Where'd my security go??

View previous topic View next topic Go down

Where'd my security go??

Post by KKittelman on 6th December 2010, 9:29 pm

I suspect something has implanted itself into my PC (Mac here I come!). Upon starting my system my Trend Micro Internet Security software is not present, as it once was. When I go to start it it shuts down. Also, I lost my CD/DVD drive. I can't get a disk to play or anything. Beyond that I get a few pop-up warnings upon starting my system. I know one of them is some Apple program that's missing a file. I also get a Toshiba error mesage. I'll write it down and add it to the thread soon. I'd like to get my Trend Micro back up and running asap. Help please!

I'm running a 64 bit system with Vista.

Here is the HIJACKTHIS File:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:15:50 PM, on 12/6/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe
C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\IEUser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Users\owner\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SporTV Toolbar - {a298ed31-d405-40e2-880f-b7511948e582} - C:\Program Files (x86)\SporTV\tbSpor.dll
R3 - URLSearchHook: Oryte Games 1.19 Toolbar - {3654b12a-a3b9-40e9-988a-582f1fe2d265} - C:\Program Files (x86)\Oryte_Games_1.19\tbOryt.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: Oryte Games 1.19 Toolbar - {3654b12a-a3b9-40e9-988a-582f1fe2d265} - C:\Program Files (x86)\Oryte_Games_1.19\tbOryt.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mighty Magoo Text - {97E74A14-E5F1-40cc-9B0F-0D11946E5469} - C:\Program Files (x86)\Mighty Magoo\mmagootl.dll
O2 - BHO: SporTV Toolbar - {a298ed31-d405-40e2-880f-b7511948e582} - C:\Program Files (x86)\SporTV\tbSpor.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1303.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1303.0\msneshellx.dll
O3 - Toolbar: SporTV Toolbar - {a298ed31-d405-40e2-880f-b7511948e582} - C:\Program Files (x86)\SporTV\tbSpor.dll
O3 - Toolbar: Oryte Games 1.19 Toolbar - {3654b12a-a3b9-40e9-988a-582f1fe2d265} - C:\Program Files (x86)\Oryte_Games_1.19\tbOryt.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RunTasktray] "C:\Program Files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" --regkeypath=Software\Hewlett-Packard\HP Easy Printer Care\HPPRun --valuename=InstallTTM
O4 - HKLM\..\Run: [KnexStarter] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O15 - Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O16 - DPF: PackageCab - [You must be registered and logged in to see this link.]
O16 - DPF: {0BCADE60-1E93-11D8-ABDA-0004759647B3} (FastBid1 Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {32322460-3E7D-11D7-ABD8-0001029A9BA6} (FastBid Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: HPDCS - {BA135F49-A12C-4E26-A2C4-6EA945999072} - C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
O18 - Protocol: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Xobni\Skype4Com.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9fcee80d3f400) (gupdate1c9fcee80d3f400) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17803 bytes

KKittelman
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-08-25
OS OS : Windows XP
Points Points : 27117
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Where'd my security go??

Post by Belahzur on 7th December 2010, 12:25 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Where'd my security go??

Post by KKittelman on 7th December 2010, 1:55 am

Malwarebytes' Anti-Malware 1.50
[You must be registered and logged in to see this link.]

Database version: 5258

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

12/6/2010 17:54:51
mbam-log-2010-12-06 (17-54-51).txt

Scan type: Quick scan
Objects scanned: 175121
Time elapsed: 6 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

KKittelman
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-08-25
OS OS : Windows XP
Points Points : 27117
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Where'd my security go??

Post by Belahzur on 7th December 2010, 11:58 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Where'd my security go??

Post by KKittelman on 8th December 2010, 2:33 am

OTL logfile created on: 12/7/2010 18:24:23 - Run 3
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\owner\Desktop\CPU Maintenance
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 25.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296.62 Gb Total Space | 29.93 Gb Free Space | 10.09% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 64.26 Gb Free Space | 57.48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/11/27 09:29:44 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/11/20 15:00:00 | 000,608,584 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE
PRC - [2010/11/01 23:20:24 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/11/01 23:20:22 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/09 17:01:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\CPU Maintenance\OTL.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/27 14:29:14 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/06/20 22:20:54 | 000,041,984 | ---- | M] (Mobile Stream) -- C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
PRC - [2010/05/20 12:11:18 | 000,408,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
PRC - [2010/03/12 12:08:54 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/10/22 04:29:58 | 000,116,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2009/09/26 19:43:23 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/05/21 17:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/03/23 14:53:58 | 000,101,376 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe
PRC - [2009/03/23 14:02:50 | 000,159,744 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceService.exe
PRC - [2009/03/23 14:01:22 | 000,199,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe
PRC - [2008/10/16 19:11:26 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/10/16 19:11:26 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2008/10/16 18:23:30 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/10/02 08:23:16 | 000,546,288 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2008/07/21 16:16:06 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2008/07/10 17:35:30 | 000,188,416 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2008/07/10 16:57:30 | 000,634,880 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/16 23:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/01/20 18:50:38 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieuser.exe
PRC - [2007/12/13 18:52:00 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2007/02/10 04:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/02/10 04:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2006/08/28 01:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe
PRC - [2002/04/11 04:19:36 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/11 04:19:34 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (SafeList) ==========

MOD - [2010/09/09 17:01:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\CPU Maintenance\OTL.exe
MOD - [2008/01/20 18:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 18:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/14 23:04:40 | 001,038,088 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2008/09/26 01:27:00 | 000,562,440 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2008/09/26 01:26:52 | 000,899,848 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2008/09/26 01:26:46 | 000,590,792 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV:64bit: - [2008/09/26 01:24:22 | 000,823,560 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2008/09/02 06:06:00 | 000,048,128 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\TAMSvr.exe -- (Authentec memory manager)
SRV:64bit: - [2008/08/25 08:58:12 | 000,089,600 | ---- | M] (Toshiba) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/08/18 22:24:02 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/07/29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2008/07/17 10:00:14 | 000,139,776 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2008/04/30 19:20:42 | 001,371,136 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/04/30 18:42:20 | 000,826,368 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/07 15:10:16 | 000,547,456 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2007/11/21 15:53:16 | 000,135,168 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2010/11/29 12:18:14 | 003,020,376 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_5632d69.dll -- (Akamai)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/03/04 12:00:56 | 000,025,704 | R--- | M] (Amazon.com) [Disabled | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/01/12 11:01:28 | 003,077,488 | ---- | M] (MediaMall Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/10/14 23:04:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/21 19:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/16 18:31:12 | 000,906,752 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2008/10/16 18:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/08/19 20:34:32 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/08/04 13:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/07/10 16:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/06/27 17:46:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2008/05/22 21:55:32 | 000,150,376 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/02/10 04:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2007/02/10 04:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$PRIMAVERA) SQL Server (PRIMAVERA)
SRV - [2006/08/28 01:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql$PRIMAVERA) SQL Server FullText Search (PRIMAVERA)
SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/06/20 20:01:08 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\easytthr.sys -- (easytether)
DRV:64bit: - [2009/12/04 08:40:30 | 000,265,744 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2009/12/04 08:39:44 | 000,042,000 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2009/12/04 08:30:22 | 002,007,056 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vsapint.sys -- (vsapint)
DRV:64bit: - [2009/10/14 10:02:20 | 000,027,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/26 01:27:18 | 000,304,656 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2008/09/26 01:27:18 | 000,199,184 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2008/09/26 01:27:18 | 000,096,784 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2008/08/19 20:01:44 | 000,504,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/08/14 18:40:44 | 000,260,144 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/08/14 08:52:00 | 000,217,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV:64bit: - [2008/07/20 16:44:54 | 000,402,456 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/06/30 04:52:44 | 000,126,976 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/06/26 15:24:18 | 000,020,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2008/06/12 17:51:36 | 007,911,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/05/02 12:59:48 | 000,166,912 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/04/28 05:38:12 | 004,730,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/03/27 06:14:02 | 000,143,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mr97310c.sys -- (mr97310c)
DRV:64bit: - [2008/02/21 09:24:20 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/01/20 18:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 18:47:25 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 18:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/11 22:00:14 | 000,033,400 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2007/12/11 13:03:36 | 000,027,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 13:00:30 | 000,026,968 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/04 09:29:04 | 000,014,872 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV:64bit: - [2007/07/27 18:45:52 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 19:33:54 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006/11/19 21:11:06 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2006/11/08 22:34:00 | 000,237,568 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
DRV:64bit: - [2006/11/08 22:33:00 | 000,248,320 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)
DRV:64bit: - [2006/10/23 15:33:08 | 000,018,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2006/09/18 13:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2009/02/23 12:37:06 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2007/10/19 13:05:38 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Program Files (x86)\NXP\FM Radio\OpenLibSysX64.sys -- (OpenLibSys)
DRV - [2005/03/15 16:25:44 | 000,127,574 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\MR97310c.sys -- (mr97310c)
DRV - [2004/09/23 01:03:00 | 000,026,720 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\PxHlpa64.sys -- (PxHlpa64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {3654b12a-a3b9-40e9-988a-582f1fe2d265} - C:\Program Files (x86)\Oryte_Games_1.19\tbOryt.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {a298ed31-d405-40e2-880f-b7511948e582} - C:\Program Files (x86)\SporTV\tbSpor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {3654b12a-a3b9-40e9-988a-582f1fe2d265} - C:\Program Files (x86)\Oryte_Games_1.19\tbOryt.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {a298ed31-d405-40e2-880f-b7511948e582} - C:\Program Files (x86)\SporTV\tbSpor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaultthis.engineName: "TenchisTV Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2411669&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "TenchisTV Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {ece24dcf-8548-4655-b392-47a388721482}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\Real\RealPlayer\browserrecord [2009/09/26 19:43:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/08 13:37:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/06 09:30:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/08 14:55:03 | 000,000,000 | ---D | M]

[2010/04/27 22:28:39 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions
[2010/04/27 22:28:39 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/12/06 23:26:55 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\py7snsrh.default\extensions
[2009/08/13 15:07:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\py7snsrh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/07 02:18:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\py7snsrh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/06 09:30:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\py7snsrh.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/04/10 19:19:13 | 000,000,000 | ---D | M] (TenchisTV Toolbar) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\py7snsrh.default\extensions\{ece24dcf-8548-4655-b392-47a388721482}
[2009/02/25 14:05:01 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\py7snsrh.default\extensions\ChoiceGuard@Microsoft
[2008/12/23 23:51:24 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\py7snsrh.default\extensions\createandprint@ag.com
[2010/02/28 14:26:31 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\py7snsrh.default\extensions\firefox@tvunetworks.com
[2010/03/24 15:13:08 | 000,000,921 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\py7snsrh.default\searchplugins\conduit.xml
[2009/02/25 14:18:00 | 000,001,632 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\py7snsrh.default\searchplugins\live-search.xml
[2010/11/08 14:55:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/23 21:07:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/08 14:55:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/08 14:54:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2004/11/04 15:56:50 | 001,482,752 | ---- | M] (LizardTech) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll

O1 HOSTS File: ([2010/11/27 21:33:12 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Oryte Games 1.19 Toolbar) - {3654b12a-a3b9-40e9-988a-582f1fe2d265} - C:\Program Files (x86)\Oryte_Games_1.19\tbOryt.dll (Conduit Ltd.)
O2 - BHO: (Mighty Magoo Text) - {97E74A14-E5F1-40cc-9B0F-0D11946E5469} - C:\Program Files (x86)\Mighty Magoo\mmagootl.dll ()
O2 - BHO: (SporTV Toolbar) - {a298ed31-d405-40e2-880f-b7511948e582} - C:\Program Files (x86)\SporTV\tbSpor.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1303.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1303.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Oryte Games 1.19 Toolbar) - {3654b12a-a3b9-40e9-988a-582f1fe2d265} - C:\Program Files (x86)\Oryte_Games_1.19\tbOryt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SporTV Toolbar) - {a298ed31-d405-40e2-880f-b7511948e582} - C:\Program Files (x86)\SporTV\tbSpor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Oryte Games 1.19 Toolbar) - {3654B12A-A3B9-40E9-988A-582F1FE2D265} - C:\Program Files (x86)\Oryte_Games_1.19\tbOryt.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SporTV Toolbar) - {A298ED31-D405-40E2-880F-B7511948E582} - C:\Program Files (x86)\SporTV\tbSpor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [FingerPrintNotifer] C:\Program Files\TrueSuite Access Manager\FpNotifier.exe (AuthenTec, Inc)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe ()
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KnexStarter] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceService.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RunTasktray] File not found
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [zzzHPSETUP] D:\Setup.exe File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EasyTether] C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: hp.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: hp.com ([]https in Trusted sites)
O16 - DPF: {0BCADE60-1E93-11D8-ABDA-0004759647B3} [You must be registered and logged in to see this link.] (FastBid1 Class)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} [You must be registered and logged in to see this link.] (SpinTop DRM Control)
O16 - DPF: {32322460-3E7D-11D7-ABD8-0001029A9BA6} [You must be registered and logged in to see this link.] (FastBid Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} [You must be registered and logged in to see this link.] (SysData Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} [You must be registered and logged in to see this link.] (Groove Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} [You must be registered and logged in to see this link.] (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} [You must be registered and logged in to see this link.] (ArmHelper Control)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} [You must be registered and logged in to see this link.] (Virtools WebPlayer Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: PackageCab [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\HPDCS {ba135f49-a12c-4e26-a2c4-6ea945999072} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\hppfile {C4E2084B-ED27-4893-A43D-488CA3F370E2} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\hppsam {C4E2084B-ED27-4893-A43D-488CA3F370E2} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\hppzip {C4E2084B-ED27-4893-A43D-488CA3F370E2} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\HPDCS {ba135f49-a12c-4e26-a2c4-6ea945999072} - C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppfile {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppsam {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppzip {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Xobni\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/28 19:40:49 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/09/02 18:58:03 | 000,000,000 | ---D | M] - C:\Autodesk2 -- [ NTFS ]
O32 - AutoRun File - [2010/04/14 21:49:13 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/05/31 14:15:50 | 000,000,118 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{299e9f3b-c062-11dd-bdb5-001e336c3a9e}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{7276353d-80bb-11dd-a0f4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7276353d-80bb-11dd-a0f4-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launch.exe -- [2004/10/21 02:38:02 | 000,126,976 | ---- | M] (Macrovision Corporation)
O33 - MountPoints2\{a563a139-f129-11de-b41c-001e336c3a9e}\Shell\AutoRun\command - "" = D:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{a563a139-f129-11de-b41c-001e336c3a9e}\Shell\Setup FlipShare\command - "" = D:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/07 11:00:03 | 000,000,000 | ---D | C] -- C:\Users\owner\Pacific Lending Advisors
[2010/12/06 13:52:21 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\DriverGenius
[2010/12/06 09:30:32 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\SightSpeed Recordings
[2010/12/06 09:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskBarDis
[2010/12/06 09:30:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Video Chat
[2010/11/27 20:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mighty Magoo
[2010/11/27 19:56:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine
[2010/11/27 19:56:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oryte_Games_1.19
[2010/11/23 20:38:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\WinZip
[2010/11/23 20:38:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2010/11/23 20:32:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Security Scan
[2010/11/23 15:54:16 | 000,000,000 | ---D | C] -- C:\Users\owner\LinedIn Group
[2010/11/23 15:01:23 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Corel Auto-Preserve
[2010/11/22 22:37:21 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Driver Smith
[2010/11/22 22:37:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverSmith
[2010/11/21 22:22:46 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Google Sketchup Collection
[2010/11/21 14:17:19 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\My Kindle Content
[2010/11/21 14:17:19 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Amazon
[2010/11/21 14:17:07 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Amazon
[2010/11/08 14:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/11/08 14:55:02 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/11/08 14:55:02 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/08 14:55:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/08 14:55:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\owner\AppData\Local\*.tmp files -> C:\Users\owner\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/07 18:29:19 | 007,340,032 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT
[2010/12/07 18:19:07 | 000,882,870 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/07 18:19:07 | 000,734,076 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/07 18:19:07 | 000,149,726 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/07 18:13:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/07 17:47:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4287032534-2594818880-2464098818-1000UA.job
[2010/12/07 17:23:29 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/07 17:23:29 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/07 10:31:31 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/12/07 10:13:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/07 10:00:13 | 000,031,744 | ---- | M] () -- C:\Users\owner\Documents\LA Fitness CANCELLATION LETTER.doc
[2010/12/07 09:54:08 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5A8E921D-6B96-4344-9BC3-0C05FE9E410B}.job
[2010/12/07 07:23:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/06 18:47:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4287032534-2594818880-2464098818-1000Core.job
[2010/12/06 17:47:22 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/06 14:38:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/12/06 14:38:29 | 4156,555,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/06 14:32:20 | 000,524,288 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/12/06 14:32:20 | 000,065,536 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/12/06 14:31:36 | 002,651,589 | -H-- | M] () -- C:\Users\owner\AppData\Local\IconCache.db
[2010/12/06 13:42:43 | 000,155,136 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/06 13:14:59 | 000,000,880 | ---- | M] () -- C:\Users\owner\Desktop\HijackThis - Shortcut.lnk
[2010/12/06 09:30:10 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\Dell Video Chat.lnk
[2010/12/03 07:26:10 | 000,932,275 | ---- | M] () -- C:\Users\owner\Desktop\December.pdf
[2010/12/02 07:49:27 | 000,005,642 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/12/01 23:40:05 | 008,705,067 | ---- | M] () -- C:\Users\owner\Desktop\Ex1.skp
[2010/11/30 07:46:22 | 000,015,595 | ---- | M] () -- C:\Users\owner\Desktop\University-of-Washington-Huskies.gif
[2010/11/29 19:54:13 | 000,000,168 | RHS- | M] () -- C:\ProgramData\BB83B5B1DC.sys
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/27 20:05:17 | 000,000,163 | ---- | M] () -- C:\Users\owner\Desktop\More SpinTop Games.url
[2010/11/25 19:41:53 | 005,317,236 | ---- | M] () -- C:\Users\owner\Desktop\Ex1.skb
[2010/11/24 13:17:53 | 000,015,965 | ---- | M] () -- C:\Users\owner\Desktop\bedepts.gif
[2010/11/23 22:31:38 | 000,012,600 | ---- | M] () -- C:\Users\owner\Desktop\masthead.jpg
[2010/11/23 21:31:40 | 000,004,288 | ---- | M] () -- C:\Users\owner\Desktop\pathcopy.zip
[2010/11/23 20:39:03 | 000,001,841 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/11/23 20:32:47 | 000,001,689 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
[2010/11/22 22:37:05 | 000,000,827 | ---- | M] () -- C:\Users\Public\Desktop\DriverSmith.lnk
[2010/11/22 20:24:56 | 000,001,286 | ---- | M] () -- C:\Users\Public\Desktop\Corel PaintShop Photo Pro X3.lnk
[2010/11/21 22:39:14 | 008,324,741 | ---- | M] () -- C:\Users\owner\Documents\AutoSave_Untitled.skp
[2010/11/21 14:17:10 | 000,002,119 | ---- | M] () -- C:\Users\owner\Desktop\Kindle For PC.lnk
[2010/11/19 21:36:26 | 000,000,057 | ---- | M] () -- C:\Users\owner\Facebook.URL
[2010/11/10 20:46:45 | 000,159,700 | ---- | M] () -- C:\Users\owner\Desktop\leed projects.pdf
[2010/11/08 14:54:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/11/08 14:54:30 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/08 14:54:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/08 14:54:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/11/08 08:32:28 | 000,005,972 | ---- | M] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\owner\AppData\Local\*.tmp files -> C:\Users\owner\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/07 10:00:11 | 000,031,744 | ---- | C] () -- C:\Users\owner\Documents\LA Fitness CANCELLATION LETTER.doc
[2010/12/06 17:47:22 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/06 14:13:46 | 4156,555,264 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/06 13:14:59 | 000,000,880 | ---- | C] () -- C:\Users\owner\Desktop\HijackThis - Shortcut.lnk
[2010/12/06 09:30:10 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\Dell Video Chat.lnk
[2010/12/03 07:26:10 | 000,932,275 | ---- | C] () -- C:\Users\owner\Desktop\December.pdf
[2010/11/30 07:46:20 | 000,015,595 | ---- | C] () -- C:\Users\owner\Desktop\University-of-Washington-Huskies.gif
[2010/11/27 20:05:17 | 000,000,163 | ---- | C] () -- C:\Users\owner\Desktop\More SpinTop Games.url
[2010/11/23 22:31:38 | 000,012,600 | ---- | C] () -- C:\Users\owner\Desktop\masthead.jpg
[2010/11/23 21:51:58 | 005,317,236 | ---- | C] () -- C:\Users\owner\Desktop\Ex1.skb
[2010/11/23 21:31:39 | 000,004,288 | ---- | C] () -- C:\Users\owner\Desktop\pathcopy.zip
[2010/11/23 20:39:03 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/11/23 20:32:47 | 000,001,689 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
[2010/11/23 11:36:21 | 008,705,067 | ---- | C] () -- C:\Users\owner\Desktop\Ex1.skp
[2010/11/22 22:37:05 | 000,000,827 | ---- | C] () -- C:\Users\Public\Desktop\DriverSmith.lnk
[2010/11/22 21:17:09 | 000,015,965 | ---- | C] () -- C:\Users\owner\Desktop\bedepts.gif
[2010/11/22 20:24:56 | 000,001,286 | ---- | C] () -- C:\Users\Public\Desktop\Corel PaintShop Photo Pro X3.lnk
[2010/11/21 15:22:45 | 008,324,741 | ---- | C] () -- C:\Users\owner\Documents\AutoSave_Untitled.skp
[2010/11/21 14:17:10 | 000,002,119 | ---- | C] () -- C:\Users\owner\Desktop\Kindle For PC.lnk
[2010/11/19 21:36:26 | 000,000,057 | ---- | C] () -- C:\Users\owner\Facebook.URL
[2010/11/10 20:46:40 | 000,159,700 | ---- | C] () -- C:\Users\owner\Desktop\leed projects.pdf
[2010/10/16 04:50:35 | 000,000,093 | ---- | C] () -- C:\Users\owner\AppData\Local\fusioncache.dat
[2010/05/15 08:45:35 | 000,000,827 | ---- | C] () -- C:\Windows\BTI.INI
[2010/05/15 08:45:31 | 000,038,576 | ---- | C] () -- C:\Windows\SysWow64\NWLOCALE.DLL
[2010/05/15 08:45:31 | 000,009,136 | ---- | C] () -- C:\Windows\SysWow64\INETWH16.DLL
[2010/05/15 08:45:13 | 000,001,072 | ---- | C] () -- C:\Windows\_delis32.ini
[2010/04/14 21:58:35 | 000,000,036 | ---- | C] () -- C:\Users\owner\AppData\Local\housecall.guid.cache
[2010/04/02 19:00:24 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\mr310exv.dll
[2010/04/02 19:00:24 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\mr310exd.dll
[2010/04/02 19:00:24 | 000,015,164 | ---- | C] () -- C:\Windows\mr310twc.ini
[2010/04/01 12:35:21 | 000,438,184 | ---- | C] () -- C:\Users\owner\AppData\Local\dd_vcredistMSI3C8F.txt
[2010/04/01 12:35:20 | 000,012,276 | ---- | C] () -- C:\Users\owner\AppData\Local\dd_vcredistUI3C8F.txt
[2010/04/01 11:06:55 | 000,012,307 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/02/16 22:37:48 | 000,024,226 | ---- | C] () -- C:\Users\owner\AppData\Roaming\UserTile.png
[2010/01/26 11:59:12 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20100126.log
[2010/01/18 00:41:04 | 000,004,096 | -H-- | C] () -- C:\Users\owner\AppData\Local\keyfile3.drm
[2010/01/05 17:07:59 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/01/05 17:07:59 | 000,000,168 | RHS- | C] () -- C:\ProgramData\BB83B5B1DC.sys
[2009/10/14 13:55:23 | 000,000,510 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/28 15:57:11 | 000,011,742 | ---- | C] () -- C:\Users\owner\AppData\Local\dd_vcredistUI6A53.txt
[2009/08/28 15:57:07 | 000,011,742 | ---- | C] () -- C:\Users\owner\AppData\Local\dd_vcredistUI6A46.txt
[2009/08/07 18:14:05 | 000,337,714 | ---- | C] () -- C:\Users\owner\AppData\Local\dd_SharedManagementObjects_MSI6A4F.txt
[2009/08/07 18:14:00 | 000,172,456 | ---- | C] () -- C:\Users\owner\AppData\Local\dd_SQLSysClrTypes_msi6A3F.txt
[2009/08/07 18:09:44 | 010,826,474 | ---- | C] () -- C:\Users\owner\AppData\Local\VSMsiLog66FB.txt
[2009/08/07 18:09:38 | 000,200,286 | ---- | C] () -- C:\Users\owner\AppData\Local\dd_WinSDK_Win32ExpTools_x64_MSI66E8.txt
[2009/08/07 18:09:34 | 000,213,754 | ---- | C] () -- C:\Users\owner\AppData\Local\dd_WinSDK_ExpTools_x64_MSI66DA.txt
[2009/08/07 18:08:36 | 005,359,116 | ---- | C] () -- C:\Users\owner\AppData\Local\dd_WinSDK_Build_x64_MSI661D.txt
[2009/08/07 18:08:20 | 001,228,286 | ---- | C] () -- C:\Users\owner\AppData\Local\dd_ExpRemoteDbg_x64_MSI65E9.txt
[2009/08/07 18:08:08 | 000,408,724 | ---- | C] () -- C:\Users\owner\AppData\Local\dd_VC_Red_MSI65C2.txt
[2009/08/07 18:01:36 | 000,116,768 | ---- | C] () -- C:\Users\owner\AppData\Local\dd_depcheck_VC_EXP_90.txt
[2009/08/07 18:01:28 | 000,352,326 | ---- | C] () -- C:\Users\owner\AppData\Local\dd_install_vc_xcor_90.txt
[2009/08/07 18:01:28 | 000,005,296 | ---- | C] () -- C:\Users\owner\AppData\Local\uxeventlog.txt
[2009/08/07 18:01:28 | 000,000,002 | ---- | C] () -- C:\Users\owner\AppData\Local\dd_error_vc_xcor_90.txt
[2009/06/28 15:33:06 | 000,900,260 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/04/11 10:34:20 | 000,000,732 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps64.dat
[2009/02/10 13:33:16 | 000,181,248 | ---- | C] () -- C:\Windows\SysWow64\HPEPCEnm.dll
[2009/02/10 13:33:02 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll
[2009/01/25 19:55:27 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2008/12/02 22:55:13 | 000,155,136 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/01 11:28:52 | 000,005,972 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2008/11/13 10:07:38 | 000,000,013 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2008/09/09 12:11:01 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/09/09 11:14:11 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/09/09 11:14:11 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/09/09 11:14:11 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/09/09 11:14:11 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/09/09 11:14:11 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/09/09 11:14:11 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/02/18 22:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 18:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/12/21 15:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\TosBtAcc.dll
[2006/07/31 16:45:20 | 000,086,528 | R--- | C] () -- C:\Windows\SysWow64\libjnbzip2.dll
[2005/07/22 20:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\TosCommAPI.dll
[1996/09/24 18:40:44 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\W32MKRC.DLL
[1995/04/10 17:30:50 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\WDBUUI32.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:63596073
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:BDBBA690
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:58E07FC2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:F8071C14
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:404390E0
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:FA7CDE12
< End of report >

KKittelman
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-08-25
OS OS : Windows XP
Points Points : 27117
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Where'd my security go??

Post by KKittelman on 8th December 2010, 2:35 am

I did not find an 'extras.txt' file on my computer.

KKittelman
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-08-25
OS OS : Windows XP
Points Points : 27117
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Where'd my security go??

Post by KKittelman on 11th December 2010, 6:51 pm

Again?

KKittelman
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-08-25
OS OS : Windows XP
Points Points : 27117
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Where'd my security go??

Post by Belahzur on 11th December 2010, 7:18 pm

Ignore my last post. My mistake, do this instead.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Where'd my security go??

Post by KKittelman on 15th December 2010, 4:00 pm

It scaned and removed 2 treats but didn't produced a log.txt file. I searched and could not find one on my C drive.

KKittelman
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-08-25
OS OS : Windows XP
Points Points : 27117
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Where'd my security go??

Post by Belahzur on 15th December 2010, 11:19 pm

Okay how is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Where'd my security go??

Post by KKittelman on 15th December 2010, 11:46 pm

My Trend Micro Security still won't remain running. I open it up and it closes immediately.

KKittelman
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-08-25
OS OS : Windows XP
Points Points : 27117
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Where'd my security go??

Post by Belahzur on 16th December 2010, 12:11 am

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Where'd my security go??

Post by KKittelman on 1st January 2011, 8:14 pm

ComboFix 11-01-01.01 - owner 01/01/2011 9:45.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3963.1493 [GMT -8:00]
Running from: c:\users\owner\Desktop\commy.exe
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\users\owner\g2mdlhlpx.exe
c:\windows\system\W32MKSET.DLL
c:\windows\system\W32MKSET.EXE
c:\windows\system\WDBUUI32.DLL
c:\windows\system32\service

.
((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 )))))))))))))))))))))))))))))))
.

2011-01-01 18:03 . 2011-01-01 18:03 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-01-01 18:03 . 2011-01-01 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-31 10:01 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{859AD910-AA66-4688-8D25-39A6AF0F56CB}\mpengine.dll
2010-12-21 18:13 . 2010-12-21 18:17 -------- d-----w- c:\users\owner\AppData\Roaming\vlc
2010-12-10 00:13 . 2010-12-10 00:13 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-07 19:00 . 2010-12-30 06:00 -------- d-----w- c:\users\owner\Pacific Lending Advisors
2010-12-06 17:30 . 2010-12-06 17:30 -------- d-----w- c:\program files (x86)\Dell Video Chat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 15:49 . 2010-01-06 01:07 5642 --sha-w- c:\programdata\KGyGaAvL.sys
2010-11-30 03:54 . 2010-01-06 01:07 168 --sh--r- c:\programdata\BB83B5B1DC.sys
2010-11-30 01:42 . 2010-04-15 06:06 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-08 22:54 . 2010-11-08 22:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-24 02:55 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a298ed31-d405-40e2-880f-b7511948e582}]
2009-12-31 19:53 2349080 ----a-w- c:\program files (x86)\SporTV\tbSpor.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{a298ed31-d405-40e2-880f-b7511948e582}"= "c:\program files (x86)\SporTV\tbSpor.dll" [2009-12-31 2349080]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-24 3908192]

[HKEY_CLASSES_ROOT\clsid\{a298ed31-d405-40e2-880f-b7511948e582}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2008-01-21 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Google Update"="c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-27 133104]
"EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2010-06-21 41984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RunTasktray"="c:\program files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe --regkeypath=Software\Hewlett-Packard\HP Easy Printer Care\HPPRun --valuename=InstallTTM" [X]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"PCMAgent"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 188416]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"mxomssmenu"="c:\program files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-22 169312]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2009-09-27 198160]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"KnexStarter"="c:\program files (x86)\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe" [2009-03-23 159744]
"Share-to-Web Namespace Daemon"="c:\program files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"HP Software Update"="c:\program files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2010-11-20 608584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

R0 AFS;AFS; [x]
R0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
R2 gupdate1c9fcee80d3f400;Google Update Service (gupdate1c9fcee80d3f400);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-07-04 133104]
R3 7ByteIo;7ByteIo;c:\program files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [x]
R3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\DRIVERS\mr97310c.sys [2008-03-27 143872]
R3 SVRPEDRV;SVRPEDRV;c:\windows\SysWOW64\sysprep\UP_date\PEDrv.sys [x]
R4 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2008-09-02 48128]
R4 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2008-06-28 36864]
R4 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2008-07-11 40960]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-10-15 1038088]
R4 KR10I64;KR10I64;c:\windows\system32\drivers\kr10i64.sys [2006-11-09 248320]
R4 KR10N64;KR10N64;c:\windows\system32\drivers\kr10n64.sys [2006-11-09 237568]
R4 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2010-01-12 3077488]
R4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 89600]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
R4 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2008-09-26 590792]
R4 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-09-26 899848]
R4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-07-17 139776]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2008-01-12 33400]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-09-04 14872]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2008-08-20 504912]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2008-09-26 199184]
S2 msftesql$PRIMAVERA;SQL Server FullText Search (PRIMAVERA);c:\program files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe [2006-08-28 92952]
S2 MSSQL$PRIMAVERA;SQL Server (PRIMAVERA);c:\program files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S2 OpenLibSys;OpenLibSys;c:\program files (x86)\NXP\FM Radio\OpenLibSysX64.sys [2007-10-19 14544]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-12-04 42000]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2008-09-26 304656]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-06-21 14336]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 8704]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-30 126976]
S3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;c:\windows\system32\DRIVERS\NETw5v64.sys [2008-04-28 4730368]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-01-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-11 07:18]

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-07-04 21:29]

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-07-04 21:29]

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4287032534-2594818880-2464098818-1000Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-27 16:00]

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4287032534-2594818880-2464098818-1000UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-27 16:00]

2011-01-01 c:\windows\Tasks\User_Feed_Synchronization-{5A8E921D-6B96-4344-9BC3-0C05FE9E410B}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-13 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-13 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-13 181784]
"RtHDVCpl"="RAVCpl64.exe" [2008-08-21 6456864]
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-09-03 885248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-15 1573160]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-09-26 955424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: hp.com
DPF: PackageCab - [You must be registered and logged in to see this link.]
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\py7snsrh.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - TenchisTV Customized Web Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\program files (x86)\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: [You must be registered and logged in to see this link.] - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: TenchisTV Toolbar: {ece24dcf-8548-4655-b392-47a388721482} - %profile%\extensions\{ece24dcf-8548-4655-b392-47a388721482}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.
- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
Wow6432Node-HKLM-Run-zzzHPSETUP - D:\Setup.exe
Wow6432Node-HKLM-Run-Corel File Shell Monitor - c:\program files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
WebBrowser-{A298ED31-D405-40E2-880F-B7511948E582} - (no file)
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
WebBrowser-{3654B12A-A3B9-40E9-988A-582F1FE2D265} - (no file)
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\adobe\SHOCKW~1\UNWISE.EXE
AddRemove-HijackThis - E:\HijackThis.exe
AddRemove-SureTrak 3.0 - e:\program\SureTrak\Uninst.isu
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\owner\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msftesql$PRIMAVERA]
"ImagePath"=""c:\program files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:PRIMAVERA"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-01-01 12:02:38
ComboFix-quarantined-files.txt 2011-01-01 20:02

Pre-Run: 35,100,311,552 bytes free
Post-Run: 37,329,862,656 bytes free

- - End Of File - - A5FBF404D7EED7036A1867BBD989AC20

KKittelman
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-08-25
OS OS : Windows XP
Points Points : 27117
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Where'd my security go??

Post by Belahzur on 2nd January 2011, 12:59 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Where'd my security go??

Post by KKittelman on 2nd January 2011, 1:37 am

I already conducted this scan a few steps back. Do you want me to conduct it again?

KKittelman
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-08-25
OS OS : Windows XP
Points Points : 27117
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Where'd my security go??

Post by Belahzur on 3rd January 2011, 1:49 am

No.

Download [You must be registered and logged in to see this link.] by screen317 and save it to your Desktop.

  • Unzip SecurityCheck.zip and a folder named Security Check should appear.
  • Open the Security Check folder and double-click Security Check.bat
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: if a security program requests permission from dig.exe to access the Internet, allow it to do so.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Where'd my security go??

Post by KKittelman on 3rd January 2011, 2:58 am

Results of screen317's Security Check version 0.99.7
Windows Vista (UAC is enabled)
[You must be registered and logged in to see this link.]
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java(TM) 6 Update 22
Java(TM) 6 Update 6
Out of date Java installed!
Adobe Flash Player 10.0.42.34
Adobe Reader 9.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
Trend Micro BM TMBMSRV.exe
Trend Micro Internet Security TMAS_OE TMAS_OEMon.exe
``````````End of Log````````````

KKittelman
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-08-25
OS OS : Windows XP
Points Points : 27117
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Where'd my security go??

Post by Belahzur on 4th January 2011, 1:22 am

Hello.


  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum