Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HijackThis Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HijackThis Log

Unread postby rdy423 » April 15th, 2010, 11:04 pm

DESCRIPTION OF PROBLEM:

My Fujutsi A6030 notebook is suddenly very sluggish. It seems that the hard drive runs almost continuously and the machine suddenly takes several minutes to shut down or startup. Any help you can provide would be greatly appreciated. Thanks.


HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:48 PM, on 4/15/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\MailWasher Pro\MailWasher.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
C:\Windows\RDrvMon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Taskix\Taskix32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Stardock ObjectDock\ObjectDock.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
O4 - HKLM\..\Run: [FjRDrvMon] C:\Windows\RDrvMon.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Taskix] "C:\Program Files\Taskix\Taskix32.exe" start
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: ObjectDock.lnk = C:\Program Files\Stardock ObjectDock\ObjectDock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.p ... 2OneCC.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonW ... ontrol.cab
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - Unknown owner - C:\Program Files\AT&T Communication Manager\RcAppSvc.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: AT&T Con App Svc (CAATT) - Unknown owner - C:\Program Files\AT&T Communication Manager\ConAppsSvc.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - C:\Windows\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Window Washer\WasherSvc.exe

--
End of file - 11651 bytes


UNINSTALL LIST:

2007 Microsoft Office System
Activation Assistant for 2007 Microsoft Office Suites
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Media Player
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
ALPS Touch Pad Driver
AnswerWorks 4.0 Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Sensor Minimum Install
AuthenTec Fingerprint Sensor Minimum Install
Autoplay Repair 2.2.2
AVerMedia HC80 ExpressCard Hybrid ATSC 1.3.0.56
Avery Wizard 3.1
Bluetooth Stack for Windows by Toshiba
Bonjour
Calendar Creator 12
Canon Inkjet Printer Driver Add-On Module
CCleaner
Click'N Design 3D
ContextAdvisor
Coupon Printer for Windows
Defraggler
Diskeeper 2009 Professional
Driver Installer
Final Draft
Fujitsu Display Manager
Fujitsu Driver Update
Fujitsu Hotkey Utility
Fujitsu MobilityCenter Extension Utility
Fujitsu System Extension Utility
Google Earth
Google Update Helper
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Inst5657
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager and Intel® Turbo Memory
Intel® Turbo Memory
iTunes
Java 2 Runtime Environment, SE v1.4.2_15
Java(TM) 6 Update 18
Java(TM) 6 Update 7
LifeBook Application Panel
LiveUpdate 3.2 (Symantec Corporation)
MailWasher Pro
MailWasherPro
MakeDisc
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Web Access S/MIME
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Adapter Cable DKU-5
Norton Internet Security
Norton Save and Restore
O2Micro Flash Memory Card Windows Driver
ObjectDock
OGA Notifier 2.0.0048.0
OmniPass 5.00.62
Picasa 3
PowerDirector Express
PowerDVD
PowerProducer
ProgramChecker
QuickTime
Realtek High Definition Audio Driver
Roxio Easy Media Creator Home
Samsung ML-2150 Series
Samsung ML-2150 Series PCL 6
Samsung ML-2150 Series PS
Security Task Manager 1.7f
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Shipping Assistant 3.5
Shock Sensor Utility
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Symantec Technical Support Web Controls
Tablet
Taskix 2.1
Text Cleanup 2.0
Trend Micro RUBotted
TweakVI
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb981433)
User Agent String Utility
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebIQ Technology Engine
Window Washer
Windows 7 Upgrade Advisor
Windows Live Sign-in Assistant
ZTreeWin (remove only)
rdy423
Regular Member
 
Posts: 17
Joined: April 15th, 2010, 10:17 pm
Advertisement
Register to Remove

Re: HijackThis Log

Unread postby MWR 3 day Mod » April 19th, 2010, 12:58 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: HijackThis Log

Unread postby Cypher » April 20th, 2010, 12:57 pm

Hi and welcome to Malware Removal Forums, Sorry for the delay in answering your request for help.
We have had more logs than we could handle in a timely manner.
My name is Cypher, and I will be helping you with your malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read Back up your files

please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  • Print each set of instructions... if possible...your Internet connection might not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • The logs from the tools we use can take some time to research so please be patient.

  • If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.



Vista Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • The Operating System(Vista aka Windows 6) in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.


Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following
Ad-Aware
Coupon Printer for Windows
Java 2 Runtime Environment, SE v1.4.2_15
Java(TM) 6 Update 7
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition


Next.

Fix HijackThis entries

Run HijackThis

If using Vista, you must right click (hijackthis.exe) and choose "Run As Administrator".
  • If you are on the Main Menu page... Click "Do a system scan only"
  • If you are on the "scan & fix stuff" page... Press the Scan...button.
  • When the scan finishes...Place a check mark next to the following entries (if they are still present)
  • Note: Only check those items listed below.
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

  • After checking these items... CLOSE ALL open windows except HijackThis.
  • Click the Fix Checked ...button...to remove the entries you checked.
  • Choose YES...when prompted to fix the selected items.
  • Once it has fixed them, close HijackThis and reboot your computer normally.

Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)



Logs/Information to Post in your Next Reply

  • RSIT log.txt file contents and info.txt file contents.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HijackThis Log

Unread postby rdy423 » April 20th, 2010, 9:54 pm

Hi Cypher,
Thanks for getting back to me. I did everything you instructed me to do EXCEPT to run RSIT. I downloaded the program and it started okay, but then an error message popped up that read: "Performing Registry Dump" Line-1: Error: Subscript used with non-Array variable." I downloaded RSIT a second time but it still wouldn't run past this error message, and as a result I am unable to include the "log.txt" and "info.txt" files it would have produced. Please let me know what I can do to get past this so that RSIT will run on my computer.

FYI, here is an updated HijackThis Log generated today after I completed the other steps you instructed me to perform:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:23 PM, on 4/20/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\MailWasher Pro\MailWasher.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
C:\Windows\RDrvMon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Taskix\Taskix32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Stardock ObjectDock\ObjectDock.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
O4 - HKLM\..\Run: [FjRDrvMon] C:\Windows\RDrvMon.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Taskix] "C:\Program Files\Taskix\Taskix32.exe" start
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: ObjectDock.lnk = C:\Program Files\Stardock ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.p ... 2OneCC.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonW ... ontrol.cab
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - Unknown owner - C:\Program Files\AT&T Communication Manager\RcAppSvc.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: AT&T Con App Svc (CAATT) - Unknown owner - C:\Program Files\AT&T Communication Manager\ConAppsSvc.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - C:\Windows\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Window Washer\WasherSvc.exe

--
End of file - 11274 bytes
rdy423
Regular Member
 
Posts: 17
Joined: April 15th, 2010, 10:17 pm

Re: HijackThis Log

Unread postby Cypher » April 21st, 2010, 5:02 am

Hi rdy423.
Thanks for getting back to me

You're welcome.
No problem we can try another scanner.

Download OTL by Old Timer and save it to your Desktop.

Right click on OTL.exe And select Run as administrator to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
  • OTListIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HijackThis Log

Unread postby rdy423 » April 21st, 2010, 2:56 pm

OTL logfile created on: 4/21/2010 11:48:39 AM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Rick\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109.28 Gb Total Space | 43.24 Gb Free Space | 39.56% Space Free | Partition Type: NTFS
Drive D: | 1023.99 Mb Total Space | 985.19 Mb Free Space | 96.21% Space Free | Partition Type: NTFS
Drive E: | 3.81 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RDY-1
Current User Name: Rick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Rick\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe (Symantec Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Taskix\Taskix32.exe (Robust IT)
PRC - C:\Program Files\MailWasher Pro\MailWasher.exe (Firetrust Ltd)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe (Trend Micro Inc.)
PRC - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Window Washer\WasherSvc.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Softex\OmniPass\scureapp.exe ()
PRC - C:\Program Files\Softex\OmniPass\opvapp.exe ()
PRC - C:\Program Files\Softex\OmniPass\OmniServ.exe (Softex Inc.)
PRC - C:\Windows\RDrvMon.exe ()
PRC - C:\Program Files\Stardock ObjectDock\ObjectDock.exe (Stardock)
PRC - C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\System32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Tablet.exe (Wacom Technology, Corp.)
PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.)
PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\System32\o2flash.exe (O2Micro International)


========== Modules (SafeList) ==========

MOD - C:\Users\Rick\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (LxrSII1s) -- File not found
SRV - (CAATT) -- File not found
SRV - (ATTRcAppSvc) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (RUBotted) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe (Trend Micro Inc.)
SRV - (Norton Save and Restore) -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe (Symantec Corporation)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (wwEngineSvc) -- C:\Program Files\Window Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (omniserv) -- C:\Program Files\Softex\OmniPass\OmniServ.exe (Softex Inc.)
SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (UpdateNaviInstallService) -- C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe (FUJITSU LIMITED)
SRV - (TabletService) -- C:\Windows\System32\Tablet.exe (Wacom Technology, Corp.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (sassvc) -- C:\Program Files\ProgramChecker\sassvc.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (O2Flash) -- C:\Windows\System32\o2flash.exe (O2Micro International)


========== Driver Services (SafeList) ==========

DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1106000.020\Ironx86.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1106000.020\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1106000.020\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\system32\drivers\NIS\1106000.020\ccHPx86.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1106000.020\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1106000.020\SYMEFA.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100421.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100421.002\NAVENG.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1106000.020\SYMDS.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100415.001\IDSvix86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\DRIVERS\iaNvStor.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (swmsflt) -- C:\Windows\System32\drivers\swmsflt.sys ()
DRV - (symsnap) -- C:\Windows\system32\DRIVERS\symsnap.sys (StorageCraft)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (TMPassthruMP) -- C:\Windows\System32\drivers\TMPassthru.sys (Trend Micro Inc.)
DRV - (TMPassthru) -- C:\Windows\System32\drivers\TMPassthru.sys (Trend Micro Inc.)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (wrssweep) -- C:\Program Files\Window Washer\wrSSweep.sys (Webroot Software Inc (www.webroot.com))
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (FJGSDisk) -- C:\Windows\system32\DRIVERS\FJGSDisk.sys (FUJITSU LIMITED)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (VProEventMonitor) -- C:\Windows\System32\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV - (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56) -- C:\Windows\System32\drivers\swumx56.sys (Sierra Wireless Inc.)
DRV - (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56) -- C:\Windows\System32\drivers\swnc8u56.sys (Sierra Wireless Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (v2imount) -- C:\Windows\System32\drivers\v2imount.sys (Symantec Corporation)
DRV - (USBAVCap) -- C:\Windows\System32\drivers\USBAVCap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (WISDPen) -- C:\Windows\System32\drivers\wisdpen.sys (Wacom Technology)
DRV - (FjGenIo) -- C:\Windows\System32\drivers\FjGenIo.sys (Fujitsu Computer Systems Corporation)
DRV - (wtpfiltr) -- C:\Windows\System32\drivers\wtpfiltr.sys (Wacom Technology)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC)
DRV - (FUJ02E3) -- C:\Windows\System32\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV - (FUJ02B1) -- C:\Windows\System32\drivers\fuj02b1.sys (FUJITSU LIMITED)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (FBIOSDRV) -- C:\Windows\system32\drivers\FBIOSDRV.SYS (FUJITSU LIMITED)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\Windows\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ADVNTDRV) -- C:\Windows\System32\drivers\ADVNTDRV.SYS (FUJITSU LIMITED.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3836192299-951331460-3705126066-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\S-1-5-21-3836192299-951331460-3705126066-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
IE - HKU\S-1-5-21-3836192299-951331460-3705126066-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.earthlink.net/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2009/09/21 11:16:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/01/21 13:14:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Firefox\components [2010/04/20 17:08:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Firefox\plugins [2010/04/20 17:36:42 | 000,000,000 | ---D | M]

[2008/06/17 18:27:36 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Mozilla\Extensions
[2010/03/27 21:56:47 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\mculodyo.default\extensions
[2009/07/01 12:21:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\mculodyo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/31 15:07:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\mculodyo.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/10/31 15:07:25 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\mculodyo.default\extensions\cybersearch@cybernetnews.com
[2009/10/31 15:07:25 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\mculodyo.default\extensions\staged-xpis

O1 HOSTS File: ([2010/04/20 18:10:59 | 000,380,956 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13124 more lines...
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3836192299-951331460-3705126066-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [FjRDrvMon] C:\Windows\RDrvMon.exe ()
O4 - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKU\S-1-5-21-3836192299-951331460-3705126066-1000..\Run: [Taskix] C:\Program Files\Taskix\Taskix32.exe (Robust IT)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\AdvancedOptions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\AdvancedOptions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\AdvancedOptions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\AdvancedOptions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-3836192299-951331460-3705126066-1000\Software\Policies\Microsoft\Internet Explorer\AdvancedOptions present
O7 - HKU\S-1-5-21-3836192299-951331460-3705126066-1000\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-3836192299-951331460-3705126066-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0
O7 - HKU\S-1-5-21-3836192299-951331460-3705126066-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AlwaysShowClassicMenu = 1
O7 - HKU\S-1-5-21-3836192299-951331460-3705126066-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKU\S-1-5-21-3836192299-951331460-3705126066-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-3836192299-951331460-3705126066-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-3836192299-951331460-3705126066-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-3836192299-951331460-3705126066-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-3836192299-951331460-3705126066-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/Shar ... vSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} https://as00.estara.com/UI/proxyhttps.p ... 2OneCC.cab (OneCCCtl Class)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonW ... ontrol.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} http://www.cyberlink.com/vista/prog/CLVistaGenie.cab (CLVistaGenie Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Fall Foliage.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Fall Foliage.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\Autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{89d3ba88-4613-11dd-b44b-00037ab1e5ce}\Shell - "" = AutoRun
O33 - MountPoints2\{89d3ba88-4613-11dd-b44b-00037ab1e5ce}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{f816b7f8-2133-11de-9566-00037ab1e5ce}\Shell - "" = AutoRun
O33 - MountPoints2\{f816b7f8-2133-11de-9566-00037ab1e5ce}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/04/21 11:43:06 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
[2010/04/20 19:08:04 | 000,000,000 | ---D | C] -- C:\Users\Rick\Desktop\Malware Removal Forum
[2010/04/20 18:21:22 | 000,000,000 | ---D | C] -- C:\rsit
[2010/04/20 18:21:22 | 000,000,000 | ---D | C] -- \rsit
[2010/04/20 17:31:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/20 17:31:45 | 000,000,000 | -HSD | C] -- \Config.Msi
[2010/04/16 23:27:52 | 000,000,000 | ---D | C] -- C:\Users\Rick\Desktop\Medical Supplement Info
[2010/04/14 08:25:40 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/14 08:25:40 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/14 08:25:38 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/14 08:25:33 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/14 08:25:33 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/11 18:38:56 | 000,000,000 | ---D | C] -- C:\Users\Rick\Desktop\ELCO
[2010/04/05 11:45:12 | 000,099,840 | ---- | C] (Broderbund Properties LLC) -- C:\Windows\System32\IMgr.ocx
[2010/04/05 11:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Broderbund Software
[2010/04/05 11:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Calendar Creator
[2010/04/03 17:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/03 17:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/03 17:37:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/31 19:39:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/31 19:39:23 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/31 19:39:23 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/31 19:39:23 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/31 19:39:23 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/31 19:39:23 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/31 19:39:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/31 19:39:23 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/31 19:39:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/31 19:39:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/31 19:39:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/31 19:39:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/31 19:39:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/31 19:39:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/31 19:39:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/28 21:44:01 | 000,000,000 | ---D | C] -- C:\Users\Rick\Desktop\AT&T Wi-Fi
[2010/03/20 00:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\MailWasher Pro 2010 Beta
[2010/03/17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/03/10 23:16:14 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\Avery
[2010/03/10 11:08:08 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/10 11:08:07 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/03/09 12:58:45 | 000,000,000 | ---D | C] -- C:\Users\Rick\Desktop\SFG
[2010/03/07 12:57:55 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\Smart PDF Converter Pro
[2010/02/23 18:54:45 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/23 18:54:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/23 18:54:16 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/23 18:54:16 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/23 18:54:15 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/23 18:54:15 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/23 18:54:15 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/23 18:54:15 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/23 18:54:15 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/23 18:54:15 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/23 18:54:15 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/23 18:54:13 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/02/23 18:54:12 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/02/23 18:54:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/02/12 11:46:14 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2010/02/12 11:46:14 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2010/02/09 15:55:20 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/09 15:55:20 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/09 15:55:20 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/09 15:55:20 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/01/28 02:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/01/28 02:45:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/01/28 02:45:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/01/28 02:45:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/01/21 13:13:58 | 000,044,080 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2009/04/21 11:14:06 | 000,455,928 | ---- | C] (Stardock) -- C:\Program Files\Common Files\StardockWeather.ocx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/04/21 11:47:11 | 008,126,464 | -H-- | M] () -- C:\Users\Rick\ntuser.dat
[2010/04/21 11:46:49 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/21 11:46:49 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/21 11:45:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/21 11:43:10 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
[2010/04/21 10:08:20 | 002,055,860 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\Cat.DB
[2010/04/21 09:55:32 | 000,248,320 | ---- | M] () -- C:\Users\Rick\Desktop\Graduation Event Dates & Times.doc
[2010/04/21 09:45:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/21 07:46:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/20 22:57:07 | 000,000,128 | ---- | M] () -- C:\Users\Rick\Desktop\Umbo Bluetooth Earbud.url
[2010/04/20 19:00:44 | 000,000,177 | ---- | M] () -- C:\Users\Rick\Desktop\Johns Hopkins Health Alerts.url
[2010/04/20 18:48:33 | 000,713,158 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/20 18:48:33 | 000,611,788 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/20 18:48:33 | 000,106,796 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/20 18:40:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/20 18:40:40 | 2137,427,968 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/20 18:39:03 | 000,524,288 | -HS- | M] () -- C:\Users\Rick\ntuser.dat{d644a900-d707-11de-88ac-00037ab1e5ce}.TMContainer00000000000000000001.regtrans-ms
[2010/04/20 18:39:03 | 000,065,536 | -HS- | M] () -- C:\Users\Rick\ntuser.dat{d644a900-d707-11de-88ac-00037ab1e5ce}.TM.blf
[2010/04/20 18:38:59 | 003,300,407 | -H-- | M] () -- C:\Users\Rick\AppData\Local\IconCache.db
[2010/04/20 18:10:59 | 000,380,956 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/19 22:48:37 | 000,000,256 | ---- | M] () -- C:\Windows\System32\TweakVI.val
[2010/04/19 09:10:00 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\AdAwareUpdate Weekly software update.job
[2010/04/18 21:11:37 | 001,886,483 | ---- | M] () -- C:\Users\Rick\Desktop\Long-Term Care Info.mht
[2010/04/18 07:07:54 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2010/04/16 13:42:48 | 000,000,636 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Rick - Full System Scan.job
[2010/04/16 08:13:16 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B71D2D97-D49C-46E6-8824-6B4B2FF44829}.job
[2010/04/13 21:48:45 | 000,021,504 | ---- | M] () -- C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/07 13:36:23 | 000,000,209 | ---- | M] () -- C:\Users\Rick\Desktop\Facebook CBS PAGE REUNION.url
[2010/04/05 10:53:54 | 000,000,349 | ---- | M] () -- C:\Users\Rick\Desktop\JCP Rewards Member Sweepstakes.url
[2010/04/03 18:24:20 | 000,000,299 | ---- | M] () -- C:\Users\Rick\Desktop\JCPenney OrderConfirmation.url
[2010/03/30 15:38:07 | 000,000,036 | ---- | M] () -- C:\Users\Rick\AppData\Local\housecall.guid.cache
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/29 09:30:31 | 000,006,648 | ---- | M] () -- C:\Users\Rick\AppData\Local\d3d9caps.dat
[2010/03/26 17:57:35 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\isolate.ini
[2010/03/24 08:21:38 | 000,377,782 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100324-082620.backup
[2010/03/23 14:47:06 | 000,000,875 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100324-082137.backup
[2010/03/18 10:35:37 | 000,000,222 | ---- | M] () -- C:\Users\Rick\Desktop\Home (Ladue1970).url
[2010/03/18 10:31:10 | 000,014,634 | ---- | M] () -- C:\Users\Rick\Documents\Pocket Notecard.docx
[2010/03/17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/03/15 11:16:21 | 000,000,174 | ---- | M] () -- C:\Users\Rick\Desktop\National Train Day 2010 (5-08-10).url
[2010/03/13 17:44:09 | 000,168,640 | ---- | M] () -- C:\Users\Rick\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/13 17:37:46 | 000,536,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/07 14:01:42 | 000,000,883 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ObjectDock.lnk
[2010/03/05 07:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/03/01 20:32:06 | 000,007,442 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\srtspx.cat
[2010/03/01 20:32:06 | 000,007,438 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\srtsp.cat
[2010/02/26 19:23:54 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\ironx86.sys
[2010/02/26 19:23:54 | 000,007,438 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\iron.cat
[2010/02/26 19:23:54 | 000,000,741 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\iron.inf
[2010/02/26 19:23:21 | 000,325,680 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\srtsp.sys
[2010/02/26 19:23:21 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\srtspx.sys
[2010/02/26 19:23:21 | 000,001,388 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\srtspx.inf
[2010/02/26 19:23:21 | 000,001,382 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\srtsp.inf
[2010/02/25 16:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\cchpx86.sys
[2010/02/25 10:54:56 | 000,007,396 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\cchpx86.cat
[2010/02/22 23:35:21 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/02/22 23:34:49 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/02/22 23:34:49 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/02/22 23:34:06 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/02/22 23:33:59 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/02/22 23:33:45 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/02/22 23:33:45 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/02/22 23:33:45 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/02/22 23:33:44 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/02/22 23:33:44 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/02/22 23:33:38 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/02/22 21:55:36 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/02/22 21:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/02/22 21:54:43 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/02/22 21:54:20 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/02/20 16:06:41 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/02/20 16:05:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/02/18 07:07:05 | 003,600,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/18 07:07:05 | 003,548,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/12 11:46:14 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2010/02/12 11:46:14 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2010/02/07 14:44:46 | 000,113,001 | ---- | M] () -- C:\Users\Rick\Desktop\max-romer622.pdf
[2010/02/05 13:52:57 | 000,001,754 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\cchpx86.inf
[2010/02/03 18:40:52 | 000,340,016 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\symtdiv.sys
[2010/02/03 18:40:51 | 000,007,787 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\symnetv.cat
[2010/02/03 18:40:51 | 000,007,368 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\symnet.cat
[2010/02/03 18:40:51 | 000,001,473 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\symnetv.inf
[2010/02/03 18:40:51 | 000,001,445 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\symnet.inf
[2010/02/03 18:40:50 | 000,172,592 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\symefa.sys
[2010/02/03 18:40:50 | 000,007,444 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\symefa.cat
[2010/02/03 18:40:50 | 000,003,374 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\symefa.inf
[2010/02/03 18:40:47 | 000,007,425 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\symds.cat
[2010/01/30 11:20:56 | 000,377,794 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100323-144706.backup
[2010/01/29 23:48:36 | 000,000,242 | ---- | M] () -- C:\Users\Rick\Desktop\Ford Test Drive Ticket Redemption.url
[2010/01/25 05:00:35 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/01/25 05:00:35 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/01/25 05:00:35 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/01/25 05:00:22 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/01/25 04:58:52 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/01/25 01:21:20 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/01/25 01:21:20 | 000,346,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/01/25 01:21:18 | 000,518,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/01/25 01:21:18 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/01/23 02:26:13 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/01/21 12:36:47 | 000,030,208 | ---- | M] () -- C:\Users\Rick\Documents\Stonefire Grill Employee Benefit Sheet.xls
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/20 22:57:07 | 000,000,128 | ---- | C] () -- C:\Users\Rick\Desktop\Umbo Bluetooth Earbud.url
[2010/04/20 19:00:44 | 000,000,177 | ---- | C] () -- C:\Users\Rick\Desktop\Johns Hopkins Health Alerts.url
[2010/04/18 21:11:32 | 001,886,483 | ---- | C] () -- C:\Users\Rick\Desktop\Long-Term Care Info.mht
[2010/04/12 09:50:39 | 000,248,320 | ---- | C] () -- C:\Users\Rick\Desktop\Graduation Event Dates & Times.doc
[2010/04/07 13:36:23 | 000,000,209 | ---- | C] () -- C:\Users\Rick\Desktop\Facebook CBS PAGE REUNION.url
[2010/04/05 11:45:11 | 002,359,352 | ---- | C] () -- C:\Windows\System32\ccsaver.bmp
[2010/04/05 11:45:11 | 000,087,040 | ---- | C] () -- C:\Windows\System32\ccsaver.scr
[2010/04/05 10:53:53 | 000,000,349 | ---- | C] () -- C:\Users\Rick\Desktop\JCP Rewards Member Sweepstakes.url
[2010/04/03 18:24:20 | 000,000,299 | ---- | C] () -- C:\Users\Rick\Desktop\JCPenney OrderConfirmation.url
[2010/03/30 15:38:07 | 000,000,036 | ---- | C] () -- C:\Users\Rick\AppData\Local\housecall.guid.cache
[2010/03/18 10:35:37 | 000,000,222 | ---- | C] () -- C:\Users\Rick\Desktop\Home (Ladue1970).url
[2010/03/18 10:31:09 | 000,014,634 | ---- | C] () -- C:\Users\Rick\Documents\Pocket Notecard.docx
[2010/03/15 11:16:21 | 000,000,174 | ---- | C] () -- C:\Users\Rick\Desktop\National Train Day 2010 (5-08-10).url
[2010/03/07 14:03:56 | 000,000,883 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ObjectDock.lnk
[2010/02/07 14:44:46 | 000,113,001 | ---- | C] () -- C:\Users\Rick\Desktop\max-romer622.pdf
[2010/01/29 23:48:36 | 000,000,242 | ---- | C] () -- C:\Users\Rick\Desktop\Ford Test Drive Ticket Redemption.url
[2010/01/21 12:36:47 | 000,030,208 | ---- | C] () -- C:\Users\Rick\Documents\Stonefire Grill Employee Benefit Sheet.xls
[2009/11/21 18:56:42 | 000,524,288 | -HS- | C] () -- C:\Users\Rick\ntuser.dat{d644a900-d707-11de-88ac-00037ab1e5ce}.TMContainer00000000000000000002.regtrans-ms
[2009/11/21 18:56:42 | 000,524,288 | -HS- | C] () -- C:\Users\Rick\ntuser.dat{d644a900-d707-11de-88ac-00037ab1e5ce}.TMContainer00000000000000000001.regtrans-ms
[2009/11/21 18:56:42 | 000,065,536 | -HS- | C] () -- C:\Users\Rick\ntuser.dat{d644a900-d707-11de-88ac-00037ab1e5ce}.TM.blf
[2009/11/21 18:39:45 | 2137,427,968 | -HS- | C] () --
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/26 11:27:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/01 18:30:41 | 000,000,024 | ---- | C] () -- C:\Users\Rick\AppData\Roaming\Final Draft Tagger Preferences
[2009/05/01 17:57:42 | 000,000,025 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2009/02/02 08:59:03 | 000,064,732 | ---- | C] () -- \aaw7boot.log
[2008/12/10 19:35:05 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2008/12/10 19:35:05 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2008/11/24 13:52:17 | 000,004,096 | -HS- | C] () -- \VSNAP.IDX
[2008/11/24 12:55:37 | 000,524,288 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{e0e18f2e-ba5f-11dd-abcf-00037ab1e5ce}.TMContainer00000000000000000002.regtrans-ms
[2008/11/24 12:55:37 | 000,524,288 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{e0e18f2e-ba5f-11dd-abcf-00037ab1e5ce}.TMContainer00000000000000000001.regtrans-ms
[2008/11/24 12:55:37 | 000,065,536 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{e0e18f2e-ba5f-11dd-abcf-00037ab1e5ce}.TM.blf
[2008/11/20 13:32:23 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll
[2008/11/19 17:29:50 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2008/11/12 11:30:36 | 000,524,288 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{98f26d39-b0cc-11dd-8433-00037ab1e5ce}.TMContainer00000000000000000002.regtrans-ms
[2008/11/12 11:30:36 | 000,524,288 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{98f26d39-b0cc-11dd-8433-00037ab1e5ce}.TMContainer00000000000000000001.regtrans-ms
[2008/11/12 11:30:35 | 000,065,536 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{98f26d39-b0cc-11dd-8433-00037ab1e5ce}.TM.blf
[2008/11/04 14:06:52 | 000,524,288 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{ff1b362c-aab3-11dd-83b5-00037ab1e5ce}.TMContainer00000000000000000002.regtrans-ms
[2008/11/04 14:06:51 | 000,524,288 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{ff1b362c-aab3-11dd-83b5-00037ab1e5ce}.TMContainer00000000000000000001.regtrans-ms
[2008/11/04 14:06:50 | 000,065,536 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{ff1b362c-aab3-11dd-83b5-00037ab1e5ce}.TM.blf
[2008/11/04 13:57:51 | 000,524,288 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{21fb7c0c-aab3-11dd-8106-00037ab1e5ce}.TMContainer00000000000000000002.regtrans-ms
[2008/11/04 13:57:51 | 000,524,288 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{21fb7c0c-aab3-11dd-8106-00037ab1e5ce}.TMContainer00000000000000000001.regtrans-ms
[2008/11/04 13:57:51 | 000,065,536 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{21fb7c0c-aab3-11dd-8106-00037ab1e5ce}.TM.blf
[2008/10/25 17:18:49 | 000,019,564 | ---- | C] () -- \ComboFix.txt
[2008/09/25 08:05:54 | 000,026,000 | ---- | C] () -- C:\Windows\System32\E3TL.DLL
[2008/09/19 09:13:53 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/09/03 18:27:40 | 000,524,288 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{9778995f-7a20-11dd-a19f-00037ab1e5ce}.TMContainer00000000000000000002.regtrans-ms
[2008/09/03 18:27:40 | 000,524,288 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{9778995f-7a20-11dd-a19f-00037ab1e5ce}.TMContainer00000000000000000001.regtrans-ms
[2008/09/03 18:27:40 | 000,065,536 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{9778995f-7a20-11dd-a19f-00037ab1e5ce}.TM.blf
[2008/09/03 18:26:25 | 000,262,144 | -H-- | C] () -- C:\Users\Rick\NTUSER.LMIRescue.TMP.LOG1
[2008/09/03 18:26:25 | 000,000,000 | -H-- | C] () -- C:\Users\Rick\NTUSER.LMIRescue.TMP.LOG2
[2008/07/13 08:53:34 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008/06/29 13:03:19 | 000,025,736 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2008/05/11 09:18:56 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/05/04 09:08:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\CPUINFO2.DLL
[2008/03/30 10:29:16 | 000,000,818 | ---- | C] () -- \Prefs.js
[2008/03/25 13:49:03 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2008/03/25 13:49:03 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2008/02/24 23:29:29 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2008/02/19 16:52:57 | 000,000,025 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
[2008/02/19 16:50:43 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
[2008/02/13 16:29:07 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/01/30 18:56:42 | 000,000,000 | ---- | C] () -- C:\Users\Rick\AppData\Roaming\wklnhst.dat
[2007/12/03 10:16:23 | 000,001,710 | R--- | C] () -- C:\Windows\fjtmf.ini
[2007/12/02 09:22:04 | 000,021,504 | ---- | C] () -- C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/20 16:12:13 | 000,524,288 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2007/11/20 16:12:13 | 000,524,288 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2007/11/20 16:12:13 | 000,262,144 | -H-- | C] () -- C:\Users\Rick\ntuser.dat.LOG1
[2007/11/20 16:12:13 | 000,065,536 | -HS- | C] () -- C:\Users\Rick\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2007/11/20 16:12:13 | 000,006,648 | ---- | C] () -- C:\Users\Rick\AppData\Local\d3d9caps.dat
[2007/11/20 16:12:13 | 000,000,000 | -H-- | C] () -- C:\Users\Rick\ntuser.dat.LOG2
[2007/11/20 16:12:06 | 008,126,464 | -H-- | C] () -- C:\Users\Rick\ntuser.dat
[2007/11/20 16:12:06 | 000,000,020 | -HS- | C] () -- C:\Users\Rick\ntuser.ini
[2007/11/05 07:33:24 | 2451,243,008 | -HS- | C] () --
[2007/04/16 12:27:14 | 000,003,155 | ---- | C] () -- C:\Windows\System32\FJSaver.ini
[2007/04/16 12:01:27 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/04/16 12:01:27 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/04/06 15:17:15 | 000,333,257 | RHS- | C] () -- \bootmgr
[2007/04/03 10:59:38 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll
[2006/12/13 19:16:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/05 14:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/07 07:02:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/11/07 07:02:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:23:09 | 000,000,024 | ---- | C] () -- \Autoexec.bat
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:08 | 000,000,010 | ---- | C] () -- \Config.sys
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Files - Unicode (All) ==========
[2010/01/31 23:25:57 | 000,000,008 | RHS- | M] ()(C:\Z™?) -- C:\ℤ™☠
[2009/07/31 12:16:51 | 000,000,008 | RHS- | C] ()(C:\Z™?) -- C:\ℤ™☠
[2009/07/31 12:16:51 | 000,000,008 | RHS- | C] ()(\Z™?) -- \ℤ™☠

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >



OTL Extras logfile created on: 4/21/2010 11:48:40 AM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Rick\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109.28 Gb Total Space | 43.24 Gb Free Space | 39.56% Space Free | Partition Type: NTFS
Drive D: | 1023.99 Mb Total Space | 985.19 Mb Free Space | 96.21% Space Free | Partition Type: NTFS
Drive E: | 3.81 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RDY-1
Current User Name: Rick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3836192299-951331460-3705126066-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3836192299-951331460-3705126066-1000]
"EnableNotificationsRef" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{218ABA0E-8B79-4B77-A097-093C73F58F8D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A90F7B7-C480-414D-AF17-0435269F11DF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3D9FD594-185F-4463-92E3-AF483D1ED34E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{51966A0A-E8D7-4429-B85A-7830FC82C481}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5DEB120E-C822-4881-B1F7-33AE3FB48163}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E8E7794-A5A1-4050-9976-D1EFB13FBC3B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{B82324FB-DD8E-4A74-A70D-BB01959FCDB1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CCEFE1C8-BBCE-4D3B-B968-B5DDE565E277}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5EE84F5-B531-4995-92C7-320BCF65333F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DFC74666-A502-4A8E-9908-B7C3BC762FE6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06CE335C-FD4E-44A3-808E-1803CC6645B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0E05B359-043F-4EF7-9F40-6B3C17D40BB9}" = protocol=17 | dir=in | app=c:\program files\turbotax\home & business 2007\32bit\ttax.exe |
"{1BCB1F93-E41E-4C1C-A7D1-06744C9F8CE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{248255C8-1029-4768-8B6D-EED8F1F0B790}" = protocol=6 | dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{27998AFE-55A9-4BB5-A76D-B4A53894EA14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{336906D8-1B02-4AA7-BA7E-AAE9EA651E87}" = protocol=17 | dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{362E4D34-AC33-4C91-9314-79F6C6558941}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{36B29A84-522E-4405-AEA0-7908F672C39E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4DD50DBE-ADFE-424C-A45B-21E443977588}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4FEE9114-F2B0-4F2E-A55C-9468EA0894C0}" = protocol=17 | dir=in | app=c:\program files\mailwasher pro\mailwasher.exe |
"{7F4C4570-D2F7-40BC-B47D-ABA9AD2845E2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F9A00CC-837A-4AA3-8D90-AB0996E08A62}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{835865F1-634D-466F-A6BE-CB7C101B8A86}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8C413B02-3360-4CCE-BE3E-A5FAE6FE2CB8}" = protocol=6 | dir=in | app=c:\program files\mailwasher pro\mailwasher.exe |
"{8EE28B77-0D36-4154-ADAD-34382617BEC1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F80395E-9A53-4091-AD39-8046227F6FD0}" = protocol=6 | dir=out | app=system |
"{BC8E1551-7069-468E-B3E8-EB59B5861EC7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD02D22E-6BF0-4BC6-A860-C3D3B9AB52D7}" = protocol=6 | dir=in | app=c:\program files\turbotax\home & business 2007\32bit\updatemgr.exe |
"{BE02EFDE-1CCF-44BA-AA4E-6D64E97B03FF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CDF26890-1476-47A8-A430-CF3DD2238F64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB293FF2-9EED-459D-8F8F-4CCF5907F797}" = protocol=6 | dir=in | app=c:\program files\turbotax\home & business 2007\32bit\ttax.exe |
"{DF49C840-1144-4BA1-B2A4-0984A6654FAD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E0678986-E444-4869-B718-B54C7403054E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EC6E6F96-2A93-46CF-B843-F8E2E7B80632}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F3ED9B60-D2C1-4CAB-A465-559CDA508590}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FB2DACD0-3109-4021-8D98-BF20E6D0CE9F}" = protocol=17 | dir=in | app=c:\program files\turbotax\home & business 2007\32bit\updatemgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{12650598-D7B9-4FB5-91B2-2CAA641AC589}" = Trend Micro RUBotted
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.5
"{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{31423F74-36B2-4d24-B10D-CD00BFB7C118}" = Intel® Turbo Memory
"{31A5ED9F-E07B-4F6E-8179-27325BAAC502}" = AuthenTec Fingerprint Sensor Minimum Install
"{47BC37A3-35C8-484A-8CBD-851914EB095E}" = Fujitsu Driver Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FDFCCA0-59EC-4162-B0B8-632EEE3DF787}" = WebIQ Technology Engine
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME
"{713EEAB9-A03B-47F3-B405-12F6B77D875E}" = O2Micro Flash Memory Card Windows Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{76C038B6-95BF-47CE-85C8-2EE5915D145C}" = Diskeeper 2009 Professional
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime
"{827517C3-9B89-458E-A8F2-96DD24BDFE29}" = Shock Sensor Utility
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager and Intel® Turbo Memory
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DF095E1-8EC2-4892-8740-93769DB1E944}" = User Agent String Utility
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0255743-165B-4BD5-8DA8-37DFB993B201}" = Norton Save and Restore
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C7D2E795-E802-41EE-81E7-CF0D986AC5EC}" = MailWasherPro
"{C9C54891-3688-4BE1-9749-56B50C6C37E9}" = Fujitsu Display Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E80F9F48-86F8-447D-8CDC-A98B1870C1D4}" = Taskix 2.1
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC2ADB7C-8A45-40C9-BFD1-18F22D9A7DF5}" = AuthenTec Fingerprint Sensor Minimum Install
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel(R) PROSet/Wireless WiFi Software
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.62
"{FE047432-CD76-41F9-88FA-1AD225604FFB}" = ProgramChecker
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for 2007 Microsoft Office Suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Autoplay Repair" = Autoplay Repair 2.2.2
"AVerMedia HC80 ExpressCard Hybrid ATSC" = AVerMedia HC80 ExpressCard Hybrid ATSC 1.3.0.56
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CC12_is1" = Calendar Creator 12
"CCleaner" = CCleaner
"Click'N Design 3D" = Click'N Design 3D
"ContextAdvisor" = ContextAdvisor
"Defraggler" = Defraggler
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{713EEAB9-A03B-47F3-B405-12F6B77D875E}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{827517C3-9B89-458E-A8F2-96DD24BDFE29}" = Shock Sensor Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{C9C54891-3688-4BE1-9749-56B50C6C37E9}" = Fujitsu Display Manager
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MailWasher Pro_is1" = MailWasher Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NIS" = Norton Internet Security
"ObjectDock" = ObjectDock
"Picasa 3" = Picasa 3
"PROHYBRIDR" = 2007 Microsoft Office System
"ProInst" = Intel PROSet Wireless
"Samsung ML-2150 Series" = Samsung ML-2150 Series
"Samsung ML-2150 Series PCL 6" = Samsung ML-2150 Series PCL 6
"Samsung ML-2150 Series PS" = Samsung ML-2150 Series PS
"Security Task Manager" = Security Task Manager 1.7f
"Tablet Driver" = Tablet
"Text Cleanup 2.0" = Text Cleanup 2.0
"TweakVI" = TweakVI
"Window Washer" = Window Washer
"ZTreeWin" = ZTreeWin (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3836192299-951331460-3705126066-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
rdy423
Regular Member
 
Posts: 17
Joined: April 15th, 2010, 10:17 pm

Re: HijackThis Log

Unread postby Cypher » April 22nd, 2010, 12:15 pm

Hi rdy423.
Sorry for the delay, i didn't get email notification of you're post.
Good work, please continue with the instructions below.

Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O33 - MountPoints2\{89d3ba88-4613-11dd-b44b-00037ab1e5ce}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
    O33 - MountPoints2\{f816b7f8-2133-11de-9566-00037ab1e5ce}\Shell - "" = AutoRun
    O33 - MountPoints2\{f816b7f8-2133-11de-9566-00037ab1e5ce}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
    O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
    O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
    O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
    O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
    O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
    O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
    O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
    O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
    O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
    O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
    O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
    O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
    O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
    O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
    O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
    O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
    O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
    O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
    O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
    
    :files
    C:\Windows\tasks\AdAwareUpdate Weekly software update.job
    
    :commands
    [EMPTYTEMP]
    [RESETHOSTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

Turn off Norton Internet Security

  • Start Norton Internet Security.
  • In the left pane, click Status & Settings.
  • Click Security.
  • Click Turn off.
  • Note: Don't forget to re-enable it after the below scan.

Next.

Kaspersky Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go to the Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan. * This will take a while. Please be patient *.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

This online tutorial will help explain how to use the aforementioned online scan.


Logs/Information to Post in your Next Reply

  • OTL log.
  • Kaspersky log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HijackThis Log

Unread postby rdy423 » April 23rd, 2010, 1:18 pm

Hi Cypher,

I ran OLT.exe and rebooted my computer afterwards, as instructed, but I think I may have closed the Notepad report without saving it and now I am unable to get it back. I ran OTL a second time, but it did NOT create a report the second time around. Please advise what to do to correct this and get OTL to produce a report.

Below is the report produced by the online Kaspersky scan:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, April 23, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, April 23, 2010 01:28:25
Records in database: 3969626
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 148431
Threats found: 1
Infected objects found: 0
Suspicious objects found: 3
Scan duration: 02:48:49


File name / Threat / Threats count
C:\Users\Rick\AppData\Local\Microsoft\Windows Mail\Local Folders\Sent Items\0BD97C58-0000004B.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\Rick\AppData\Local\Microsoft\Windows Mail\Local Folders\Sent Items\17FF798C-00000608.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\Rick\AppData\Local\Microsoft\Windows Mail\Local Folders\Sent Items\71AD733C-00000283.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1

Selected area has been scanned.
rdy423
Regular Member
 
Posts: 17
Joined: April 15th, 2010, 10:17 pm

Re: HijackThis Log

Unread postby Cypher » April 23rd, 2010, 2:44 pm

Hi rdy423.
rdy423 wrote:I ran OLT.exe and rebooted my computer afterwards, as instructed, but I think I may have closed the Notepad report without saving it and now I am unable to get it back.

The log should be saved to you're PC.
Go to C: > OTL > Moved Files <<< the log will be here

What the Kaspersky scan found are stored emails in your Sent Items folder within you're Windows Live email account.
Delete the emails in you're sent folder and any old emails that you don't need to.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HijackThis Log

Unread postby rdy423 » April 23rd, 2010, 5:15 pm

Okay, so I found the OTL report, but I'm not sure how to delete emails in Windows Live. Can you help me with that?


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89d3ba88-4613-11dd-b44b-00037ab1e5ce}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89d3ba88-4613-11dd-b44b-00037ab1e5ce}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f816b7f8-2133-11de-9566-00037ab1e5ce}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f816b7f8-2133-11de-9566-00037ab1e5ce}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f816b7f8-2133-11de-9566-00037ab1e5ce}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f816b7f8-2133-11de-9566-00037ab1e5ce}\ not found.
File F:\AutoRun.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck lsdelete deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck lsdelete deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck lsdelete deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck lsdelete deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck lsdelete deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck lsdelete deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck lsdelete deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck lsdelete deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck lsdelete deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck lsdelete deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck lsdelete deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck lsdelete deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck lsdelete deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck lsdelete deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck lsdelete deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck lsdelete deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck lsdelete deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck lsdelete deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck lsdelete deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck lsdelete deleted successfully.
========== FILES ==========
C:\Windows\tasks\AdAwareUpdate Weekly software update.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65893 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Rick
->Temp folder emptied: 3242121 bytes
->Temporary Internet Files folder emptied: 39350372 bytes
->Java cache emptied: 83218980 bytes
->FireFox cache emptied: 20847859 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 8475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 303889 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 140.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.1.3 log created on 04222010_192247

Files\Folders moved on Reboot...
C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TI1IWXQM\blank[1].html moved successfully.
C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TI1IWXQM\blank[2].html moved successfully.
C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TI1IWXQM\blank[3].html moved successfully.
C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TI1IWXQM\launch[1].htm moved successfully.
C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EH2C8GEV\iframe3[1].htm moved successfully.
C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EH2C8GEV\viewtopic[1].htm moved successfully.
C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AVMJG3XO\fc[1].htm moved successfully.
C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\35LEQ5Y9\fc[2].htm moved successfully.
C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\35LEQ5Y9\st[2] moved successfully.
C:\Users\Rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
rdy423
Regular Member
 
Posts: 17
Joined: April 15th, 2010, 10:17 pm

Re: HijackThis Log

Unread postby Cypher » April 24th, 2010, 5:50 am

Hi rdy423.
I'm not sure how to delete emails in Windows Live.

You have infected emails, unfortunately I cannot tell which one or ones it is. What I need you to do is go through all of your emails in your sent box, and any other saved boxes you may have. Please delete any that you don't want/need/recognize. Odds are that the infected email will have an attachment or at least a link. Therefore, do not open any attachments or click on any links.
My Fujutsi A6030 notebook is suddenly very sluggish. It seems that the hard drive runs almost continuously and the machine suddenly takes several minutes to shut down or startup.

The problems you are still experiencing are not coming from malware as all of your latest logs have come back clean.
When I am faced with this type of problem I go to these sites below. I have asked for help there myself and they have always been able to solve my problems.

Tech support guy


And

What the tech


So as I said above your logs are clean, I hope you can resolve your other problem with the links that I provided.

Is your pc running slow?
Read What to do if your Computer is running slowly

This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTL

  • Right-click OTL.exe And select " Run as administrator " to run it. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

Next.

Create a new, clean System Restore point

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection > Creat.
  • Give this restore point a descriptive name and click Create.
  • Click Apply and OK.

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush infected System Restore points

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection.
  • untick the box labeled Vista C: an click Turn off system restore.
  • Click Apply and OK.
  • Restart your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Here are some free programs I recommend that could help you improve your computer's security.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

Read some information HERE On how to prevent Malware

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HijackThis Log

Unread postby rdy423 » April 24th, 2010, 1:36 pm

Cypher,

My computer is definitely running more smoothly and it also seems to be booting up faster, which were my main concerns. Thanks for all your help. I will check out the recommended sites you provided in your last post and trust this issue is now resolved.
rdy423
Regular Member
 
Posts: 17
Joined: April 15th, 2010, 10:17 pm

Re: HijackThis Log

Unread postby Cypher » April 24th, 2010, 1:43 pm

Hi rdy423.
You're welcome good luck and stay safe.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HijackThis Log

Unread postby rdy423 » April 24th, 2010, 1:52 pm

Cypher, I have one quick question to ask. When I was doing all the system checks, a pop-up told me I had to update java. I did so, but now when I reboot my computer, there are two (2) java icons in my systray. Both show they are for version 1.6.0_20. Does this mean java is running twice? I assume this is not the correct way java is supposed to load -- how do I correct this?
rdy423
Regular Member
 
Posts: 17
Joined: April 15th, 2010, 10:17 pm

Re: HijackThis Log

Unread postby Cypher » April 24th, 2010, 2:08 pm

Just right click on the java icon the chose hide it's not a problem ;)
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 476 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware