Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

iexplore.exe BHO or not.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: iexplore.exe BHO or not.

Unread postby askey127 » February 26th, 2011, 3:42 pm

Butcher,
That should take care of that pesky Ask Toolbar.

Winpatrol allows you to temporarily remove or restore a startup program and see if you like the behavior.
Also allows you to remove Browser Helpers if you wish.
Warns you if anything tries to change your system.

I think you should be good to go, if no other problems.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Re: iexplore.exe BHO or not.

Unread postby Butcher » February 27th, 2011, 6:46 am

askey127,
I don't see any other problems.Laptop seems to be running good.I have updated Avira,Malwarebytes and Spywareblaster.I still don,t know why Hijackthis sees Norton 360.It also sees Napster.I never installed that one either.Anything else to do?

Butcher
Butcher
Regular Member
 
Posts: 36
Joined: July 5th, 2010, 10:24 am

Re: iexplore.exe BHO or not.

Unread postby askey127 » February 27th, 2011, 7:14 am

Butcher,
There are probably a few old registry entries with those names.
We can do a registry search, find out where they are, and remove them.
---------------------------------------------
Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :regfind
    Norton
    Napster
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: iexplore.exe BHO or not.

Unread postby Butcher » February 27th, 2011, 10:12 am

askey127,
Wow,I can't believe how many registry items SystemLook found for Norton and Napster.How did they get on here?I don't swap music files.Here is the log.

Butcher

SystemLook 04.09.10 by jpshortstuff
Log created at 08:54 on 27/02/2011 by Owner
Administrator - Elevation successful

========== regfind ==========

Searching for "Norton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9A9E6A36091A4D644903D22B6845FA8D]
"ProductName"="Norton 360"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\NortonSystemInfo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Norton 360\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9A9E6A36091A4D644903D22B6845FA8D\InstallProperties]
"DisplayName"="Norton 360"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63A6E9A9-A190-46D4-9430-2DB28654AFD8}]
"DisplayName"="Norton 360"

Searching for "Napster"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID]
@="napster_shell"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\napster_shell.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0A0888B-8977-45b5-B884-57CC3A164650}\InprocServer32]
@="C:\Program Files\Common Files\Napster Shared\SharedCOM\NXACMP3CTD.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2897008-A82D-4267-92A3-04D22450D565}\InprocServer32]
@="C:\Program Files\Common Files\Napster Shared\SharedCOM\NXAudioCodec.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f73258F7-8BC6-4a64-A4E7-919E4D32DC63}\InprocServer32]
@="C:\Program Files\Common Files\Napster Shared\SharedCOM\NXACWMA.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C055ECD834AC28E429FDFF4C4AF8B51E]
"ProductName"="Napster Burn Engine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C055ECD834AC28E429FDFF4C4AF8B51E\SourceList]
"PackageName"="Napster Burn Engine.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C055ECD834AC28E429FDFF4C4AF8B51E\SourceList]
"LastUsedSource"="n;1;C:\Users\Administrator\AppData\Local\Temp\{EF094561-FBF5-4851-BD75-1D208B3B23A0}\{BBBCAE4B-B416-4182-A6F2-438180894A81}\NapsterBurnEngine\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C055ECD834AC28E429FDFF4C4AF8B51E\SourceList\Net]
"1"="C:\Users\Administrator\AppData\Local\Temp\{EF094561-FBF5-4851-BD75-1D208B3B23A0}\{BBBCAE4B-B416-4182-A6F2-438180894A81}\NapsterBurnEngine\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ROXCLSID\{0F327873-0507-4C98-8B78-B0B679DAE949}]
"InProcServer"="C:\Program Files\Common Files\Napster Shared\Sidewinder\NSidewinder.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ROXCLSID\{0FCFCDFE-DC50-407B-A72C-404503741924}]
"InProcServer"="C:\Program Files\Common Files\Napster Shared\Sidewinder\NSidewinderRes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ROXCLSID\{66212A3C-8B44-452A-A2BC-861106EAB533}]
"InProcServer"="C:\Program Files\Common Files\Napster Shared\Dragon\NDragon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ROXCLSID\{F1B67D73-7325-4F86-98EA-ACDDF6C1BBE9}]
"InProcServer"="C:\Program Files\Common Files\Napster Shared\Dragon\NDragon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ROXCLSID\{F1D69827-8B89-4193-AF89-05E4525DFA0F}]
"InProcServer"="C:\Program Files\Common Files\Napster Shared\Sidewinder\NSidewinder.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ROXCLSID\{F2E9FC38-F713-43AE-B841-2E463F1B1FA2}]
"InProcServer"="C:\Program Files\Common Files\Napster Shared\Sidewinder\NSidewinder.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ROXCLSID\{F3DEED37-1C53-440D-A10A-F0A4215562AA}]
"InProcServer"="C:\Program Files\Common Files\Napster Shared\Dragon\NDragon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ROXCLSID\{F43A6774-3BE5-42E0-882A-7B0CEEC2D198}]
"InProcServer"="C:\Program Files\Common Files\Napster Shared\Sidewinder\NSidewinder.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ROXCLSID\{F6090598-06A2-4AB2-BE99-F34847335C11}]
"InProcServer"="C:\Program Files\Common Files\Napster Shared\Dragon\NDragonRs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ROXCLSID\{F6EF1FEF-1ABF-40DB-A4FE-248452E1944C}]
"InProcServer"="C:\Program Files\Common Files\Napster Shared\Dragon\NDragon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ROXCLSID\{F713B982-FF43-4749-8B34-17CA3F7EFD70}]
"InProcServer"="C:\Program Files\Common Files\Napster Shared\Dragon\NDragon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ROXCLSID\{F83250E4-A9A0-4AC7-8346-224FEBEF3EF1}]
"InProcServer"="C:\Program Files\Common Files\Napster Shared\Dragon\NDragon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ROXCLSID\{FABCB7B5-363F-4987-99DC-C8F8801A0C3C}]
"InProcServer"="C:\Program Files\Common Files\Napster Shared\Sidewinder\NSidewinder.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ROXCLSID\{FB918691-8BA0-4084-BFD9-9F46E4261D00}]
"InProcServer"="C:\Program Files\Common Files\Napster Shared\Sidewinder\NSidewinder.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ROXCLSID\{FEED01DE-C2FF-44A5-8423-CA15CDE8C2F9}]
"InProcServer"="C:\Program Files\Common Files\Napster Shared\Dragon\NDragon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ROXCLSID\{FF5CEC54-1907-4C0B-AC81-D3EE823E3905}]
"InProcServer"="C:\Program Files\Common Files\Napster Shared\Sidewinder\NSidewinder.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5A3B076D-C678-446B-8EE3-5826A640B103}\1.0\0\win32]
@="C:\Program Files\Common Files\Napster Shared\SharedCOM\NXAudioCodec.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5A3B076D-C678-446B-8EE3-5826A640B103}\1.0\HELPDIR]
@="C:\Program Files\Common Files\Napster Shared\SharedCOM\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Common Files\Napster Shared\BurnPlugin\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Common Files\Napster Shared\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Common Files\Napster Shared\SharedCOM\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Common Files\Napster Shared\Sidewinder\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Common Files\Napster Shared\Dragon\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08494EFF84980694AB64C1DE521EEEF2]
"C055ECD834AC28E429FDFF4C4AF8B51E"="C?\Program Files\Common Files\Napster Shared\BurnPlugin\BurnPlugin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D571A6226CB3B94FACCD8A62170C8AF]
"C055ECD834AC28E429FDFF4C4AF8B51E"="C?\Program Files\Common Files\Napster Shared\SharedCOM\NXACWMA.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C8D897E321F61A44892D60398C18953]
"C055ECD834AC28E429FDFF4C4AF8B51E"="C?\Program Files\Common Files\Napster Shared\SharedCOM\NXACMP3CTD.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E1F12550AEC1AE4080BAB8A6988AD6D]
"C055ECD834AC28E429FDFF4C4AF8B51E"="C?\Program Files\Common Files\Napster Shared\Dragon\NDragonRs.loc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1EE8CBFECA799BF45B3A0D16F2E10F98]
"C055ECD834AC28E429FDFF4C4AF8B51E"="C?\Program Files\Common Files\Napster Shared\SharedCOM\NXAudioCodec.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FCCFD3F5DEBD9E4AB984FE7D8034DF6]
"C055ECD834AC28E429FDFF4C4AF8B51E"="C:\Program Files\Common Files\Napster Shared\BurnPlugin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41C1172D81097ED479B20497DBB5EC78]
"C055ECD834AC28E429FDFF4C4AF8B51E"="C?\Program Files\Common Files\Napster Shared\Sidewinder\NSidewinder.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7704D63CCFA5533439C75838509F8992]
"C055ECD834AC28E429FDFF4C4AF8B51E"="C?\Program Files\Common Files\Napster Shared\SharedCOM\RxACWrapper1033.lng"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9F7A911B0FF465046A870271C1ECAF50]
"C055ECD834AC28E429FDFF4C4AF8B51E"="C?\Program Files\Common Files\Napster Shared\Dragon\NDragonRs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB81E57C23672EA48A0AA273A6CCBF22]
"C055ECD834AC28E429FDFF4C4AF8B51E"="C?\Program Files\Common Files\Napster Shared\Dragon\NDragon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BDC9A47967F0B6B4490351289B3C1F48]
"C055ECD834AC28E429FDFF4C4AF8B51E"="C?\Program Files\Common Files\Napster Shared\Sidewinder\NSidewinderRes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB50E5C0D79CAE14CA59F4BC0B424B4D]
"C055ECD834AC28E429FDFF4C4AF8B51E"="C?\Program Files\Common Files\Napster Shared\Sidewinder\SidewinderRes.loc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4A107A6FE4142D40B7E562E50DDFB88]
"C055ECD834AC28E429FDFF4C4AF8B51E"="C?\Program Files\Common Files\Napster Shared\Dragon\Dragon.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C055ECD834AC28E429FDFF4C4AF8B51E\InstallProperties]
"InstallLocation"="C:\Program Files\Common Files\Napster Shared\BurnPlugin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C055ECD834AC28E429FDFF4C4AF8B51E\InstallProperties]
"InstallSource"="C:\Users\Administrator\AppData\Local\Temp\{EF094561-FBF5-4851-BD75-1D208B3B23A0}\{BBBCAE4B-B416-4182-A6F2-438180894A81}\NapsterBurnEngine\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C055ECD834AC28E429FDFF4C4AF8B51E\InstallProperties]
"DisplayName"="Napster Burn Engine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}]
"InstallLocation"="C:\Program Files\Common Files\Napster Shared\BurnPlugin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}]
"InstallSource"="C:\Users\Administrator\AppData\Local\Temp\{EF094561-FBF5-4851-BD75-1D208B3B23A0}\{BBBCAE4B-B416-4182-A6F2-438180894A81}\NapsterBurnEngine\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}]
"DisplayName"="Napster Burn Engine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Napster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Napster\Client]
"HelpFaqURL"="/help/Napster/faq/client/Napster_k-base.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Napster\Client]
"HelpTutorialURL"="http://www.napster.com/tutorial"
[HKEY_LOCAL_MACHINE\SOFTWARE\Napster\Common]
"ExternalLinkHandler"="C:\Program Files\Napster\napster.exe"

-= EOF =-
Butcher
Regular Member
 
Posts: 36
Joined: July 5th, 2010, 10:24 am

Re: iexplore.exe BHO or not.

Unread postby askey127 » February 27th, 2011, 11:06 am

Butcher,
Norton was probably on the machine when it was first sold.
Napster may have come with another CD burning program no longer present (Roxio?)
With that many entries, I think it's safer to let Revo have a shot at removing them.
----------------------------------------------
You can download the free version of Revo Uninstaller from here: http://www.revouninstaller.com/revo_uni ... nload.html
I would attempt to use it to Uninstall the offending programs.
You can ignore/close the Update pitch that pops up when you start the program
Highlight each of the following, in turn, and click the Uninstall icon in the middle of the Menu bar.
Norton 360
Napster Burn Engine

When the Mode dialog comes up, choose Moderate
You can safely agree to remove Registry entries and files that directly contain the Name of the program.
Revo will succeed many times when regular methods fail.

Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: iexplore.exe BHO or not.

Unread postby Butcher » February 27th, 2011, 11:34 am

askey127,
Revo does not see Norton or Napster.How else can we delete these registry items?


Butcher
Butcher
Regular Member
 
Posts: 36
Joined: July 5th, 2010, 10:24 am

Re: iexplore.exe BHO or not.

Unread postby askey127 » February 28th, 2011, 11:29 am

Butcher,
I am unwilling to take the risk of removing the Napster settings, since Roxio installed an Audio codec, and removing all the settings could break your audio.
An earlier Roxio installation was responsible for the Napster entries and failed to clean up when it was uninstalled. The entries won't do any harm.

You can do this to get rid of the Norton stuff.
------------------------------------------------------------
First, for Safety, Backup Your Registry with ERUNT
  • Download erunt.zip to your Desktop from here: http://aumha.org/downloads/erunt.zip
  • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to your Desktop. It will create a new folder.
  • Inside the new folder, right click ERUNT.exe and choose "Run as administrator"
  • OK all the prompts to back up your registry to the default location.
Note: If you ever need to restore your registry later, you would go to the default backup folder and start ERDNT.exe
(The default backup folder is C:\Windows\ERDNT\ and the backups are saved according to date stamp)
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9A9E6A36091A4D644903D22B6845FA8D]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\NortonSystemInfo]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Norton 360\"=-
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9A9E6A36091A4D644903D22B6845FA8D\InstallProperties]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63A6E9A9-A190-46D4-9430-2DB28654AFD8}]
    
    :Files
    C:\Program Files\Norton 360
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: iexplore.exe BHO or not.

Unread postby Butcher » February 28th, 2011, 7:32 pm

askey127,
Where do I get OTL from?I did not see a link for it.I can do a search for it if you want me to.Let me know.

Butcher
Butcher
Regular Member
 
Posts: 36
Joined: July 5th, 2010, 10:24 am

Re: iexplore.exe BHO or not.

Unread postby askey127 » February 28th, 2011, 8:59 pm

Butcher,
I'm Sorry.
I thought we were using OTL, but it was OTM.

Download OTL from here http://oldtimer.geekstogo.com/OTL.exe and save it to your desktop.
Then go ahead with the Custom Fix.
Thanks for the heads up.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: iexplore.exe BHO or not.

Unread postby Butcher » February 28th, 2011, 9:25 pm

askey127,
Here is the OTL log.

Butcher


OTL logfile created on: 2/28/2011 8:14:41 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 101.30 Gb Free Space | 68.64% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/28 20:02:47 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/02/13 15:20:14 | 000,325,000 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/29 21:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/21 19:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/09/28 19:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2006/11/06 20:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\Toshiba\Utilities\KeNotify.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2011/02/28 20:02:47 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2007/03/26 13:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008/01/21 19:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/30 02:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/28 19:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/01/10 14:23:53 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/06/19 20:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2008/12/23 02:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/29 04:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/21 18:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/08/31 19:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/07/14 01:01:30 | 002,771,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/09 00:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 00:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/08/30 11:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/07/28 19:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/02/23 17:51:29 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HWSetup] File not found
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\Pictures\094.JPG
O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\094.JPG
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (072-1426510162-1000) - File not found
O30 - LSA: Security Packages - (늱&) - File not found
O30 - LSA: Security Packages - (鑏) - File not found
O30 - LSA: Security Packages - () - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/28 20:06:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/28 20:02:45 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/02/28 18:15:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/28 18:13:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\erunt
[2011/02/27 10:26:23 | 007,809,352 | ---- | C] (VS Revo Group ) -- C:\Users\Owner\Desktop\RevoUninProSetup.exe
[2011/02/27 08:08:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2011/02/27 06:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/27 06:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/02/27 06:16:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/02/26 13:19:46 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/02/26 13:16:38 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTM.exe
[2011/02/24 17:52:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\WinPatrol
[2011/02/24 17:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2011/02/24 17:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/02/24 17:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2011/02/24 17:41:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\VS Revo Group
[2011/02/24 17:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/02/24 17:41:01 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/02/24 17:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/02/23 18:03:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Avira
[2011/02/23 18:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/02/23 18:00:19 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/02/23 18:00:19 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/02/23 18:00:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/02/23 18:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/02/23 18:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/02/20 08:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/02/20 08:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/02/20 08:05:22 | 000,000,000 | R--D | C] -- C:\Users\Owner\Documents

========== Files - Modified Within 30 Days ==========

[2011/02/28 20:11:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/28 20:11:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/28 20:11:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/28 20:11:38 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/28 20:02:47 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/02/28 18:22:25 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BCF36DFF-31CC-48B4-A048-A8507171BCD8}.job
[2011/02/28 18:13:08 | 000,513,320 | ---- | M] () -- C:\Users\Owner\Desktop\erunt.zip
[2011/02/27 13:15:23 | 000,932,352 | -HS- | M] () -- C:\Users\Owner\Desktop\ehthumbs_vista.db
[2011/02/27 10:27:14 | 000,001,060 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/02/27 10:26:28 | 007,809,352 | ---- | M] (VS Revo Group ) -- C:\Users\Owner\Desktop\RevoUninProSetup.exe
[2011/02/27 09:22:25 | 000,000,497 | ---- | M] () -- C:\Users\Owner\Desktop\Sign In.url
[2011/02/27 08:08:56 | 000,031,007 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2011/02/27 06:16:17 | 000,001,948 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2011/02/26 13:16:39 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTM.exe
[2011/02/25 13:23:55 | 000,075,264 | ---- | M] () -- C:\Users\Owner\Desktop\SystemLook.exe
[2011/02/24 17:57:51 | 000,001,863 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/02/23 18:00:31 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/02/13 11:48:28 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/13 11:48:28 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/11 16:14:28 | 000,393,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/02/28 18:13:06 | 000,513,320 | ---- | C] () -- C:\Users\Owner\Desktop\erunt.zip
[2011/02/27 08:08:56 | 000,031,007 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2011/02/27 06:16:17 | 000,001,948 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2011/02/25 13:23:54 | 000,075,264 | ---- | C] () -- C:\Users\Owner\Desktop\SystemLook.exe
[2011/02/24 17:41:03 | 000,001,060 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/02/23 18:00:31 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/02/20 08:15:49 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/02/20 08:15:49 | 000,001,863 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010/12/17 12:14:10 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/08/20 14:28:20 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2009/02/21 17:00:54 | 000,012,800 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/21 12:59:32 | 000,046,456 | R--- | C] () -- C:\Windows\System32\exitwx.exe
[2008/09/21 05:58:25 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/09/21 05:58:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/07 15:55:50 | 000,028,747 | ---- | C] () -- C:\Windows\System32\KMemoryMMX.dll
[2008/06/07 15:55:50 | 000,024,653 | ---- | C] () -- C:\Windows\System32\KMemoryPIII.dll
[2008/06/07 15:55:50 | 000,024,632 | ---- | C] () -- C:\Windows\System32\KMemory.dll
[2008/06/07 15:55:50 | 000,020,546 | ---- | C] () -- C:\Windows\System32\KMemoryC.dll
[2008/06/07 15:55:12 | 000,000,002 | ---- | C] () -- C:\Windows\PhotoSuite.ini
[2008/06/07 15:55:08 | 000,122,880 | ---- | C] () -- C:\Windows\System32\EnrouteStitch.dll
[2008/06/07 15:55:07 | 000,458,752 | ---- | C] () -- C:\Windows\System32\Fpl.dll
[2008/06/07 15:55:07 | 000,019,968 | ---- | C] () -- C:\Windows\System32\CPUINF32.DLL
[2008/06/07 15:55:06 | 000,332,800 | ---- | C] () -- C:\Windows\System32\FPXLIB.DLL
[2008/06/07 15:55:06 | 000,122,880 | ---- | C] () -- C:\Windows\System32\JPEGLIB.DLL
[2008/05/04 14:42:41 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2008/05/04 14:42:41 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/20 21:07:38 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/20 21:07:38 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/20 21:07:38 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/20 21:07:38 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/20 21:07:38 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/20 21:07:38 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/20 20:45:33 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/20 19:51:47 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2008/02/20 19:45:08 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/02/20 19:45:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/02/20 19:45:08 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/02/20 19:45:08 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/02/20 19:40:27 | 000,000,291 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/02/20 19:40:27 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/02/20 19:40:27 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/02/20 19:40:27 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008/02/20 19:16:30 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/07/14 00:52:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/07/14 00:29:00 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/02/20 18:39:10 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,393,048 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,607,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/08 23:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/23 16:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2009/09/30 16:11:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Costco Photo Viewer US
[2011/02/27 08:08:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2010/01/31 13:19:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ulead Systems
[2011/02/24 17:52:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinPatrol
[2011/02/28 20:10:42 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/02/28 18:22:25 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BCF36DFF-31CC-48B4-A048-A8507171BCD8}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
Butcher
Regular Member
 
Posts: 36
Joined: July 5th, 2010, 10:24 am

Re: iexplore.exe BHO or not.

Unread postby askey127 » March 1st, 2011, 8:20 am

Butcher,
Good job on your part.
Log looks good.
You should be fine.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: iexplore.exe BHO or not.

Unread postby Butcher » March 1st, 2011, 7:51 pm

askey127,
Is there anything else you want me to do? If not I want to thank you once again for all your help.

Butcher
Butcher
Regular Member
 
Posts: 36
Joined: July 5th, 2010, 10:24 am

Re: iexplore.exe BHO or not.

Unread postby askey127 » March 3rd, 2011, 10:22 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 270 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware