVsp.sys [2007-08-17 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver; C:\Windows\system32\DRIVERS\PTDMWWAN.sys [2007-08-17 59520]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016]
S3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2009-09-11 35592]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2006-11-09 219264]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2006-11-09 211072]
S4 KR3NPXP;KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [2007-01-03 479488]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-09-29 733184]
R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-03-12 906520]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-12 285392]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 97432]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1181328]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2009-04-07 642856]
R2 pinger;pinger; C:\Toshiba\IVP\ISM\pinger.exe [2007-01-25 136816]
R2 ScrambyServer;Scramby Server; C:\Program Files\RapidSolution\Scramby\ScrambyServer.exe [2008-02-15 675840]
R2 Swupdtmr;Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [2007-01-25 63096]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-08-01 77824]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2007-03-29 427576]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-27 135664]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 GameConsoleService;GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [2009-08-27 238328]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-22 1862144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 OIservice;OIservice; C:\Program Files\OpenIndexer 3\Service\OIserver.exe [2009-11-10 3283456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2009-11-27 69120]

-----------------EOF-----------------

dangerfield
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-03-28
OS : Vista 32

View user profile

Back to top Go down

Re: DNS Redirect Trojan?

Post by Belahzur on Mon Mar 29, 2010 12:24 am

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: DNS Redirect Trojan?

Post by dangerfield on Mon Mar 29, 2010 12:33 am

OTL logfile created on: 3/28/2010 6:27:03 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\harrisjc\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 21.58 Gb Free Space | 19.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOPUSMAXIMUS
Current User Name: harrisjc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/28 18:26:25 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\harrisjc\Desktop\OTL.exe
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/12 01:38:01 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/12 01:38:00 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/12 01:38:00 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/12 01:38:00 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/12 01:37:53 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/03/12 01:37:41 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/12 01:37:38 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/04 10:17:21 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/27 16:14:13 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/08 05:59:15 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/07 16:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/04/07 16:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/12/11 16:28:10 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/14 10:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008/06/10 05:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/02/15 13:08:56 | 000,675,840 | ---- | M] (RapidSolution Software AG) -- C:\Program Files\RapidSolution\Scramby\ScrambyServer.exe
PRC - [2007/12/10 20:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
PRC - [2007/10/29 07:02:38 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/09 20:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/08/01 15:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/07/20 21:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/06/19 16:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/06/15 22:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007/04/25 11:41:34 | 000,341,512 | ---- | M] (Oki Data Corporation) -- C:\Program Files\Okidata\OKI B2000 Series Status Monitor\OPSTM050.EXE
PRC - [2007/04/13 10:20:22 | 000,097,432 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/03/29 11:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 11:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2007/01/25 18:50:26 | 000,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/25 18:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/03/28 18:26:25 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\harrisjc\Desktop\OTL.exe
MOD - [2010/03/12 01:38:08 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/01/19 01:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/12 01:37:41 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/03/12 01:37:38 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/04 10:17:21 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/27 15:42:45 | 000,069,120 | ---- | M] (BOONTY) [Disabled | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2009/11/10 11:38:38 | 003,283,456 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenIndexer 3\Service\OIserver.exe -- (OIservice)
SRV - [2009/08/27 12:28:00 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/04/07 16:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/02/15 13:08:56 | 000,675,840 | ---- | M] (RapidSolution Software AG) [Auto | Running] -- C:\Program Files\RapidSolution\Scramby\ScrambyServer.exe -- (ScrambyServer)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/22 14:03:19 | 001,862,144 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2007/08/01 15:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/04/13 10:20:22 | 000,097,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/03/29 11:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/01/25 18:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 18:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/03/12 01:38:26 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/12 01:38:26 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 01:38:07 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/12/21 17:32:14 | 000,024,576 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\GameTap Web Player\bin\release\X4HSX32.sys -- (X4HSX32)
DRV - [2009/12/20 11:53:32 | 000,234,016 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/12/02 07:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/12/01 15:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/09/29 22:19:20 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/09/11 13:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/07/07 16:00:36 | 000,532,992 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L6UX1.sys -- (L6UX1)
DRV - [2009/06/10 06:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/04/07 16:33:08 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/04/07 16:33:08 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/03/17 12:24:06 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/02/13 18:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2008/01/18 23:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/11/02 15:36:10 | 000,018,176 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/10/10 17:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)
DRV - [2007/08/17 19:56:46 | 000,059,520 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMWWAN.sys -- (PTDMWWAN)
DRV - [2007/08/17 19:56:40 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMVsp.sys -- (PTDMVsp)
DRV - [2007/08/17 19:56:38 | 000,041,856 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMMdm.sys -- (PTDMMdm)
DRV - [2007/08/17 19:56:34 | 000,029,952 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDMBus.sys -- (PTDMBus)
DRV - [2007/08/10 14:49:16 | 001,941,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/08 08:31:16 | 000,023,840 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\scramby_out.sys -- (scramby_out)
DRV - [2007/08/01 15:37:20 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/03/28 08:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007/03/21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/13 17:41:26 | 000,025,896 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\scramby.sys -- (scramby)
DRV - [2007/01/23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/22 19:33:00 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2007/01/03 02:43:19 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/11/28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 00:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 16:32:28 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 16:31:46 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 03:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 03:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/30 12:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006/10/23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?hl=en&shva=1#inbox"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.3.0.57
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57
FF - prefs.js..extensions.enabledItems: {7CEA821D-3DAB-4238-B424-BF7324531750}:0.4.9

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/12 01:37:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/24 06:20:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/28 18:10:08 | 000,000,000 | ---D | M]

[2008/08/26 10:06:08 | 000,000,000 | ---D | M] -- C:\Users\harrisjc\AppData\Roaming\Mozilla\Extensions
[2010/03/27 21:24:40 | 000,000,000 | ---D | M] -- C:\Users\harrisjc\AppData\Roaming\Mozilla\Firefox\Profiles\bzh7c7u3.default\extensions
[2009/06/25 12:14:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\harrisjc\AppData\Roaming\Mozilla\Firefox\Profiles\bzh7c7u3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/18 11:47:49 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\harrisjc\AppData\Roaming\Mozilla\Firefox\Profiles\bzh7c7u3.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/03/20 11:19:41 | 000,000,000 | ---D | M] (Noscript) -- C:\Users\harrisjc\AppData\Roaming\Mozilla\Firefox\Profiles\bzh7c7u3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/03/23 05:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\harrisjc\AppData\Roaming\Mozilla\Firefox\Profiles\bzh7c7u3.default\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
[2010/03/15 16:23:31 | 000,000,000 | ---D | M] -- C:\Users\harrisjc\AppData\Roaming\Mozilla\Firefox\Profiles\bzh7c7u3.default\extensions\GameTapPlayer@gametap.com
[2008/02/12 10:36:32 | 000,002,386 | ---- | M] () -- C:\Users\harrisjc\AppData\Roaming\Mozilla\Firefox\Profiles\bzh7c7u3.default\searchplugins\siteadvisor.xml
[2010/03/28 18:10:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/15 20:45:56 | 000,416,584 | ---- | M] (Lala Media) -- C:\Program Files\Mozilla Firefox\plugins\nplalaDl.dll
[2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\harrisjc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} [You must be registered and logged in to see this link.] (GameTap Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: ActiveGS.cab [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.2.1
O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\harrisjc\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\harrisjc\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/28 18:26:22 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\harrisjc\Desktop\OTL.exe
[2010/03/28 18:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/28 18:10:08 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/28 18:10:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/28 18:10:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/28 18:05:20 | 000,923,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\harrisjc\Desktop\jxpiinstall.exe
[2010/03/28 17:38:42 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/27 21:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\kSolo
[2010/03/23 12:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Babya VST Studio
[2010/03/23 12:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\ashost
[2010/03/23 12:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\AirRack
[2010/03/18 18:02:20 | 000,000,000 | ---D | C] -- C:\Users\harrisjc\AppData\Roaming\Screaming Bee
[2010/03/18 17:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\Screaming Bee
[2010/03/18 17:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2010/03/18 17:09:29 | 000,000,000 | ---D | C] -- C:\Users\harrisjc\AppData\Local\Scramby Recordings
[2010/03/18 17:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\RapidSolution
[2010/03/15 16:25:02 | 000,000,000 | ---D | C] -- C:\Users\harrisjc\AppData\Local\Yummy
[2010/03/15 16:24:09 | 000,291,696 | ---- | C] (Yummy Interactive, Inc.) -- C:\Windows\System32\YSys.dll
[2010/03/15 16:24:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\hwswchecker
[2010/03/15 16:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\GameTap Web Player
[2010/03/15 16:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\GameTap Web Player
[2010/03/14 20:57:30 | 000,000,000 | ---D | C] -- C:\Users\harrisjc\Desktop\STM Degree
[2010/03/14 12:01:01 | 000,000,000 | ---D | C] -- C:\PSP
[2010/03/14 11:57:43 | 000,019,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\CTL3D.DLL
[2010/03/13 15:49:39 | 000,000,000 | ---D | C] -- C:\Program Files\Free WMA to MP3 Converter
[2010/03/13 03:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\Downfall Demo
[2010/03/12 01:38:46 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/12 01:38:07 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/03/12 01:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/03/11 04:00:40 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/11 04:00:38 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/03/02 23:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2010/02/28 12:45:03 | 000,000,000 | ---D | C] -- C:\Users\harrisjc\AppData\Roaming\PACE Anti-Piracy
[2010/02/28 12:45:03 | 000,000,000 | ---D | C] -- C:\Users\harrisjc\AppData\Local\PACE Anti-Piracy
[2010/02/27 22:36:22 | 000,000,000 | ---D | C] -- C:\Users\harrisjc\AppData\Roaming\Line 6
[2010/02/26 20:17:26 | 000,000,000 | ---D | C] -- C:\Users\harrisjc\Documents\Ableton
[2010/02/26 20:17:26 | 000,000,000 | ---D | C] -- C:\Users\harrisjc\AppData\Roaming\Ableton
[2010/02/26 20:14:14 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\ReWire.dll
[2010/02/26 20:14:14 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010/02/26 20:14:14 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\REX Shared Library.dll
[2010/02/26 20:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Ableton
[2010/02/26 20:07:09 | 000,000,000 | ---D | C] -- C:\Users\harrisjc\Documents\Sonoma Wire Works
[2010/02/26 20:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonoma Wire Works
[2010/02/26 20:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sonoma Wire Works
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/28 18:27:04 | 004,718,592 | -HS- | M] () -- C:\Users\harrisjc\ntuser.dat
[2010/03/28 18:26:25 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\harrisjc\Desktop\OTL.exe
[2010/03/28 18:16:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/28 18:16:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/28 18:09:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/03/28 18:09:28 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/28 18:09:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/28 18:09:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/28 18:05:26 | 000,923,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\harrisjc\Desktop\jxpiinstall.exe
[2010/03/28 18:05:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1858452836-573578192-3099488731-1000UA.job
[2010/03/28 17:47:49 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/28 17:47:49 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/28 17:37:41 | 000,781,909 | ---- | M] () -- C:\Users\harrisjc\Desktop\RSIT.exe
[2010/03/28 14:30:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/03/28 07:49:27 | 000,023,436 | ---- | M] () -- C:\Users\harrisjc\Desktop\sermon march 28 2010.odt
[2010/03/28 05:57:41 | 058,110,411 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/27 23:05:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1858452836-573578192-3099488731-1000Core.job
[2010/03/27 21:13:30 | 001,185,512 | ---- | M] () -- C:\Users\harrisjc\Desktop\kSolo_Install1_2_1_41FF.exe
[2010/03/27 19:33:21 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/03/27 19:31:49 | 000,524,288 | -HS- | M] () -- C:\Users\harrisjc\ntuser.dat{3d905713-7649-11dd-990e-0016448bbd8e}.TMContainer00000000000000000001.regtrans-ms
[2010/03/27 19:31:49 | 000,065,536 | -HS- | M] () -- C:\Users\harrisjc\ntuser.dat{3d905713-7649-11dd-990e-0016448bbd8e}.TM.blf
[2010/03/27 19:31:28 | 002,987,633 | -H-- | M] () -- C:\Users\harrisjc\AppData\Local\IconCache.db
[2010/03/27 15:44:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/25 09:54:36 | 000,703,448 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/25 09:54:36 | 000,604,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/25 09:54:36 | 000,105,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/25 09:48:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/23 13:00:33 | 000,002,845 | ---- | M] () -- C:\Windows\rackdata5.ini
[2010/03/22 01:30:08 | 247,388,999 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/14 11:57:43 | 000,019,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System\CTL3D.DLL
[2010/03/12 01:38:26 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/12 01:38:26 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/12 01:38:20 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/03/12 01:38:08 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/12 01:38:07 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/03/12 01:38:07 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/03/02 23:59:01 | 000,000,032 | ---- | M] () -- C:\Windows\GearBox.ini
[2010/02/27 12:12:15 | 000,005,670 | ---- | M] () -- C:\Windows\unins000.dat
[2010/02/27 12:09:49 | 000,695,642 | ---- | M] () -- C:\Windows\unins000.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/28 17:37:38 | 000,781,909 | ---- | C] () -- C:\Users\harrisjc\Desktop\RSIT.exe
[2010/03/28 07:10:11 | 000,023,436 | ---- | C] () -- C:\Users\harrisjc\Desktop\sermon march 28 2010.odt
[2010/03/27 21:13:25 | 001,185,512 | ---- | C] () -- C:\Users\harrisjc\Desktop\kSolo_Install1_2_1_41FF.exe
[2010/03/23 12:36:35 | 000,002,845 | ---- | C] () -- C:\Windows\rackdata5.ini
[2010/03/14 12:01:01 | 000,030,048 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2010/03/02 23:59:01 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini
[2010/02/27 12:12:14 | 000,695,642 | ---- | C] () -- C:\Windows\unins000.exe
[2010/02/27 12:12:14 | 000,005,670 | ---- | C] () -- C:\Windows\unins000.dat
[2010/02/23 11:37:16 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2010/01/17 18:19:43 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/12/03 10:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/25 11:56:56 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/11/19 23:20:05 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/28 16:13:39 | 000,000,680 | ---- | C] () -- C:\Users\harrisjc\AppData\Local\d3d9caps.dat
[2008/05/05 15:18:55 | 000,026,340 | ---- | C] () -- C:\Users\harrisjc\AppData\Roaming\UserTile.png
[2008/04/22 06:50:11 | 000,000,096 | ---- | C] () -- C:\Users\harrisjc\AppData\Local\fusioncache.dat
[2008/04/20 13:51:55 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2008/01/12 22:43:01 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/01/12 21:48:27 | 000,001,356 | ---- | C] () -- C:\Users\harrisjc\AppData\Roaming\wklnhst.dat
[2008/01/12 16:17:22 | 000,036,864 | ---- | C] () -- C:\Users\harrisjc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/26 00:02:54 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2007/08/22 14:33:11 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/08/22 14:18:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/08/22 14:18:54 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/08/22 14:18:54 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/08/22 14:18:54 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/08/22 14:18:54 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/08/22 14:18:54 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/08/22 13:49:10 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/08/22 13:49:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/08/22 13:49:10 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/08/22 13:49:10 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/08/22 13:45:08 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/07/28 00:26:30 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
< End of report >

dangerfield
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-03-28
OS : Vista 32

View user profile

Back to top Go down

Re: DNS Redirect Trojan?

Post by dangerfield on Mon Mar 29, 2010 12:33 am

OTL Extras logfile created on: 3/28/2010 6:27:03 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\harrisjc\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 21.58 Gb Free Space | 19.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOPUSMAXIMUS
Current User Name: harrisjc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C6D015-F88B-46D0-909C-A34687C62F48}" = rport=137 | protocol=17 | dir=out | app=system |
"{05F36A78-F88A-4E57-A9BF-6449FB6263E3}" = lport=137 | protocol=17 | dir=in | app=system |
"{1F00E665-C2C4-4723-845C-AF15C212CF08}" = lport=138 | protocol=17 | dir=in | app=system |
"{3E026C1E-1D20-42C3-BFFD-8D7D5B8E30F9}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{55E6C018-82FE-4841-ADFC-D3A6452F4444}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{584CA213-7E5B-4E90-85A8-09F56DAFB04B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{87D2ACD1-E557-4DF3-B931-B9790FD9F2EC}" = rport=445 | protocol=6 | dir=out | app=system |
"{B86C3039-4D51-4CE6-BD5C-E2FE6496A15C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{DCF6E67D-D0D8-455A-9662-305438EFDDD4}" = rport=139 | protocol=6 | dir=out | app=system |
"{EDE06DD1-1E6E-49B1-9C81-951ABA37891B}" = rport=138 | protocol=17 | dir=out | app=system |
"{EF9935E0-F54D-49C5-BBEA-AD4EF6858DC9}" = lport=139 | protocol=6 | dir=in | app=system |
"{EFBD2FFF-63B2-48C0-8304-74BB6B0869EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{F312507E-5297-43AF-A98A-9E036B984E61}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022E3DFC-AA77-47DB-AAC3-B7C0DE25179F}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{08755970-A6FB-4F89-B2F3-9EA0FD11ED3F}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{0DE11528-2140-4454-A8CD-71ED2C640404}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0F5DF929-99D0-47F9-A0DC-E8025A80205A}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{136A45AA-4B61-4D0F-8A33-FDF20629E747}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{193BDB2B-BC12-4257-B05D-1B2B8F49C80E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1A6F8095-C135-4447-B66A-464B6BA13661}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{1AF46A98-6A78-4B22-AB6F-423062EAB639}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1BDE2DFE-9ED7-4ABB-8CBF-0A7E9F3F056D}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{1CD0AEB5-2353-42ED-BFEB-914913D7861E}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{25923AB2-6EF0-4D96-AF32-EA26C0925CF2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2812CAE7-8FC2-48AC-831D-75EED44F2DD1}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{2985C1F3-A0B0-45DB-ADC2-9A9AEF9EBA09}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{2E620C46-7332-4325-89D0-F255AB543221}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{2EEC6EE9-9603-49FA-9C4F-2A9D65D50324}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{3A59F030-7E85-42B1-AE16-691472690191}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{3B93D685-1F7E-4FD0-BB01-8BAF8E903DD4}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{3C95648D-BF95-4BBE-A164-4EBBDE96A3D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A3A270E-8CD6-4891-9405-FD96E79EDFFC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4D15E454-AF55-4E30-865E-7716C82227DC}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{4D87AA90-9A8F-4735-B169-70B9D1E8F2D9}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{4E021791-65ED-48A2-86FA-D2522D1091A7}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{5342BAED-CCD8-41A2-B4D9-CC65084DE4E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D1C66E5-E760-4D4F-B2EE-67357E2AFCB1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5FFAD868-48AF-4236-9CD0-022DF97293CF}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{6011918D-3B6A-42EA-9F03-5ED152FFE2BF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{619952BC-C840-433B-9D6B-5443323282E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75FCF9AC-2A4B-47E3-B6EC-00563735274C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{770F0C20-323D-4172-AC78-BC5045C8537A}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{7871C135-7B72-40D5-96A5-2D3D599E0604}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{7EFECAC3-D23F-4661-8E2A-471B9B614786}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gnucash-bin.exe |
"{7FF75B83-E000-4981-8FB6-65284FB16656}" = protocol=6 | dir=in | app=c:\windows\temp\~os8814.tmp\rlvknlg.exe |
"{90AA8288-2C84-45B9-94A5-6017B6CEAF8F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{99D866E0-F02C-4519-9335-FC6F2468FE57}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gnucash-bin.exe |
"{9D4FA43D-71A4-4526-A8D4-98CB86152A92}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9E178D2F-F659-40A6-905F-3822ABD30A89}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A20A84A6-46EE-4CF2-841E-0B2FB6247AF4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2D67254-7E75-472E-BC3E-636E54356B90}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{A542257B-E498-4EEC-8479-A9E3765D66CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A726FD77-E74B-4114-9C37-7EAB656A870B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{A86E3581-7E93-4125-A1A2-F427A63234E1}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.3.9183-to-3.0.8.9464-enus-downloader.exe |
"{AED5FB55-605E-4432-9995-DA47641BB745}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe |
"{B2235B53-0871-4FE5-AD84-D712A2D24880}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{C5F329CB-DFC5-4534-8837-3C0B2635FC0E}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe |
"{C6DACBC9-99FA-4EEA-8E38-473EB55FAA8B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7AEA343-9784-4926-B18A-5D9EF3A22CE1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CCF7C8B4-508E-4E2E-8E2E-9410393D8022}" = protocol=6 | dir=in | app=c:\windows\temp\~os7cf5.tmp\rlvknlg.exe |
"{D07A2014-B31E-488C-98E9-BDC8E4BE96BA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{D830862A-E664-4BBE-AE2C-FC1DE6148AD0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{D8ECED7B-8E6D-4612-8A49-35988F174DD2}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{DB3D2A4E-53B2-4A0A-BDC5-D86E207A1C71}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{DD997BCB-1B61-45FD-BB9B-70E556B7E1D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0C56AF9-D8E6-4F62-9C36-3EDE7DE4A856}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E72520B6-9AE7-461A-A6B8-1057CB704924}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{E8CB8AB1-57E3-4C88-9B04-8A810D2994CA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.3.9183-to-3.0.8.9464-enus-downloader.exe |
"{F4685846-9BDB-4490-9670-D6DA6FBE8470}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F94255EE-E69C-4080-A941-9B0511429D64}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"TCP Query User{08D65E8C-8C2F-48FD-A0A4-858666E99871}C:\program files\flightgear\bin\win32\terrasync.exe" = protocol=6 | dir=in | app=c:\program files\flightgear\bin\win32\terrasync.exe |
"TCP Query User{116ECA6F-99A7-4A4A-A0A0-3A41A4AE86B0}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{22B45D81-AC70-442F-8A9C-407EAA45AFFE}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{29C4D91E-C72C-492E-8C97-AFDFF430E7C8}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{2C93876E-A598-4E02-A60A-A9B176F5EF5D}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{39096B7F-CC19-4FB3-9BC0-45C6AC325124}C:\users\harrisjc\appdata\local\temp\blizzard launcher temporary - f3a35230\launcher.exe" = protocol=6 | dir=in | app=c:\users\harrisjc\appdata\local\temp\blizzard launcher temporary - f3a35230\launcher.exe |
"TCP Query User{5321C84E-F883-4272-A4C0-524D75981690}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{5D4668C6-5018-4C2B-BD8F-A351A1A08710}C:\program files\gametap web player\bin\release\gametapplayer.exe" = protocol=6 | dir=in | app=c:\program files\gametap web player\bin\release\gametapplayer.exe |
"TCP Query User{619EE0A3-B735-4DF5-99C5-7F1B3BD9B074}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{90B1131B-4C70-4D93-8D44-E0D690C51E85}C:\users\harrisjc\appdata\local\temp\blizzard launcher temporary - 27d8fea8\launcher.exe" = protocol=6 | dir=in | app=c:\users\harrisjc\appdata\local\temp\blizzard launcher temporary - 27d8fea8\launcher.exe |
"TCP Query User{A229D0F3-B2E4-4F0A-831F-709D044E7E07}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{A4366674-5771-4B31-8F67-5E078F8A8AA7}C:\program files\ventsrv\ventrilo_srv.exe" = protocol=6 | dir=in | app=c:\program files\ventsrv\ventrilo_srv.exe |
"TCP Query User{CA5658DB-A593-47BF-8DF6-548F3079C34A}C:\program files\gametap\bin\release\gametap.exe" = protocol=6 | dir=in | app=c:\program files\gametap\bin\release\gametap.exe |
"TCP Query User{DA6A486B-2B5B-48DE-8DB2-2F642DCF8E67}C:\windows\system32\[You must be registered and logged in to see this link.] = protocol=6 | dir=in | app=c:\windows\system32\[You must be registered and logged in to see this link.] |
"TCP Query User{E6AE6A05-52E0-4C9C-9903-7FC3A6519224}C:\program files\ejamming\ejammingaudiio\ejammingaudiio.exe" = protocol=6 | dir=in | app=c:\program files\ejamming\ejammingaudiio\ejammingaudiio.exe |
"TCP Query User{ECD51AEA-CDA0-4B2E-A2E1-2EE903EE4057}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{EF0ACFCE-2BBE-4703-8D47-BA92A856C390}C:\users\harrisjc\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\harrisjc\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{FB78118C-9235-40B5-A890-80D604777A9F}C:\program files\slim\slim.exe" = protocol=6 | dir=in | app=c:\program files\slim\slim.exe |
"UDP Query User{0D5475AB-2AEC-4D38-9DE8-962B835D726A}C:\program files\ventsrv\ventrilo_srv.exe" = protocol=17 | dir=in | app=c:\program files\ventsrv\ventrilo_srv.exe |
"UDP Query User{1AFA6E08-E2C0-4D10-8830-351189155E43}C:\windows\system32\[You must be registered and logged in to see this link.] = protocol=17 | dir=in | app=c:\windows\system32\[You must be registered and logged in to see this link.] |
"UDP Query User{2F3C28A7-8D31-4662-B551-6985A562666D}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{3C1BDFF6-45EE-4810-8D87-092E8224C0C1}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{55BEFA8C-904E-4869-AAA8-0320DE9AF40C}C:\program files\gametap\bin\release\gametap.exe" = protocol=17 | dir=in | app=c:\program files\gametap\bin\release\gametap.exe |
"UDP Query User{652FDFA9-4678-479A-90FF-491F32E6AC89}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{7118571A-E8B8-4228-B034-33618D4AC21A}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{92E98422-BA0B-4BD3-9559-0F4951CA908C}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{95BC8E1C-1686-43A6-BEEC-BDAD41F91B12}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{A20D9455-071F-4BA6-A427-3EDB34C9BB5F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{B2D6B943-7763-4091-9CAE-712A431C49C1}C:\users\harrisjc\appdata\local\temp\blizzard launcher temporary - f3a35230\launcher.exe" = protocol=17 | dir=in | app=c:\users\harrisjc\appdata\local\temp\blizzard launcher temporary - f3a35230\launcher.exe |
"UDP Query User{C109E9FF-E94B-4CDE-8DB4-B4AC93028676}C:\program files\slim\slim.exe" = protocol=17 | dir=in | app=c:\program files\slim\slim.exe |
"UDP Query User{C69112E9-7F7C-4CA3-B60D-65F279EBFD26}C:\users\harrisjc\appdata\local\temp\blizzard launcher temporary - 27d8fea8\launcher.exe" = protocol=17 | dir=in | app=c:\users\harrisjc\appdata\local\temp\blizzard launcher temporary - 27d8fea8\launcher.exe |
"UDP Query User{CC3A506A-FCB8-42AE-B17C-2D5E0A1FC252}C:\program files\gametap web player\bin\release\gametapplayer.exe" = protocol=17 | dir=in | app=c:\program files\gametap web player\bin\release\gametapplayer.exe |
"UDP Query User{CCD8A49A-E6EF-4099-A589-AA1AF4E1F2BB}C:\program files\ejamming\ejammingaudiio\ejammingaudiio.exe" = protocol=17 | dir=in | app=c:\program files\ejamming\ejammingaudiio\ejammingaudiio.exe |
"UDP Query User{E7F3730D-9014-4EF8-A655-E4D5D6E336CA}C:\users\harrisjc\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\harrisjc\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{E813B1C0-67F7-43CE-AA04-976845A64C8F}C:\program files\flightgear\bin\win32\terrasync.exe" = protocol=17 | dir=in | app=c:\program files\flightgear\bin\win32\terrasync.exe |
"UDP Query User{F9915FC3-E84B-44DC-8478-3C10EC22BC3C}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{08E264F0-E675-8E6D-0042-8741FD41E654}" = ATI Catalyst Install Manager
"{093C982A-E1CB-6D32-5FAD-DCE8EA8F86FA}" = ccc-core-static
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15AE34F8-75D2-3820-825B-C9369549540C}" = CCC Help Japanese
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19991EAD-C273-47EB-87E8-0D274925230B}" = OEB Resource Driver
"{1C13AA79-3D17-3A4C-21E7-E28AE817F5CA}" = Catalyst Control Center Graphics Full Existing
"{1FB6ACCC-93CA-7E6F-FD4C-414BD705BD0D}" = CCC Help Greek
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{262C64D1-6C62-4707-808D-861C82EBBF73}" = Scramby
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2716545E-47C8-6D1C-5182-A882BE07D2B4}" = CCC Help Russian
"{2A2B2DC2-BF12-D4C3-386D-5FBF8805B129}" = CCC Help Thai
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{2D4D2CB9-77D4-92B7-B6CA-1594FA4FBE31}" = CCC Help Swedish
"{2D61AC21-C1AA-1AE9-0B1C-B9B4AEDCBDA1}" = CCC Help Danish
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2F28AC61-6096-4E4D-9DBF-9940FD018789}_is1" = Downfall Demo v14
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{35639F85-BC62-499A-5E3A-48E3F770131A}" = Catalyst Control Center Graphics Previews Vista
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{41C55712-EC7E-DCD4-4E4E-52BA481B4FFC}" = Catalyst Control Center HydraVision Full
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{470E48DD-CC64-848E-FE2A-321741ED3D63}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F9902F1-D910-4CE4-BAD1-D3A8C1B12B2A}" = Demo Virtual EVE
"{51AFB69C-1C54-4C77-A888-2860F8CD3E7D}" = Paint.NET v3.31
"{53AE0DC7-C66C-06C7-4C02-2D7ED00B6376}" = CCC Help French
"{57EC955B-E2D2-A726-1E32-C343757F2021}" = YNAB 3
"{5815C3A7-F712-8112-DB89-720AF9270808}" = CCC Help Spanish
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5BA1D11C-B981-4CAA-B2B5-B8ADF413EBA5}" = Pure Networks Platform
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E8B2EC6-9B3B-D4D3-2DD0-1F0F6F07E193}" = Catalyst Control Center Graphics Light
"{5F81DD84-6A2F-11D4-903E-00E0293397B7}" = Bible Data Type System Files
"{5F81DD89-6A2F-11D4-903E-00E0293397B7}" = Common System Files
"{5F81DD92-6A2F-11D4-903E-00E0293397B7}" = Libronix Digital Library System
"{5F81DD97-6A2F-11D4-903E-00E0293397B7}" = Libronix DLS Application
"{5F81DD9B-6A2F-11D4-903E-00E0293397B7}" = LibronixUpdate
"{5F81DD9F-6A2F-11D4-903E-00E0293397B7}" = LLS Resource Driver
"{5F81DDA3-6A2F-11D4-903E-00E0293397B7}" = PDF Resource Driver
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6BBBF237-A114-48E6-BBD0-A52BEF9CCFB2}" = Cisco Network Magic
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CCD966D-096B-92CE-BDC3-C0324818CA3B}" = ccc-utility
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver
"{72CB5335-6D2A-4207-B811-6CB6C6925039}" = Batch Update
"{755F77D1-717E-4D7D-BF21-D3EB63906365}" = Winbond CIR Device Drivers
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7AF6E3E3-F22C-E45A-4506-2EFCE136B7A1}" = CCC Help Czech
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7B937101-FD85-4CA9-9176-ADA6492314AF}" = ArcSoft WebCam Companion 3
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8429A3E7-F308-47D5-9025-9823848D724C}" = Lala Music Mover
"{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1" = GameTap Web Player
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E4F58E4-2F7F-E8E3-47B0-54966E9F6A2B}" = CCC Help Polish
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92A188E7-5658-0DD8-97FB-CD1B53A3642A}" = Skins
"{92E229B8-4B31-4A5F-A6A3-A7FDC87570CC}" = K-Tuner
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{958163CC-B654-BE07-152A-00F1275C0C8C}" = Catalyst Control Center Graphics Full New
"{97A0D4C6-0C5E-1DA0-F44D-FC849DF7BE7B}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E3A95C9-F46B-A65C-A9FC-0E91C8FEC472}" = Catalyst Control Center Core Implementation
"{9FA264A1-65E0-1D70-1AE7-0D58D57DC2CF}" = CCC Help German
"{9FC4BEF6-C475-95F0-B9A2-9FC378B0104B}" = CCC Help Italian
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}" = TSP_CODEC
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC9BAC65-97AC-4F3F-23A0-706169424F59}" = Catalyst Control Center InstallProxy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29B0066-547B-402c-9C0D-090E2F928A01}" = PANTECH PC USB Modem Software
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE32AA46-9A6B-6879-F12A-AD1D7A01EBB8}" = CCC Help Finnish
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C88A014F-9E12-CE28-BF50-961B9236A9AC}" = Catalyst Control Center Graphics Previews Common
"{C99EB033-C7F4-28DB-49CB-5BCEA12CE903}" = CCC Help Turkish
"{CA0AF735-4583-413E-897F-E91A237EE2E1}" = Libronix DLS Shortcuts
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC351B44-5610-43C5-81E6-A2C760CB0A20}" = Graphical Query Editor
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF4FA95B-209B-DA12-F43D-3B825CC1A440}" = CCC Help Korean
"{D1FE5F0C-B041-8BFC-01B4-43F3583B5C64}" = CCC Help Norwegian
"{D3F63246-BCDA-407E-9D65-C11A9A0DC201}" = OKI B2000 Series Status Monitor
"{D523D985-7E7D-4A06-BEB6-3F49131A118C}" = Motorola Software Update
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E0303B6A-C675-4102-95DA-C013625BFA99}" = GTA San Andreas
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E8C61FF1-9140-4571-81FB-C619F6E003E3}" = SLim
"{EBECDE89-4375-8303-F18F-001FE3FD1761}" = CCC Help Hungarian
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}" = MorphVOX Junior
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F39FA8E1-0200-0ABB-26A8-6B5022EED38B}" = CCC Help Dutch
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F5EEFCDD-79A7-0C50-9281-8AAEC00F97EB}" = CCC Help Chinese Traditional
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F754BE19-D1F4-335F-A388-FE23EFD6A543}" = CCC Help Portuguese
"{F96780B8-C287-73B6-4020-297DE0837385}" = CCC Help English
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AirRack_is1" = AirRack 1.0
"ASIO4ALL" = ASIO4ALL
"Atlas_is1" = Atlas 0.3.0
"Audacity_is1" = Audacity 1.2.6
"AURC_is1" = Audacity Recovery Utility
"AutoHotkey" = AutoHotkey 1.0.48.05
"AVG9Uninstall" = AVG Free 9.0
"Babya VST Studio_is1" = Babya VST Studio 1.0
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MP470 series User Registration" = Canon MP470 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1" = YNAB 3
"COP SET_is1" = COP SET 4.0
"db-audioware-Flying Haggis-1.0.1" = Flying Haggis 1.0.1
"Doom Shareware for Windows 95" = Doom Shareware for Windows 95
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Effective File Search" = Effective File Search 6.3
"Flight Simulator 8.0" = Microsoft Flight Simulator 2002
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"GoldWave v5.23" = GoldWave v5.23
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"Il-2 - Sturmovick_tdm_is1" = Il-2 - Sturmovick Downloader en
"IL-2 Sturmovik" = IL-2 Sturmovik
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"kSolo" = kSolo Recorder
"Libronix DLS" = Libronix Digital Library System
"Line 6 Uninstaller" = Line 6 Uninstaller
"Live 7.0.10" = Live 7.0.10
"Live 8.0.10" = Live 8.0.10
"MediaMonkey_is1" = MediaMonkey 3.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MP3MyMP3_is1" = MP3MyMP3 3.0
"Network MagicUninstall" = Network Magic
"OpenAL" = OpenAL
"OpenIndexer 3_is1" = OpenIndexer 3
"Paint Shop Pro" = Paint Shop Pro Shareware Version 3.12 - 32 Bit
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"QuickLink Mobile" = QuickLink Mobile
"Radegast" = Radegast
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"RiffWorks Line 6 Edition" = RiffWorks Line 6 Edition
"RiffWorks T4" = RiffWorks T4
"SecondLife" = SecondLife (remove only)
"Shred_is1" = Shred 1.06
"Studio Devil BVC_is1" = Studio Devil BVC 1.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Total Game Control_is1" = Total Game Control v3.6
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Winamp" = Winamp
"Windows Grep_is1" = Windows Grep 2.3
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"YNAB_Pro_is1" = YNAB Pro version 2.6.9.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5342f8881bb6366d" = METAbolt - 1
"53445cce1bb480d6" = METAbolt
"Google Chrome" = Google Chrome
"Indaba Console v2" = Indaba Console v2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/24/2010 7:36:30 PM | Computer Name = LaptopusMaximus | Source = Application Hang | ID = 1002
Description = The program o3find_wingui.exe version 0.8.2.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 106c Start Time: 01cab5a9f9f5b775 Termination Time: 2

Error - 2/24/2010 7:41:27 PM | Computer Name = LaptopusMaximus | Source = OIservice | ID = 0
Description =

Error - 2/26/2010 10:05:19 PM | Computer Name = LaptopusMaximus | Source = VSS | ID = 8194
Description =

Error - 2/26/2010 10:18:38 PM | Computer Name = LaptopusMaximus | Source = Windows Search Service | ID = 3013
Description =

Error - 2/26/2010 10:20:10 PM | Computer Name = LaptopusMaximus | Source = Windows Search Service | ID = 3013
Description =

Error - 2/26/2010 10:20:11 PM | Computer Name = LaptopusMaximus | Source = Windows Search Service | ID = 3013
Description =

Error - 2/26/2010 10:20:12 PM | Computer Name = LaptopusMaximus | Source = Windows Search Service | ID = 3013
Description =

Error - 2/26/2010 10:20:12 PM | Computer Name = LaptopusMaximus | Source = Windows Search Service | ID = 3013
Description =

Error - 2/26/2010 10:20:13 PM | Computer Name = LaptopusMaximus | Source = Windows Search Service | ID = 3013
Description =

Error - 2/26/2010 10:20:16 PM | Computer Name = LaptopusMaximus | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 5/30/2008 5:55:47 PM | Computer Name = LaptopusMaximus | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/3/2008 12:10:04 AM | Computer Name = LaptopusMaximus | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/28/2008 11:44:46 AM | Computer Name = LaptopusMaximus | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/16/2008 8:34:46 PM | Computer Name = LaptopusMaximus | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/29/2009 11:46:06 PM | Computer Name = LaptopusMaximus | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 11:06:43 PM | Computer Name = LaptopusMaximus | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/1/2010 1:08:48 PM | Computer Name = LaptopusMaximus | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/2/2010 10:41:52 AM | Computer Name = LaptopusMaximus | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/2/2010 10:41:59 AM | Computer Name = LaptopusMaximus | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/2/2010 10:50:32 AM | Computer Name = LaptopusMaximus | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 3/22/2010 3:30:39 AM | Computer Name = LaptopusMaximus | Source = HTTP | ID = 15016
Description =

Error - 3/22/2010 3:31:01 AM | Computer Name = LaptopusMaximus | Source = Service Control Manager | ID = 7000
Description =

Error - 3/22/2010 7:56:45 AM | Computer Name = LaptopusMaximus | Source = Service Control Manager | ID = 7011
Description =

Error - 3/23/2010 6:34:22 AM | Computer Name = LaptopusMaximus | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:31:07 AM on 3/23/2010 was unexpected.

Error - 3/23/2010 6:34:29 AM | Computer Name = LaptopusMaximus | Source = HTTP | ID = 15016
Description =

Error - 3/23/2010 6:35:16 AM | Computer Name = LaptopusMaximus | Source = Service Control Manager | ID = 7000
Description =

Error - 3/23/2010 1:55:17 PM | Computer Name = LaptopusMaximus | Source = Service Control Manager | ID = 7011
Description =

Error - 3/25/2010 11:48:05 AM | Computer Name = LaptopusMaximus | Source = HTTP | ID = 15016
Description =

Error - 3/25/2010 11:48:19 AM | Computer Name = LaptopusMaximus | Source = Service Control Manager | ID = 7000
Description =

Error - 3/27/2010 5:44:15 PM | Computer Name = LaptopusMaximus | Source = Service Control Manager | ID = 7011
Description =


< End of report >

dangerfield
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-03-28
OS : Vista 32

View user profile

Back to top Go down

Re: DNS Redirect Trojan?

Post by dangerfield on Mon Mar 29, 2010 1:31 am

Just for kicks, here is a log from Malwarebytes

Malwarebytes' Anti-Malware 1.44
Database version: 3925
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

3/28/2010 7:30:02 PM
mbam-log-2010-03-28 (19-30-02).txt

Scan type: Quick Scan
Objects scanned: 109074
Time elapsed: 6 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\components (Spyware.MarketScore) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

dangerfield
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-03-28
OS : Vista 32

View user profile

Back to top Go down

Re: DNS Redirect Trojan?

Post by Belahzur on Mon Mar 29, 2010 6:20 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: DNS Redirect Trojan?

Post by dangerfield on Mon Mar 29, 2010 7:24 pm

I followed the instructions and then it reset my computer and showed a log file. However, I could not paste it or do anything with it because every single program on my computer that I tried to click gave me the error and would not open:

"illegal operation attempted on a registry key that has been marked for deletion"

I restarted my compyter and things seem to work but the log is gone.

When I first ran comboxfix, it told me that AVG (9.0) was running and to turn it off.

I followed the instructions here [You must be registered and logged in to see this link.]

But combofix still gave me the error message.

It ran anyway, but with the aforementioned outcome.

dangerfield
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-03-28
OS : Vista 32

View user profile

Back to top Go down

Re: DNS Redirect Trojan?

Post by dangerfield on Mon Mar 29, 2010 7:35 pm

I found the log on my hard-drive

ComboFix 10-03-28.03 - harrisjc 03/29/2010 12:34:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2941.1807 [GMT -6:00]
Running from: c:\users\harrisjc\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1858452836-573578192-3099488731-500
c:\users\harrisjc\AppData\Roaming\Microsoft\~DFK92e4ecb.tmp
c:\users\harrisjc\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\harrisjc\AppData\Roaming\Microsoft\bass.dll
c:\users\harrisjc\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\harrisjc\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\harrisjc\AppData\Roaming\Microsoft\peaadje.dll
c:\users\harrisjc\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\harrisjc\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\system32\msvcsv60.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Boonty Games


((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-29 )))))))))))))))))))))))))))))))
.

2010-03-29 18:44 . 2010-03-29 18:48 -------- d-----w- c:\users\harrisjc\AppData\Local\temp
2010-03-29 18:44 . 2010-03-29 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-29 18:27 . 2010-03-29 18:27 -------- d-----w- c:\users\harrisjc\AppData\Roaming\AVG9
2010-03-29 01:06 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 01:06 . 2010-03-29 01:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 01:06 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 03:13 . 2010-03-28 03:13 -------- d-----w- c:\program files\kSolo
2010-03-23 18:43 . 2010-03-23 18:43 -------- d-----w- c:\program files\ashost
2010-03-19 00:02 . 2010-03-19 00:02 -------- d-----w- c:\users\harrisjc\AppData\Roaming\Screaming Bee
2010-03-18 23:13 . 2010-03-18 23:13 -------- d-----w- c:\programdata\RapidSolution
2010-03-15 22:25 . 2010-03-15 22:25 -------- d-----w- c:\users\harrisjc\AppData\Local\Yummy
2010-03-15 22:24 . 2010-03-29 00:57 -------- d-----w- c:\program files\GameTap Web Player
2010-03-15 22:23 . 2010-03-29 00:57 -------- d-----w- c:\programdata\GameTap Web Player
2010-03-14 18:01 . 2010-03-14 18:22 -------- d-----w- C:\PSP
2010-03-14 18:01 . 1995-09-30 01:37 30048 ----a-w- c:\windows\UNWISE.EXE
2010-03-14 17:57 . 2010-03-14 17:57 19568 ----a-w- c:\windows\system\CTL3D.DLL
2010-03-13 21:49 . 2010-03-13 21:49 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-03-13 09:26 . 2010-03-29 00:55 -------- d-----w- c:\program files\Downfall Demo
2010-03-12 07:38 . 2010-03-12 07:39 -------- d-----w- C:\$AVG
2010-03-12 07:38 . 2010-03-12 07:38 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 07:37 . 2010-03-12 07:37 -------- d-----w- c:\programdata\avg9
2010-03-11 10:00 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 10:00 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 10:00 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-03 05:59 . 2010-03-03 05:59 -------- d-----w- c:\program files\Steinberg
2010-02-28 18:45 . 2010-02-28 18:45 -------- d-----w- c:\users\harrisjc\AppData\Roaming\PACE Anti-Piracy
2010-02-28 18:45 . 2010-02-28 18:45 -------- d-----w- c:\users\harrisjc\AppData\Local\PACE Anti-Piracy
2010-02-28 04:36 . 2010-03-03 05:59 -------- d-----w- c:\users\harrisjc\AppData\Roaming\Line 6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 02:13 . 2010-02-27 02:13 -------- d-----w- c:\program files\Ableton
2010-03-29 02:12 . 2008-06-10 01:01 -------- d-----w- c:\program files\MediaMonkey
2010-03-29 02:09 . 2009-12-17 19:33 -------- d-----w- c:\program files\MP3MyMP3 3.0
2010-03-29 02:05 . 2010-02-27 02:07 -------- d-----w- c:\program files\Sonoma Wire Works
2010-03-29 01:57 . 2008-08-30 12:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-29 01:35 . 2009-06-21 17:39 -------- d-----w- c:\users\harrisjc\AppData\Roaming\Vivox
2010-03-29 00:55 . 2010-02-23 10:37 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-03-29 00:54 . 2007-08-22 19:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-29 00:53 . 2008-11-20 05:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-29 00:50 . 2008-01-13 04:30 -------- d-----w- c:\program files\Canon
2010-03-29 00:44 . 2008-01-12 20:31 99000 ----a-w- c:\users\harrisjc\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-29 00:39 . 2008-03-16 00:32 -------- d-----w- c:\users\harrisjc\AppData\Roaming\Canon
2010-03-29 00:10 . 2007-08-22 20:26 -------- d-----w- c:\program files\Common Files\Java
2010-03-29 00:09 . 2008-09-20 03:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-28 19:33 . 2008-12-11 22:28 -------- d-----w- c:\programdata\Google Updater
2010-03-26 02:47 . 2009-12-23 01:34 -------- d-----w- c:\users\harrisjc\AppData\Roaming\Lala Music Mover
2010-03-18 09:44 . 2009-06-07 16:11 -------- d-----w- c:\users\harrisjc\AppData\Roaming\Skype
2010-03-18 06:05 . 2009-06-07 16:13 -------- d-----w- c:\users\harrisjc\AppData\Roaming\skypePM
2010-03-16 23:37 . 2007-08-22 20:04 -------- d-----w- c:\program files\Picasa2
2010-03-12 07:38 . 2008-08-30 04:49 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-12 07:38 . 2008-08-30 04:49 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 07:38 . 2008-08-30 04:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 07:37 . 2008-08-30 04:49 -------- d-----w- c:\program files\AVG
2010-03-11 10:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-05 20:38 . 2010-02-27 02:17 -------- d-----w- c:\users\harrisjc\AppData\Roaming\Ableton
2010-03-03 05:58 . 2010-02-26 23:05 -------- d-----w- c:\program files\Line6
2010-02-28 04:45 . 2010-02-26 23:05 -------- d-----w- c:\programdata\Line 6
2010-02-28 02:31 . 2010-02-27 02:07 -------- d-----w- c:\programdata\Sonoma Wire Works
2010-02-27 18:12 . 2010-02-27 18:12 5670 ----a-w- c:\windows\unins000.dat
2010-02-27 18:09 . 2010-02-27 18:12 695642 ----a-w- c:\windows\unins000.exe
2010-02-26 23:37 . 2010-02-23 17:37 16 ----a-w- c:\windows\msocreg32.dat
2010-02-24 23:41 . 2010-02-24 23:41 -------- d-----w- c:\program files\OpenIndexer 3
2010-02-24 23:24 . 2010-02-24 23:24 -------- d-----w- c:\users\harrisjc\AppData\Roaming\AstroGrep
2010-02-24 16:16 . 2009-10-03 07:55 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 17:35 . 2010-02-23 17:35 -------- d-----w- c:\program files\Common Files\DigiDesign
2010-02-23 17:35 . 2010-02-23 17:35 -------- d-----w- c:\program files\IK Multimedia
2010-02-23 17:35 . 2010-02-23 17:35 -------- d-----w- c:\programdata\IK Multimedia
2010-02-23 17:22 . 2010-02-23 17:22 -------- d-----w- c:\program files\db-audioware
2010-02-23 17:20 . 2010-02-23 17:20 -------- d-----w- c:\program files\ASIO4ALL v2
2010-02-23 10:39 . 2010-02-23 10:38 -------- d-----w- c:\programdata\ArcSoft
2010-02-23 10:39 . 2010-02-23 10:37 -------- d-----w- c:\users\harrisjc\AppData\Roaming\ArcSoft
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-07 22:40 . 2010-01-18 00:15 -------- d-----w- c:\program files\Linksys
2010-02-04 07:12 . 2007-08-22 20:03 -------- d-----w- c:\program files\Google
2010-01-25 12:48 . 2010-02-24 02:40 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-24 02:40 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-24 02:40 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-24 02:40 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-24 02:40 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-24 02:40 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-24 02:40 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-24 02:40 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-24 02:40 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-02-24 02:40 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-18 00:26 . 2010-01-18 00:19 8892928 ----a-w- c:\programdata\atscie.msi
2010-01-08 19:19 . 2007-08-22 19:39 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-01-02 06:38 . 2010-01-21 19:29 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 19:29 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 19:29 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 19:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-10 4702208]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-29 102400]
"NDSTray.exe"="NDSTray.exe" [BU]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^harrisjc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\harrisjc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2007-05-22 23:32 538744 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-03-01 17:37 2321600 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-03-12 07:37 2033432 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-08-22 20:03 1862144 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-13 17:37 133104 ----atw- c:\users\harrisjc\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-07 01:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-04-07 22:34 642856 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2007-12-11 02:55 323584 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 17:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-11 22:28 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-01-08 11:59 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-01-15 22:54 37376 ----a-w- c:\program files\Winamp\winampa.exe

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 135664]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 L6UX1;Service - Line 6 UX1;c:\windows\system32\Drivers\L6UX1.sys [2009-07-07 532992]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-03-17 30560]
R3 OIservice;OIservice;c:\program files\OpenIndexer 3\Service\OIserver.exe [2009-11-10 3283456]
R3 PAC207;PC Camer@;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-14 618112]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys [2007-08-18 29952]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys [2007-08-18 41856]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys [2007-08-18 39936]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\DRIVERS\PTDMWWAN.sys [2007-08-18 59520]
R3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-12 333192]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-03-12 360584]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-12 906520]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-12 285392]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1181328]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]

.
Contents of the 'Scheduled Tasks' folder

2010-03-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-22 08:45]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 22:00]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 22:00]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1858452836-573578192-3099488731-1000Core.job
- c:\users\harrisjc\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-13 17:37]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1858452836-573578192-3099488731-1000UA.job
- c:\users\harrisjc\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-13 17:37]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Assign &hot key - c:\program files\Hot Keyboard Pro\IEScript.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\harrisjc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: line6.net
DPF: ActiveGS.cab - [You must be registered and logged in to see this link.]
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\harrisjc\AppData\Roaming\Mozilla\Firefox\Profiles\bzh7c7u3.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplalaDl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\users\harrisjc\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\harrisjc\AppData\Roaming\Mozilla\Firefox\Profiles\bzh7c7u3.default\extensions\GameTapPlayer@gametap.com\plugins\npGameTapWebPlayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ArcSoft Connection Service - c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSConfigStartUp-LifeCam - c:\program files\Microsoft LifeCam\LifeExp.exe
MSConfigStartUp-SiteAdvisor - c:\program files\SiteAdvisor\6253\SiteAdv.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-29 12:50
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3744)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\toshiba\IVP\ISM\pinger.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\RtHDVCpl.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2010-03-29 12:58:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-29 18:58

Pre-Run: 30,593,146,880 bytes free
Post-Run: 30,369,853,440 bytes free

- - End Of File - - 71D4DE1AC93CB77A630F67BECBDBB611

dangerfield
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-03-28
OS : Vista 32

View user profile

Back to top Go down

Re: DNS Redirect Trojan?

Post by Belahzur on Tue Mar 30, 2010 12:46 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: DNS Redirect Trojan?

Post by dangerfield on Tue Mar 30, 2010 1:38 am

Malwarebytes' Anti-Malware 1.44
Database version: 3925
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

3/29/2010 7:37:46 PM
mbam-log-2010-03-29 (19-37-46).txt

Scan type: Quick Scan
Objects scanned: 109362
Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

dangerfield
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-03-28
OS : Vista 32

View user profile

Back to top Go down

Re: DNS Redirect Trojan?

Post by Belahzur on Tue Mar 30, 2010 10:54 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum