1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

something unknowing is lurking

Discussion in 'Virus & Other Malware Removal' started by guy2, Jun 18, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. guy2

    guy2 Thread Starter

    Joined:
    Apr 30, 2009
    Messages:
    552
    HELLO iv been having much difficulties just surfing the internet due to Mazilla firefox always crashing and many adobe flash player 10 active script errors.

    My mazilla has always been like this no matter how many scans or how many times iv replaced it so indeed something silent is lurking freely.
    I scan with malwarebytes own eset and have posted hijack logs in the past on this forum. I was having problems with my hijack logs i was told before ,i guess my logs were only half the size as they should be for some unknown reason but i did uninstall and downloaded a new one from cnet. Sometimes my logs will magically change in size from the previous logs ,i do perform regular scans and have found one or 2 viruses lately and they have been disposed of properly but i have a gut feeling that i still have something because my browsers are very slow, unresponsive and mostly crashing.
    ==================================================================
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:02:01 AM, on 6/17/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18248)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - (no file)
    O3 - Toolbar: (no name) - {196C3A46-4758-433D-A600-802C804AF39C} - (no file)
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote Table Of Contents.onetoc2
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.netzero.com
    O15 - Trusted Zone: *.netzero.net
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
    O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 5222 bytes

    IN this log i got this error: access to the host file has been denied (and this goes on some) for vista users run as administrator.
    =================================================================
    =================================================================
    Other log run as administrator

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:17:19 PM, on 6/17/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18248)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - (no file)
    O3 - Toolbar: (no name) - {196C3A46-4758-433D-A600-802C804AF39C} - (no file)
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote Table Of Contents.onetoc2
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.netzero.com
    O15 - Trusted Zone: *.netzero.net
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
    O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 5249 bytes
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    32,959
    Hiya

    Are you still having this problem? If so, do the following:

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.


    Please include the MBAM log, SAS log and a fresh HijackThis log in your next reply

    Regards

    eddie
     
  3. guy2

    guy2 Thread Starter

    Joined:
    Apr 30, 2009
    Messages:
    552
    thanks for your reply ,i was getting worried. I already have malwarebytes ,it's been updated ,im kind of doing this as i go so i will download the
    superantispyware now

    =====================================

    Malwarebytes' Anti-Malware 1.38
    Database version: 2332
    Windows 6.0.6001 Service Pack 1

    6/24/2009 6:26:20 PM
    mbam-log-2009-06-24 (18-26-20).txt

    Scan type: Quick Scan
    Objects scanned: 74746
    Time elapsed: 5 minute(s), 19 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ===================================
     
  4. guy2

    guy2 Thread Starter

    Joined:
    Apr 30, 2009
    Messages:
    552
    i did a full scan with superantispyware and it found 3 tracker.adware cookies.

    Im not sure what you mean by sys Log?

    New hijack log

    I keep getting this every time i use hijack
    ==========================================================
    For some reason your system denied write access to the host file.If
    any hijacked domains are in this file, hijack may not be able to fix this.

    If that happens, you need to edit the file yourself. To do this, click start,run and type:

    notepad C:\\Windows\System32\drivers\ect\host

    and press enter.Find the lines hijack reports and delete them.
    Save the file as host with quotes and reboot.

    For vista: simply exit hijack ,right click on hijack icon and run as administrator.

    (it did the scan anyways) regular
    ==========================================================
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:17:19 PM, on 6/17/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18248)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - (no file)
    O3 - Toolbar: (no name) - {196C3A46-4758-433D-A600-802C804AF39C} - (no file)
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote Table Of Contents.onetoc2
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.netzero.com
    O15 - Trusted Zone: *.netzero.net
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
    O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 5249 bytes
    ========================================================
    SCANNED RUN AS ADMINISTRATOR

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:27:02 PM, on 6/24/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - (no file)
    O3 - Toolbar: (no name) - {196C3A46-4758-433D-A600-802C804AF39C} - (no file)
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote Table Of Contents.onetoc2
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.netzero.com
    O15 - Trusted Zone: *.netzero.net
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
    O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 6109 bytes
     
  5. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    32,959
    I'll have a good look at this when I get home, as I'm at work now :)

    I tend to try and reply to threads that are a week old, to clear the backlog, as you can probably guess it can get very busy in here ;)

    The other log was the SAS log (SuperAntiSpware program). However, as your Host file is locked, try this:

    Download the HostsXpert 3.7 - Hosts File Manager.
    • Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
    • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
    • Click "Make Hosts Writable?" in the upper right corner (If available).
    • Click Restore Microsoft's Hosts file and then click OK.
    • Click the X to exit the program.
    • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

    That should clear up any entries, but you shouldn't need to re-run HijackThis again, as I know which lines it looks at for the Hosts ;)

    eddie
     
  6. guy2

    guy2 Thread Starter

    Joined:
    Apr 30, 2009
    Messages:
    552
    well im not worried about the wait ,I downloaded HostXpert but it's version 4.3 ,i guess that's better but anyways i keep getting this error message

    ERROR:cannot create file C:\\Window\system32\DRIVERS\ETC\host

    I press OK and the program closes ,should i run this as administrator?
     
  7. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    32,959
    Nope, lets run this program instead :)

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
     
  8. guy2

    guy2 Thread Starter

    Joined:
    Apr 30, 2009
    Messages:
    552
    you weren't joking when you said i might need to post 2 ,i didn't know i couldn't put over 3000 characters. The first scan with OTL had 2 Logs and my 2nd gave me a (program not responding) the 3rd this one only gave me one log ,i didn't change anything in the prgram.

    here is part of it

    ========================================================

    OTL logfile created on: 6/25/2009 4:14:23 PM - Run 2
    OTL by OldTimer - Version 3.0.5.3 Folder = C:\Users\sd\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18783)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 98.29% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 147.58 Gb Total Space | 61.94 Gb Free Space | 41.97% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: G-COMPUTER
    Current User Name: sd
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
    PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
    PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
    PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
    PRC - C:\TOSHIBA\IVP\ISM\pinger.exe ()
    PRC - C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
    PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
    PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
    PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
    PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
    PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
    PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
    PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
    PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
    PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
    PRC - C:\Users\sd\Desktop\OTL.exe (OldTimer Tools)

    ========== Win32 Services (SafeList) ==========

    SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
    SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (Ati External Event Utility [Auto | Running]) -- C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
    SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (ConfigFree Service [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
    SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
    SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
    SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
    SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
    SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
    SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
    SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (FontCache3.0.0.0 [Auto | Running]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
    SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
    SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
    SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
    SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
    SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
    SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (pinger [Auto | Running]) -- C:\TOSHIBA\IVP\ISM\pinger.exe ()
    SRV - (SbieSvc [Auto | Running]) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
    SRV - (Swupdtmr [Auto | Running]) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
    SRV - (TNaviSrv [Auto | Running]) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
    SRV - (TODDSrv [Auto | Running]) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
    SRV - (TosCoSrv [Auto | Running]) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
    SRV - (TOSHIBA SMART Log Service [Auto | Running]) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
    SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
    SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
    SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

    ========== Driver Services (SafeList) ==========

    DRV - (adfs [Auto | Running]) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
    DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
    DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
    DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
    DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
    DRV - (Afc [On_Demand | Running]) -- C:\Windows\System32\drivers\Afc.sys (Arcsoft, Inc.)
    DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
    DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
    DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
    DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
    DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
    DRV - (athr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\athr.sys (Atheros Communications, Inc.)
    DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
    DRV - (AtiPcie [Boot | Running]) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
    DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
    DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
    DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
    DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
    DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
    DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
    DRV - (eamon [Auto | Running]) -- C:\Windows\System32\DRIVERS\eamon.sys (ESET)
    DRV - (easdrv [System | Running]) -- C:\Windows\System32\DRIVERS\easdrv.sys (ESET)
    DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
    DRV - (epfwtdir [System | Running]) -- C:\Windows\System32\DRIVERS\epfwtdir.sys ()
    DRV - (FwLnk [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\FwLnk.sys (TOSHIBA Corporation)
    DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
    DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
    DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
    DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
    DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
    DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
    DRV - (KR10I [Disabled | Stopped]) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
    DRV - (KR10N [Disabled | Stopped]) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
    DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
    DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
    DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
    DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
    DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
    DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
    DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
    DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
    DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
    DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
    DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
    DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
    DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek Corporation )
    DRV - (RTSTOR [On_Demand | Running]) -- C:\Windows\System32\drivers\RTSTOR.SYS (Realtek Semiconductor Corp.)
    DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SbieDrv [On_Demand | Running]) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
    DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
    DRV - (SVRPEDRV [On_Demand | Stopped]) -- C:\Windows\System32\sysprep\PEDrv.sys (Inventec Corporation)
    DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
    DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
    DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
    DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
    DRV - (tdcmdpst [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
    DRV - (tos_sps32 [Boot | Running]) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
    DRV - (TVALZ [Boot | Running]) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
    DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
    DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
    DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
    DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
    DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
    FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

    FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/23 20:30:49 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/23 21:23:45 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/23 21:23:45 | 00,000,000 | ---D | M]

    [2009/06/12 18:49:27 | 00,000,000 | ---D | M] -- C:\Users\sd\AppData\Roaming\mozilla\Extensions
    [2009/06/12 18:49:27 | 00,000,000 | ---D | M] -- C:\Users\sd\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2009/06/24 20:02:00 | 00,000,000 | ---D | M] -- C:\Users\sd\AppData\Roaming\mozilla\Firefox\Profiles\g9z2dgjn.default\extensions
    [2009/06/23 21:02:33 | 00,000,000 | ---D | M] -- C:\Users\sd\AppData\Roaming\mozilla\Firefox\Profiles\g9z2dgjn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/06/12 18:49:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
    [2009/06/12 18:49:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2009/06/02 20:00:58 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
    [2009/06/02 20:00:59 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
    [2009/06/02 20:01:00 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
    [2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
    [2009/06/23 21:23:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
    [2009/06/23 21:23:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
    [2009/06/23 21:23:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
    [2009/06/23 21:23:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
    [2009/06/23 21:23:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
    [2009/06/23 21:23:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
    [2009/06/23 21:23:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
    [2009/06/02 16:18:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
    [2009/06/02 16:18:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
    [2009/06/02 16:18:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
    [2009/06/02 16:18:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
    [2009/06/02 16:18:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
    [2009/06/02 16:18:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
    [2009/06/02 16:18:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

    O1 HOSTS File: (791 bytes) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (no name) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {196C3A46-4758-433D-A600-802C804AF39C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {88A3116B-3695-4635-AA86-D32EBC8C69AA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {196C3A46-4758-433D-A600-802C804AF39C} - No CLSID value found.
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
    O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
    O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe (ProxyWay.com)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Users\sd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.one File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: netzero.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: netzero.net ([]* in Trusted sites)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
    O34 - HKLM BootExecute: (*) - File not found

    ========== Files/Folders - Created Within 30 Days ==========
     
  9. guy2

    guy2 Thread Starter

    Joined:
    Apr 30, 2009
    Messages:
    552
    Part 2

    =========================================================
    [2009/06/25 15:25:03 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\sd\Desktop\OTL.exe
    [2009/06/25 01:25:55 | 00,000,000 | ---D | C] -- C:\Users\sd\Documents\HostsXpert
    [2009/06/24 18:42:54 | 00,000,873 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/06/24 18:42:51 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2009/06/24 18:40:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2009/06/24 02:33:25 | 00,000,912 | ---- | C] () -- C:\Users\sd\Desktop\AusLogics Disk Defrag.lnk
    [2009/06/23 21:24:55 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
    [2009/06/23 21:24:51 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2009/06/23 21:24:51 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2009/06/23 21:24:06 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2009/06/23 21:22:55 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2009/06/23 21:21:57 | 00,000,000 | -HSD | C] -- C:\Config.Msi
    [2009/06/23 21:19:45 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2009/06/23 21:17:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2009/06/23 20:32:05 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
    [2009/06/23 20:31:31 | 00,000,000 | ---D | C] -- C:\Program Files\Synaptics
    [2009/06/23 20:17:49 | 00,000,878 | ---- | C] () -- C:\Users\sd\Desktop\EVEREST Home Edition.lnk
    [2009/06/23 20:17:30 | 00,000,000 | ---D | C] -- C:\Program Files\Lavalys
    [2009/06/23 20:06:59 | 00,000,000 | ---D | C] -- C:\Users\sd\Documents\mm0310-1
    [2009/06/23 19:58:41 | 00,000,000 | ---D | C] -- C:\Users\sd\Documents\mm0310
    [2009/06/23 19:25:04 | 00,000,000 | ---D | C] -- C:\Users\sd\Desktop\windows sounds
    [2009/06/23 02:55:37 | 00,000,000 | ---D | C] -- C:\Users\sd\AppData\Roaming\Acoustica
    [2009/06/23 02:55:32 | 00,057,344 | ---- | C] (NexiTech, Inc.) -- C:\Windows\System32\Wnaspint.dll
    [2009/06/23 02:48:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Acoustica
    [2009/06/23 01:17:02 | 00,000,000 | ---D | C] -- C:\Users\sd\Desktop\New Folder
    [2009/06/22 20:15:37 | 00,000,970 | ---- | C] () -- C:\Users\sd\Desktop\Type.lnk
    [2009/06/22 20:15:30 | 00,000,772 | ---- | C] () -- C:\Users\sd\Desktop\ZMatrix.lnk
    [2009/06/22 20:15:22 | 00,001,027 | ---- | C] () -- C:\Users\sd\Desktop\Sandboxie Start Menu.lnk
    [2009/06/22 20:15:05 | 00,001,641 | ---- | C] () -- C:\Users\sd\Desktop\Recuva.lnk
    [2009/06/22 20:15:00 | 00,000,915 | ---- | C] () -- C:\Users\sd\Desktop\TreeSize Free.lnk
    [2009/06/22 06:31:46 | 00,000,000 | ---D | C] -- C:\Program Files\Recuva
    [2009/06/22 01:04:49 | 00,006,200 | ---- | C] () -- C:\Windows\System32\INT13EXT.VXD
    [2009/06/21 19:12:11 | 00,000,205 | ---- | C] () -- C:\Users\sd\Documents\A real buzzlink.rtf
    [2009/06/21 02:56:12 | 00,005,250 | ---- | C] () -- C:\Users\sd\Documents\A big ****ing brain ****er.rtf
    [2009/06/20 16:53:13 | 00,002,787 | ---- | C] () -- C:\Users\sd\Documents\BUZZ-Manuals.rtf
    [2009/06/19 05:16:09 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2009/06/19 05:16:09 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2009/06/19 05:16:07 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
    [2009/06/19 05:16:07 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2009/06/19 05:16:07 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2009/06/19 05:16:07 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2009/06/19 05:16:06 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
    [2009/06/19 05:16:05 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
    [2009/06/19 05:16:05 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2009/06/19 05:16:05 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2009/06/19 05:16:04 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2009/06/19 05:16:01 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
    [2009/06/19 05:16:01 | 05,936,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
    [2009/06/19 05:14:15 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
    [2009/06/19 05:14:15 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
    [2009/06/19 05:14:15 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
    [2009/06/19 05:14:15 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
    [2009/06/19 05:14:14 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
    [2009/06/19 05:14:14 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
    [2009/06/19 05:14:13 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
    [2009/06/19 05:14:13 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
    [2009/06/19 05:14:13 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
    [2009/06/19 05:14:13 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
    [2009/06/19 05:14:13 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
    [2009/06/19 05:14:12 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2009/06/19 05:14:12 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
    [2009/06/19 05:14:12 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2009/06/19 05:14:12 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2009/06/19 05:14:11 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
    [2009/06/19 05:14:11 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
    [2009/06/19 05:14:11 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
    [2009/06/19 05:14:11 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
    [2009/06/19 05:14:10 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
    [2009/06/19 05:14:10 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
    [2009/06/19 05:14:10 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
    [2009/06/19 05:14:10 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2009/06/19 05:14:09 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2009/06/19 05:14:09 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2009/06/19 05:14:09 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
    [2009/06/19 05:14:09 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
    [2009/06/19 05:14:07 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
    [2009/06/19 05:14:07 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
    [2009/06/19 05:14:07 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
    [2009/06/19 05:14:07 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2009/06/19 05:14:07 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2009/06/19 05:14:04 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2009/06/19 05:14:04 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
    [2009/06/19 05:14:04 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
    [2009/06/19 05:14:03 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
    [2009/06/19 05:14:03 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2009/06/19 05:14:03 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
    [2009/06/19 05:14:03 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2009/06/19 05:14:03 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
    [2009/06/19 05:14:03 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
    [2009/06/19 05:14:03 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
    [2009/06/17 03:01:24 | 00,001,863 | ---- | C] () -- C:\Users\sd\Desktop\HijackThis.lnk
    [2009/06/17 01:00:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Ableton
    [2009/06/17 00:34:42 | 00,000,000 | ---D | C] -- C:\Users\sd\AppData\Roaming\Ableton
    [2009/06/16 21:57:36 | 00,000,173 | ---- | C] () -- C:\Users\sd\Documents\good laptops.rtf
    [2009/06/16 21:57:18 | 00,000,173 | ---- | C] () -- C:\Users\sd\Documents\Document.rtf
    [2009/06/14 19:55:34 | 00,044,544 | ---- | C] () -- C:\Users\sd\Documents\piano.fla
    [2009/06/14 19:43:42 | 00,481,792 | ---- | C] () -- C:\Users\sd\Documents\helen.fla
    [2009/06/14 04:08:45 | 00,000,258 | ---- | C] () -- C:\Users\sd\Documents\NEXT.rtf
    [2009/06/14 02:53:56 | 00,000,199 | ---- | C] () -- C:\Users\sd\Documents\kings of p.rtf
    [2009/06/13 04:47:52 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
    [2009/06/13 04:47:50 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
    [2009/06/13 04:47:50 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
    [2009/06/13 04:47:49 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
    [2009/06/13 04:47:48 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
    [2009/06/12 23:36:43 | 00,000,314 | ---- | C] () -- C:\Users\sd\Documents\NewGrounds Links88888.rtf
    [2009/06/12 21:19:35 | 00,001,882 | ---- | C] () -- C:\Users\sd\Desktop\ESET NOD32 Antivirus.lnk
    [2009/06/12 20:23:29 | 00,000,000 | ---D | C] -- C:\Users\sd\AppData\Roaming\JAM Software
    [2009/06/12 20:23:04 | 00,000,000 | ---D | C] -- C:\Program Files\JAM Software
    [2009/06/12 18:49:00 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2009/06/11 19:17:54 | 00,000,238 | ---- | C] () -- C:\Users\sd\Documents\how to keep a secret.rtf
    [2009/06/11 02:45:03 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2009/06/11 02:43:32 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
    [2009/06/11 02:43:27 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
    [2009/06/11 01:18:46 | 00,000,228 | ---- | C] () -- C:\Users\sd\Documents\typing freeware link.rtf
    [2009/06/11 01:06:44 | 00,000,000 | ---D | C] -- C:\Program Files\Bruce's Unusual Typing Wizard
    [2009/06/10 23:21:15 | 00,000,210 | ---- | C] () -- C:\Users\sd\Documents\good guitars.rtf
    [2009/06/10 21:28:02 | 00,000,300 | ---- | C] () -- C:\Users\sd\Documents\you tube urls.rtf
    [2009/06/09 16:05:31 | 00,000,000 | ---D | C] -- C:\Users\sd\Desktop\Grandma pics
    [2009/06/09 16:01:42 | 00,000,000 | ---D | C] -- C:\Users\sd\Desktop\jpeg
    [2009/06/07 23:33:55 | 00,000,173 | ---- | C] () -- C:\Users\sd\Documents\cool web tools.rtf
    [2009/06/07 21:48:34 | 00,000,173 | ---- | C] () -- C:\Users\sd\Documents\Powerfull tools.rtf
    [2009/06/06 21:40:27 | 00,000,000 | ---D | C] -- C:\Users\sd\AppData\Roaming\VSRevoGroup
    [2009/06/05 00:07:06 | 00,000,000 | ---D | C] -- C:\Users\sd\Desktop\CS4
    [2009/06/02 18:06:35 | 00,000,194 | ---- | C] () -- C:\Users\sd\Documents\G missed phone calls.rtf
    [2009/05/30 13:48:53 | 00,000,461 | ---- | C] () -- C:\Users\sd\Documents\facebook-myspace.rtf
    [2009/04/17 03:45:59 | 00,000,068 | ---- | C] () -- C:\Windows\ZMatrixSS.ini
    [2009/04/05 10:21:30 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2009/04/05 10:21:30 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/01/18 06:08:54 | 00,001,590 | ---- | C] () -- C:\Windows\Sandboxie.ini
    [2008/12/11 19:34:24 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2008/12/11 19:33:14 | 00,000,079 | ---- | C] () -- C:\Windows\EPSCX7400.ini
    [2008/10/05 20:37:05 | 00,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
    [2008/10/02 15:47:49 | 00,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
    [2008/10/02 15:47:47 | 00,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
    [2008/08/17 10:44:23 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
    [2008/08/17 10:44:23 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
    [2008/08/17 10:44:23 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
    [2008/08/17 10:44:23 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
    [2008/05/05 11:41:42 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
    [2008/04/22 22:05:08 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2008/03/13 16:52:18 | 00,033,800 | ---- | C] () -- C:\Windows\System32\drivers\epfwtdir.sys
    [2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 03:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
    [2006/11/02 03:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
    [2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

    ========== Files - Modified Within 30 Days ==========

    [2009/06/25 16:15:17 | 00,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C7C28DC9-0AFD-4853-B2B6-E43D8869627E}.job
    [2009/06/25 16:06:55 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2009/06/25 16:06:55 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2009/06/25 16:06:55 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2009/06/25 15:25:49 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\sd\Desktop\OTL.exe
    [2009/06/25 15:02:29 | 00,000,432 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
    [2009/06/25 15:02:23 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2009/06/25 15:02:23 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2009/06/25 15:02:18 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2009/06/25 15:02:11 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2009/06/25 15:02:07 | 29,505,24928 | -HS- | M] () -- C:\hiberfil.sys
    [2009/06/25 07:33:57 | 01,678,640 | -H-- | M] () -- C:\Users\sd\AppData\Local\IconCache.db
    [2009/06/24 23:41:27 | 00,001,590 | ---- | M] () -- C:\Windows\Sandboxie.ini
    [2009/06/24 18:42:54 | 00,000,873 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/06/24 02:33:25 | 00,000,912 | ---- | M] () -- C:\Users\sd\Desktop\AusLogics Disk Defrag.lnk
    [2009/06/23 20:32:05 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
    [2009/06/23 20:17:49 | 00,000,878 | ---- | M] () -- C:\Users\sd\Desktop\EVEREST Home Edition.lnk
    [2009/06/22 20:15:37 | 00,000,970 | ---- | M] () -- C:\Users\sd\Desktop\Type.lnk
    [2009/06/22 20:15:30 | 00,000,772 | ---- | M] () -- C:\Users\sd\Desktop\ZMatrix.lnk
    [2009/06/22 20:15:22 | 00,001,027 | ---- | M] () -- C:\Users\sd\Desktop\Sandboxie Start Menu.lnk
    [2009/06/22 20:15:05 | 00,001,641 | ---- | M] () -- C:\Users\sd\Desktop\Recuva.lnk
    [2009/06/22 20:15:00 | 00,000,915 | ---- | M] () -- C:\Users\sd\Desktop\TreeSize Free.lnk
    [2009/06/21 19:12:11 | 00,000,205 | ---- | M] () -- C:\Users\sd\Documents\A real buzzlink.rtf
    [2009/06/21 18:35:30 | 00,002,787 | ---- | M] () -- C:\Users\sd\Documents\BUZZ-Manuals.rtf
    [2009/06/21 04:19:00 | 00,000,366 | ---- | M] () -- C:\Windows\tasks\RegCure.job
    [2009/06/21 02:56:12 | 00,005,250 | ---- | M] () -- C:\Users\sd\Documents\A big ****ing brain ****er.rtf
    [2009/06/19 18:34:07 | 00,071,368 | ---- | M] () -- C:\Users\sd\AppData\Local\GDIPFONTCACHEV1.DAT
    [2009/06/19 16:38:30 | 00,000,807 | ---- | M] () -- C:\Users\sd\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/06/19 05:22:58 | 00,299,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2009/06/17 03:01:24 | 00,001,863 | ---- | M] () -- C:\Users\sd\Desktop\HijackThis.lnk
    [2009/06/16 21:57:36 | 00,000,173 | ---- | M] () -- C:\Users\sd\Documents\good laptops.rtf
    [2009/06/16 21:57:18 | 00,000,173 | ---- | M] () -- C:\Users\sd\Documents\Document.rtf
    [2009/06/16 03:49:06 | 00,000,199 | ---- | M] () -- C:\Users\sd\Documents\kings of p.rtf
    [2009/06/14 21:51:18 | 00,000,461 | ---- | M] () -- C:\Users\sd\Documents\facebook-myspace.rtf
    [2009/06/14 19:55:34 | 00,044,544 | ---- | M] () -- C:\Users\sd\Documents\piano.fla
    [2009/06/14 19:43:42 | 00,481,792 | ---- | M] () -- C:\Users\sd\Documents\helen.fla
    [2009/06/14 04:08:45 | 00,000,258 | ---- | M] () -- C:\Users\sd\Documents\NEXT.rtf
    [2009/06/12 23:36:43 | 00,000,314 | ---- | M] () -- C:\Users\sd\Documents\NewGrounds Links88888.rtf
    [2009/06/12 21:19:35 | 00,001,882 | ---- | M] () -- C:\Users\sd\Desktop\ESET NOD32 Antivirus.lnk
    [2009/06/11 19:17:55 | 00,000,238 | ---- | M] () -- C:\Users\sd\Documents\how to keep a secret.rtf
    [2009/06/11 01:18:47 | 00,000,228 | ---- | M] () -- C:\Users\sd\Documents\typing freeware link.rtf
    [2009/06/10 23:21:15 | 00,000,210 | ---- | M] () -- C:\Users\sd\Documents\good guitars.rtf
    [2009/06/10 21:28:02 | 00,000,300 | ---- | M] () -- C:\Users\sd\Documents\you tube urls.rtf
    [2009/06/08 14:43:26 | 00,000,173 | ---- | M] () -- C:\Users\sd\Documents\cool web tools.rtf
    [2009/06/07 21:48:34 | 00,000,173 | ---- | M] () -- C:\Users\sd\Documents\Powerfull tools.rtf
    [2009/06/02 18:06:35 | 00,000,194 | ---- | M] () -- C:\Users\sd\Documents\G missed phone calls.rtf
    [2009/06/02 18:02:54 | 00,000,758 | ---- | M] () -- C:\Users\sd\Documents\######################.rtf
    [2009/06/01 20:00:04 | 00,000,776 | ---- | M] () -- C:\Users\sd\Documents\The AK-47 and it's brothers.rtf
    [2009/06/01 09:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
    [2009/05/30 12:00:00 | 00,000,388 | ---- | M] () -- C:\Windows\tasks\Schedule Task Weekly.job
    [2009/05/28 07:34:47 | 00,000,327 | ---- | M] () -- C:\Users\sd\Documents\MEMBER REMEMBER.rtf
    < End of report >
     
  10. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    32,959
    I'll have a detailed look at this at the weekend, as you can tell its a big list ;)

    Just out of curiosity, is this the third scan:

    If so, if you look in the folder for OTListIt (off the top of my head, I think its just the C drive), you should see the other log.

    If this is all the logs you have, its okay, I'll work on it for you anyway :)

    eddie
     
  11. guy2

    guy2 Thread Starter

    Joined:
    Apr 30, 2009
    Messages:
    552
    well im disappointed to say that i may have deleted the the second OTC log ,i dragged and dropped the exe and all of a sudden i had many different logs/folders in C: and on desktop i didn't recognize.
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    32,959
    That's okay, we should be able to produce it again :)

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • In the options on the left, select All under Extra Registry
    • Click the Run Scan button.

    Copy/paste the Extra log here

    eddie
     
  13. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    32,959
    Also, can you do this:


    Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Thanks :)
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - something unknowing lurking
  1. KVP
    Replies:
    38
    Views:
    2,540
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/836209

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice