trojan horse Generic13.BQVW [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

trojan horse Generic13.BQVW [Solved], AVG will not uninstall Malwarebytes will not install

Options

dogee54 View Member Profile	Jul 28 2009, 07:03 PM Post #1
Member Posts: 34 OS: windows xp	I have tried all the tricks I learn from Geeks to Go and none will work on this virus. AVG keeps giving the message that multiple theat detection. Will not move the files to the vault. Trojan horse generic 13.BQVW,Trojan horse FakeAlert.FX. Malwarebytes gives the message that windows has an error. Spyware Doctor scans but does not detect these viruses. I had a great experience with this web site before. This is a Vista Home Premium laptop. Thanks for your assistance.

chamber View Member Profile	Jul 29 2009, 05:05 PM Post #2
Trusted Helper Posts: 1,823 From: ~/ OS: Linux all the way!	Hello dogee54, Welcome to GeeksToGo! My name is chamber and I'll be helping you today. As I am still in training all of my posts have to checked by an expert so there may be some delay between replies. Before we proceed to clean your computer from malware there are some points you should consider that will make the process go smoother. Please have patience, logs take time to properly research so I will not be able to reply immediately. Make sure that you are set to receive an email when I do reply to this topic, this will ensure that you don't miss any replies. There are no silly questions so please just ask! Better safe than sorry. Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know. NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, just ask! Make sure you reply to this thread only, do not start new topics. Please read my posts completely before following the instructions. The first thing that I need you to do is follow all the steps HERE and copy and paste the requested logs in your reply.

dogee54 View Member Profile	Jul 29 2009, 07:21 PM Post #3
Member Posts: 34 OS: windows xp	OOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/07/29 20:12 Program Version: Version 1.3.3.0 Windows Version: Windows Vista SP1 ================================================== Drivers ------------------- Name: 1394BUS.SYS Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS Address: 0x8C0D6000 Size: 57344 File Visible: - Signed: - Status: - Name: acpi.sys Image Path: C:\Windows\system32\drivers\acpi.sys Address: 0x80696000 Size: 286720 File Visible: - Signed: - Status: - Name: ACPI_HAL Image Path: \Driver\ACPI_HAL Address: 0x8201A000 Size: 3903488 File Visible: - Signed: - Status: - Name: afd.sys Image Path: C:\Windows\system32\drivers\afd.sys Address: 0x8C308000 Size: 294912 File Visible: - Signed: - Status: - Name: AGRSM.sys Image Path: C:\Windows\system32\DRIVERS\AGRSM.sys Address: 0x8C606000 Size: 1161888 File Visible: - Signed: - Status: - Name: Apfiltr.sys Image Path: C:\Windows\system32\DRIVERS\Apfiltr.sys Address: 0x8C16C000 Size: 163840 File Visible: - Signed: - Status: - Name: aswFsBlk.sys Image Path: C:\Windows\system32\DRIVERS\aswFsBlk.sys Address: 0xA4A21000 Size: 32768 File Visible: - Signed: - Status: - Name: aswMonFlt.sys Image Path: C:\Windows\system32\DRIVERS\aswMonFlt.sys Address: 0xA4A0A000 Size: 94208 File Visible: - Signed: - Status: - Name: aswRdr.SYS Image Path: C:\Windows\System32\Drivers\aswRdr.SYS Address: 0x8C7FC000 Size: 15136 File Visible: - Signed: - Status: - Name: aswSP.SYS Image Path: C:\Windows\System32\Drivers\aswSP.SYS Address: 0x8C3DA000 Size: 135168 File Visible: - Signed: - Status: - Name: aswTdi.SYS Image Path: C:\Windows\System32\Drivers\aswTdi.SYS Address: 0x8C7F1000 Size: 41664 File Visible: - Signed: - Status: - Name: atapi.sys Image Path: C:\Windows\system32\drivers\atapi.sys Address: 0x807E5000 Size: 32768 File Visible: - Signed: - Status: - Name: ataport.SYS Image Path: C:\Windows\system32\drivers\ataport.SYS Address: 0x805B0000 Size: 122880 File Visible: - Signed: - Status: - Name: athr.sys Image Path: C:\Windows\system32\DRIVERS\athr.sys Address: 0x8C005000 Size: 790528 File Visible: - Signed: - Status: - Name: BATTC.SYS Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS Address: 0x80730000 Size: 40960 File Visible: - Signed: - Status: - Name: Beep.SYS Image Path: C:\Windows\System32\Drivers\Beep.SYS Address: 0x8C743000 Size: 28672 File Visible: - Signed: - Status: - Name: BOOTVID.dll Image Path: C:\Windows\system32\BOOTVID.dll Address: 0x80487000 Size: 32768 File Visible: - Signed: - Status: - Name: bowser.sys Image Path: C:\Windows\system32\DRIVERS\bowser.sys Address: 0xA4BB7000 Size: 102400 File Visible: - Signed: - Status: - Name: cdd.dll Image Path: C:\Windows\System32\cdd.dll Address: 0x93CF0000 Size: 57344 File Visible: - Signed: - Status: - Name: cdfs.sys Image Path: C:\Windows\system32\DRIVERS\cdfs.sys Address: 0xA9B47000 Size: 90112 File Visible: - Signed: - Status: - Name: Cdr4_xp.SYS Image Path: C:\Windows\System32\Drivers\Cdr4_xp.SYS Address: 0x8C731000 Size: 2432 File Visible: - Signed: - Status: - Name: Cdralw2k.SYS Image Path: C:\Windows\System32\Drivers\Cdralw2k.SYS Address: 0x8C732000 Size: 2560 File Visible: - Signed: - Status: - Name: cdrom.sys Image Path: C:\Windows\system32\DRIVERS\cdrom.sys Address: 0x8C1A4000 Size: 98304 File Visible: - Signed: - Status: - Name: CI.dll Image Path: C:\Windows\system32\CI.dll Address: 0x804D0000 Size: 917504 File Visible: - Signed: - Status: - Name: CLASSPNP.SYS Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS Address: 0x82D3C000 Size: 135168 File Visible: - Signed: - Status: - Name: CLFS.SYS Image Path: C:\Windows\system32\CLFS.SYS Address: 0x8048F000 Size: 266240 File Visible: - Signed: - Status: - Name: CmBatt.sys Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys Address: 0x8C14A000 Size: 14208 File Visible: - Signed: - Status: - Name: compbatt.sys Image Path: C:\Windows\system32\DRIVERS\compbatt.sys Address: 0x8072D000 Size: 10496 File Visible: - Signed: - Status: - Name: crashdmp.sys Image Path: C:\Windows\System32\Drivers\crashdmp.sys Address: 0x8B800000 Size: 53248 File Visible: - Signed: - Status: - Name: crcdisk.sys Image Path: C:\Windows\system32\drivers\crcdisk.sys Address: 0x82FE9000 Size: 36864 File Visible: - Signed: - Status: - Name: dfsc.sys Image Path: C:\Windows\System32\Drivers\dfsc.sys Address: 0x8C3C3000 Size: 94208 File Visible: - Signed: - Status: - Name: disk.sys Image Path: C:\Windows\system32\drivers\disk.sys Address: 0x82FD8000 Size: 69632 File Visible: - Signed: - Status: - Name: drmk.sys Image Path: C:\Windows\system32\drivers\drmk.sys Address: 0x8C2CF000 Size: 151552 File Visible: - Signed: - Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x8C297000 Size: 45056 File Visible: No Signed: - Status: - Name: dump_msahci.sys Image Path: C:\Windows\System32\Drivers\dump_msahci.sys Address: 0x82FF2000 Size: 40960 File Visible: No Signed: - Status: - Name: Dxapi.sys Image Path: C:\Windows\System32\drivers\Dxapi.sys Address: 0x827E6000 Size: 40960 File Visible: - Signed: - Status: - Name: dxgkrnl.sys Image Path: C:\Windows\System32\drivers\dxgkrnl.sys Address: 0x8BE45000 Size: 651264 File Visible: - Signed: - Status: - Name: ecache.sys Image Path: C:\Windows\System32\drivers\ecache.sys Address: 0x82FB1000 Size: 159744 File Visible: - Signed: - Status: - Name: fileinfo.sys Image Path: C:\Windows\system32\drivers\fileinfo.sys Address: 0x82603000 Size: 65536 File Visible: - Signed: - Status: - Name: fltmgr.sys Image Path: C:\Windows\system32\drivers\fltmgr.sys Address: 0x805CE000 Size: 204800 File Visible: - Signed: - Status: - Name: Fs_Rec.SYS Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS Address: 0x8C733000 Size: 36864 File Visible: - Signed: - Status: - Name: fwpkclnt.sys Image Path: C:\Windows\System32\drivers\fwpkclnt.sys Address: 0x82D21000 Size: 110592 File Visible: - Signed: - Status: - Name: GEARAspiWDM.sys Image Path: C:\Windows\System32\Drivers\GEARAspiWDM.sys Address: 0x8C1BD000 Size: 9472 File Visible: - Signed: - Status: - Name: hal.dll Image Path: C:\Windows\system32\hal.dll Address: 0x823D3000 Size: 208896 File Visible: - Signed: - Status: - Name: HDAudBus.sys Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys Address: 0x8BF49000 Size: 73728 File Visible: - Signed: - Status: - Name: HIDCLASS.SYS Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS Address: 0x82DEA000 Size: 65536 File Visible: - Signed: - Status: - Name: HIDPARSE.SYS Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS Address: 0x82D5D000 Size: 28672 File Visible: - Signed: - Status: - Name: hidusb.sys Image Path: C:\Windows\system32\DRIVERS\hidusb.sys Address: 0x82DE1000 Size: 36864 File Visible: - Signed: - Status: - Name: HTTP.sys Image Path: C:\Windows\system32\drivers\HTTP.sys Address: 0xA4B2F000 Size: 438272 File Visible: - Signed: - Status: - Name: i8042prt.sys Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys Address: 0x8C14E000 Size: 77824 File Visible: - Signed: - Status: - Name: igdkmd32.sys Image Path: C:\Windows\system32\DRIVERS\igdkmd32.sys Address: 0x8B80E000 Size: 6516736 File Visible: - Signed: - Status: - Name: intelide.sys Image Path: C:\Windows\system32\drivers\intelide.sys Address: 0x80793000 Size: 28672 File Visible: - Signed: - Status: - Name: intelppm.sys Image Path: C:\Windows\system32\DRIVERS\intelppm.sys Address: 0x82D86000 Size: 61440 File Visible: - Signed: - Status: - Name: ipfltdrv.sys Image Path: C:\Windows\system32\DRIVERS\ipfltdrv.sys Address: 0xA771F000 Size: 73728 File Visible: - Signed: - Status: - Name: jswpslwf.sys Image Path: C:\Windows\system32\DRIVERS\jswpslwf.sys Address: 0x8C600000 Size: 20352 File Visible: - Signed: - Status: - Name: kbdclass.sys Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys Address: 0x8C161000 Size: 45056 File Visible: - Signed: - Status: - Name: kdcom.dll Image Path: C:\Windows\system32\kdcom.dll Address: 0x8040E000 Size: 32768 File Visible: - Signed: - Status: - Name: ks.sys Image Path: C:\Windows\system32\DRIVERS\ks.sys Address: 0x8C206000 Size: 172032 File Visible: - Signed: - Status: - Name: ksecdd.sys Image Path: C:\Windows\System32\Drivers\ksecdd.sys Address: 0x8263F000 Size: 462848 File Visible: - Signed: - Status: - Name: lltdio.sys Image Path: C:\Windows\system32\DRIVERS\lltdio.sys Address: 0xA4A29000 Size: 65536 File Visible: - Signed: - Status: - Name: LPCFilter.sys Image Path: C:\Windows\system32\DRIVERS\LPCFilter.sys Address: 0x80714000 Size: 40960 File Visible: - Signed: - Status: - Name: LVPr2Mon.sys Image Path: C:\Windows\system32\DRIVERS\LVPr2Mon.sys Address: 0xA9AF8000 Size: 18688 File Visible: - Signed: - Status: - Name: mcupdate_GenuineIntel.dll Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll Address: 0x80416000 Size: 393216 File Visible: - Signed: - Status: - Name: modem.sys Image Path: C:\Windows\system32\drivers\modem.sys Address: 0x8C724000 Size: 53248 File Visible: - Signed: - Status: - Name: monitor.sys Image Path: C:\Windows\system32\DRIVERS\monitor.sys Address: 0x827F0000 Size: 61440 File Visible: - Signed: - Status: - Name: mouclass.sys Image Path: C:\Windows\system32\DRIVERS\mouclass.sys Address: 0x8C194000 Size: 45056 File Visible: - Signed: - Status: - Name: mouhid.sys Image Path: C:\Windows\system32\DRIVERS\mouhid.sys Address: 0x82D64000 Size: 32768 File Visible: - Signed: - Status: - Name: mountmgr.sys Image Path: C:\Windows\System32\drivers\mountmgr.sys Address: 0x807D5000 Size: 65536 File Visible: - Signed: - Status: - Name: mpsdrv.sys Image Path: C:\Windows\System32\drivers\mpsdrv.sys Address: 0xA4BD0000 Size: 86016 File Visible: - Signed: - Status: - Name: mrxdav.sys Image Path: C:\Windows\system32\drivers\mrxdav.sys Address: 0xA7604000 Size: 131072 File Visible: - Signed: - Status: - Name: mrxsmb.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys Address: 0xA7624000 Size: 126976 File Visible: - Signed: - Status: - Name: mrxsmb10.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys Address: 0xA7643000 Size: 233472 File Visible: - Signed: - Status: - Name: mrxsmb20.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys Address: 0xA767C000 Size: 98304 File Visible: - Signed: - Status: - Name: msahci.sys Image Path: C:\Windows\system32\drivers\msahci.sys Address: 0x807ED000 Size: 40960 File Visible: - Signed: - Status: - Name: Msfs.SYS Image Path: C:\Windows\System32\Drivers\Msfs.SYS Address: 0x8C787000 Size: 45056 File Visible: - Signed: - Status: - Name: msisadrv.sys Image Path: C:\Windows\system32\drivers\msisadrv.sys Address: 0x806E5000 Size: 32768 File Visible: - Signed: - Status: - Name: msiscsi.sys Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys Address: 0x8C1D0000 Size: 188416 File Visible: - Signed: - Status: - Name: msrpc.sys Image Path: C:\Windows\system32\drivers\msrpc.sys Address: 0x827BB000 Size: 176128 File Visible: - Signed: - Status: - Name: mssmbios.sys Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys Address: 0x8C230000 Size: 40960 File Visible: - Signed: - Status: - Name: mup.sys Image Path: C:\Windows\System32\Drivers\mup.sys Address: 0x82FA2000 Size: 61440 File Visible: - Signed: - Status: - Name: ndis.sys Image Path: C:\Windows\system32\drivers\ndis.sys Address: 0x826B0000 Size: 1093632 File Visible: - Signed: - Status: - Name: ndistapi.sys Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys Address: 0x8BFD6000 Size: 45056 File Visible: - Signed: - Status: - Name: ndisuio.sys Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys Address: 0xA4A63000 Size: 40960 File Visible: - Signed: - Status: - Name: ndiswan.sys Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys Address: 0x82D95000 Size: 143360 File Visible: - Signed: - Status: - Name: NDProxy.SYS Image Path: C:\Windows\System32\Drivers\NDProxy.SYS Address: 0x8C286000 Size: 69632 File Visible: - Signed: - Status: - Name: netbios.sys Image Path: C:\Windows\system32\DRIVERS\netbios.sys Address: 0x8C366000 Size: 57344 File Visible: - Signed: - Status: - Name: netbt.sys Image Path: C:\Windows\System32\DRIVERS\netbt.sys Address: 0x8C7BF000 Size: 204800 File Visible: - Signed: - Status: - Name: NETIO.SYS Image Path: C:\Windows\system32\drivers\NETIO.SYS Address: 0x82C00000 Size: 237568 File Visible: - Signed: - Status: - Name: Npfs.SYS Image Path: C:\Windows\System32\Drivers\Npfs.SYS Address: 0x8C792000 Size: 57344 File Visible: - Signed: - Status: - Name: nsiproxy.sys Image Path: C:\Windows\system32\drivers\nsiproxy.sys Address: 0x8C5F5000 Size: 40960 File Visible: - Signed: - Status: - Name: Ntfs.sys Image Path: C:\Windows\System32\Drivers\Ntfs.sys Address: 0x82E02000 Size: 1110016 File Visible: - Signed: - Status: - Name: ntkrnlpa.exe Image Path: C:\Windows\system32\ntkrnlpa.exe Address: 0x8201A000 Size: 3903488 File Visible: - Signed: - Status: - Name: Null.SYS Image Path: C:\Windows\System32\Drivers\Null.SYS Address: 0x8C73C000 Size: 28672 File Visible: - Signed: - Status: - Name: nwifi.sys Image Path: C:\Windows\system32\DRIVERS\nwifi.sys Address: 0xA4A39000 Size: 172032 File Visible: - Signed: - Status: - Name: ohci1394.sys Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys Address: 0x8C0C6000 Size: 61952 File Visible: - Signed: - Status: - Name: pacer.sys Image Path: C:\Windows\system32\DRIVERS\pacer.sys Address: 0x8C350000 Size: 90112 File Visible: - Signed: - Status: - Name: partmgr.sys Image Path: C:\Windows\System32\drivers\partmgr.sys Address: 0x8071E000 Size: 61440 File Visible: - Signed: - Status: - Name: pci.sys Image Path: C:\Windows\system32\drivers\pci.sys Address: 0x806ED000 Size: 159744 File Visible: - Signed: - Status: - Name: PCIIDEX.SYS Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS Address: 0x8079A000 Size: 57344 File Visible: - Signed: - Status: - Name: pcmcia.sys Image Path: C:\Windows\system32\DRIVERS\pcmcia.sys Address: 0x807A8000 Size: 184320 File Visible: - Signed: - Status: - Name: PCTCore.sys Image Path: C:\Windows\system32\drivers\PCTCore.sys Address: 0x82613000 Size: 143360 File Visible: - Signed: - Status: - Name: peauth.sys Image Path: C:\Windows\system32\drivers\peauth.sys Address: 0xA9A04000 Size: 909312 File Visible: - Signed: - Status: - Name: PnpManager Image Path: \Driver\PnpManager Address: 0x8201A000 Size: 3903488 File Visible: - Signed: - Status: - Name: portcls.sys Image Path: C:\Windows\system32\drivers\portcls.sys Address: 0x8C2A2000 Size: 184320 File Visible: - Signed: - Status: - Name: PSHED.dll Image Path: C:\Windows\system32\PSHED.dll Address: 0x80476000 Size: 69632 File Visible: - Signed: - Status: - Name: PxHelp20.sys Image Path: C:\Windows\System32\Drivers\PxHelp20.sys Address: 0x82636000 Size: 35712 File Visible: - Signed: - Status: - Name: rasacd.sys Image Path: C:\Windows\System32\DRIVERS\rasacd.sys Address: 0x8C7A0000 Size: 36864 File Visible: - Signed: - Status: - Name: rasl2tp.sys Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys Address: 0x8BFBF000 Size: 94208 File Visible: - Signed: - Status: - Name: raspppoe.sys Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys Address: 0x8BFE1000 Size: 61440 File Visible: - Signed: - Status: - Name: raspptp.sys Image Path: C:\Windows\system32\DRIVERS\raspptp.sys Address: 0x82DB8000 Size: 81920 File Visible: - Signed: - Status: - Name: rassstp.sys Image Path: C:\Windows\system32\DRIVERS\rassstp.sys Address: 0x82DCC000 Size: 86016 File Visible: - Signed: - Status: - Name: RAW Image Path: \FileSystem\RAW Address: 0x8201A000 Size: 3903488 File Visible: - Signed: - Status: - Name: rdbss.sys Image Path: C:\Windows\system32\DRIVERS\rdbss.sys Address: 0x8C387000 Size: 245760 File Visible: - Signed: - Status: - Name: RDPCDD.sys Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys Address: 0x8C777000 Size: 32768 File Visible: - Signed: - Status: - Name: rdpencdd.sys Image Path: C:\Windows\system32\drivers\rdpencdd.sys Address: 0x8C77F000 Size: 32768 File Visible: - Signed: - Status: - Name: RDPWD.SYS Image Path: C:\Windows\System32\Drivers\RDPWD.SYS Address: 0xA9B14000 Size: 208896 File Visible: - Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xA9B71000 Size: 49152 File Visible: No Signed: - Status: - Name: rspndr.sys Image Path: C:\Windows\system32\DRIVERS\rspndr.sys Address: 0xA4A6D000 Size: 77824 File Visible: - Signed: - Status: - Name: RTKVHDA.sys Image Path: C:\Windows\system32\drivers\RTKVHDA.sys Address: 0x8C400000 Size: 2051840 File Visible: - Signed: - Status: - Name: Rtlh86.sys Image Path: C:\Windows\system32\DRIVERS\Rtlh86.sys Address: 0x8BF5B000 Size: 98304 File Visible: - Signed: - Status: - Name: sdbus.sys Image Path: C:\Windows\system32\DRIVERS\sdbus.sys Address: 0x8C130000 Size: 106496 File Visible: - Signed: - Status: - Name: secdrv.SYS Image Path: C:\Windows\System32\Drivers\secdrv.SYS Address: 0xA9AE2000 Size: 40960 File Visible: - Signed: - Status: - Name: smb.sys Image Path: C:\Windows\system32\DRIVERS\smb.sys Address: 0x8C2F4000 Size: 81920 File Visible: - Signed: - Status: - Name: spldr.sys Image Path: C:\Windows\System32\Drivers\spldr.sys Address: 0x82F9A000 Size: 32768 File Visible: - Signed: - Status: - Name: spsys.sys Image Path: C:\Windows\system32\drivers\spsys.sys Address: 0xA4A80000 Size: 716800 File Visible: - Signed: - Status: - Name: srv.sys Image Path: C:\Windows\System32\DRIVERS\srv.sys Address: 0xA76BB000 Size: 311296 File Visible: - Signed: - Status: - Name: srv2.sys Image Path: C:\Windows\System32\DRIVERS\srv2.sys Address: 0xA7694000 Size: 159744 File Visible: - Signed: - Status: - Name: srvnet.sys Image Path: C:\Windows\System32\DRIVERS\srvnet.sys Address: 0xA4B9A000 Size: 118784 File Visible: - Signed: - Status: - Name: storport.sys Image Path: C:\Windows\system32\DRIVERS\storport.sys Address: 0x8BF73000 Size: 266240 File Visible: - Signed: - Status: - Name: swenum.sys Image Path: C:\Windows\system32\DRIVERS\swenum.sys Address: 0x8C1FE000 Size: 4992 File Visible: - Signed: - Status: - Name: tcpip.sys Image Path: C:\Windows\System32\drivers\tcpip.sys Address: 0x82C3A000 Size: 946176 File Visible: - Signed: - Status: - Name: tcpipreg.sys Image Path: C:\Windows\System32\drivers\tcpipreg.sys Address: 0xA9AEC000 Size: 49152 File Visible: - Signed: - Status: - Name: tdcmdpst.sys Image Path: C:\Windows\system32\DRIVERS\tdcmdpst.sys Address: 0x8C19F000 Size: 16128 File Visible: - Signed: - Status: - Name: TDI.SYS Image Path: C:\Windows\system32\DRIVERS\TDI.SYS Address: 0x8BFB4000 Size: 45056 File Visible: - Signed: - Status: - Name: tdtcp.sys Image Path: C:\Windows\system32\drivers\tdtcp.sys Address: 0xA9AFD000 Size: 45056 File Visible: - Signed: - Status: - Name: tdx.sys Image Path: C:\Windows\system32\DRIVERS\tdx.sys Address: 0x8C7A9000 Size: 90112 File Visible: - Signed: - Status: - Name: termdd.sys Image Path: C:\Windows\system32\DRIVERS\termdd.sys Address: 0x8BFF0000 Size: 65536 File Visible: - Signed: - Status: - Name: tifm21.sys Image Path: C:\Windows\system32\drivers\tifm21.sys Address: 0x8C0E4000 Size: 311296 File Visible: - Signed: - Status: - Name: tos_sps32.sys Image Path: C:\Windows\system32\DRIVERS\tos_sps32.sys Address: 0x82F4F000 Size: 307200 File Visible: - Signed: - Status: - Name: tosporte.sys Image Path: C:\Windows\system32\DRIVERS\tosporte.sys Address: 0x8C27B000 Size: 41600 File Visible: - Signed: - Status: - Name: tosrfcom.sys Image Path: C:\Windows\System32\Drivers\tosrfcom.sys Address: 0x8C1C0000 Size: 64128 File Visible: - Signed: - Status: - Name: TSDDD.dll Image Path: C:\Windows\System32\TSDDD.dll Address: 0x93CD0000 Size: 36864 File Visible: - Signed: - Status: - Name: tssecsrv.sys Image Path: C:\Windows\System32\DRIVERS\tssecsrv.sys Address: 0xA9B08000 Size: 49152 File Visible: - Signed: - Status: - Name: tunmp.sys Image Path: C:\Windows\system32\DRIVERS\tunmp.sys Address: 0x82D7D000 Size: 36864 File Visible: - Signed: - Status: - Name: tunnel.sys Image Path: C:\Windows\system32\DRIVERS\tunnel.sys Address: 0x82D72000 Size: 45056 File Visible: - Signed: - Status: - Name: TVALZ_O.SYS Image Path: C:\Windows\system32\DRIVERS\TVALZ_O.SYS Address: 0x82F4A000 Size: 16768 File Visible: - Signed: - Status: - Name: umbus.sys Image Path: C:\Windows\system32\DRIVERS\umbus.sys Address: 0x8C23A000 Size: 53248 File Visible: - Signed: - Status: - Name: USBD.SYS Image Path: C:\Windows\system32\DRIVERS\USBD.SYS Address: 0x8C722000 Size: 8192 File Visible: - Signed: - Status: - Name: usbehci.sys Image Path: C:\Windows\system32\DRIVERS\usbehci.sys Address: 0x8BF3A000 Size: 61440 File Visible: - Signed: - Status: - Name: usbhub.sys Image Path: C:\Windows\system32\DRIVERS\usbhub.sys Address: 0x8C247000 Size: 212992 File Visible: - Signed: - Status: - Name: USBPORT.SYS Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS Address: 0x8BEFC000 Size: 253952 File Visible: - Signed: - Status: - Name: usbuhci.sys Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys Address: 0x8BEF1000 Size: 45056 File Visible: - Signed: - Status: - Name: vga.sys Image Path: C:\Windows\System32\drivers\vga.sys Address: 0x8C74A000 Size: 49152 File Visible: - Signed: - Status: - Name: VIDEOPRT.SYS Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS Address: 0x8C756000 Size: 135168 File Visible: - Signed: - Status: - Name: volmgr.sys Image Path: C:\Windows\system32\drivers\volmgr.sys Address: 0x8073A000 Size: 61440 File Visible: - Signed: - Status: - Name: volmgrx.sys Image Path: C:\Windows\System32\drivers\volmgrx.sys Address: 0x80749000 Size: 303104 File Visible: - Signed: - Status: - Name: volsnap.sys Image Path: C:\Windows\system32\drivers\volsnap.sys Address: 0x82F11000 Size: 233472 File Visible: - Signed: - Status: - Name: wanarp.sys Image Path: C:\Windows\system32\DRIVERS\wanarp.sys Address: 0x8C374000 Size: 77824 File Visible: - Signed: - Status: - Name: watchdog.sys Image Path: C:\Windows\System32\drivers\watchdog.sys Address: 0x8BEE4000 Size: 53248 File Visible: - Signed: - Status: - Name: Wdf01000.sys Image Path: C:\Windows\system32\drivers\Wdf01000.sys Address: 0x8060D000 Size: 507904 File Visible: - Signed: - Status: - Name: WDFLDR.SYS Image Path: C:\Windows\system32\drivers\WDFLDR.SYS Address: 0x80689000 Size: 53248 File Visible: - Signed: - Status: - Name: Win32k Image Path: \Driver\Win32k Address: 0x93AB0000 Size: 2105344 File Visible: - Signed: - Status: - Name: win32k.sys Image Path: C:\Windows\System32\win32k.sys Address: 0x93AB0000 Size: 2105344 File Visible: - Signed: - Status: - Name: WMILIB.SYS Image Path: C:\Windows\system32\drivers\WMILIB.SYS Address: 0x806DC000 Size: 36864 File Visible: - Signed: - Status: - Name: WMIxWDM Image Path: \Driver\WMIxWDM Address: 0x8201A000 Size: 3903488 File Visible: - Signed: - Status: -

chamber View Member Profile	Jul 30 2009, 12:32 AM Post #4
Trusted Helper Posts: 1,823 From: ~/ OS: Linux all the way!	Hi, Could you post the 2 OTL files as well please? Thanks,

dogee54 View Member Profile	Jul 30 2009, 08:49 PM Post #5
Member Posts: 34 OS: windows xp	OTL logfile created on: 7/30/2009 9:44:17 PM - Run 1 OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\tyler\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1.99 Gb Total Physical Memory \| 0.95 Gb Available Physical Memory \| 47.60% Memory free 4.00 Gb Paging File \| 2.80 Gb Available in Paging File \| 70.10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 110.32 Gb Total Space \| 71.73 Gb Free Space \| 65.02% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TYLER-PC Current User Name: tyler Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2008/06/19 20:14:44 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe PRC - [2007/02/06 18:45:26 \| 00,109,344 \| ---- \| M] (Logitech Inc.) -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe PRC - [2009/02/05 15:01:25 \| 00,018,752 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/02/05 15:08:40 \| 00,138,680 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2006/10/05 15:10:12 \| 00,009,216 \| ---- \| M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2008/07/22 20:42:12 \| 00,116,040 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2007/07/24 15:17:08 \| 00,229,376 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2007/12/25 16:07:14 \| 00,040,960 \| ---- \| M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2007/06/11 09:14:51 \| 00,517,040 \| ---- \| M] ( ) -- C:\Windows\System32\lxdicoms.exe PRC - [2007/01/25 21:47:50 \| 00,136,816 \| ---- \| M] () -- C:\Toshiba\IVP\ISM\pinger.exe PRC - [2007/10/23 19:27:16 \| 00,066,928 \| ---- \| M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe PRC - [2008/01/21 18:54:46 \| 00,083,312 \| ---- \| M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2007/11/21 20:23:32 \| 00,129,632 \| ---- \| M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2008/01/17 18:27:34 \| 00,431,456 \| ---- \| M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe PRC - [2007/09/28 19:05:16 \| 00,128,360 \| ---- \| M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2007/12/03 19:03:52 \| 00,126,976 \| ---- \| M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe PRC - [2006/08/23 19:39:48 \| 00,049,152 \| ---- \| M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2007/01/04 16:38:08 \| 00,024,652 \| ---- \| M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2009/02/05 15:08:26 \| 00,254,040 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009/02/05 15:06:04 \| 00,352,920 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2008/01/20 21:25:33 \| 00,896,512 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2008/10/29 01:29:41 \| 02,927,104 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE PRC - [2007/09/20 12:58:34 \| 00,154,136 \| ---- \| M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe PRC - [2007/09/20 12:58:44 \| 00,129,560 \| ---- \| M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe PRC - [2008/01/17 18:27:52 \| 00,431,456 \| ---- \| M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe PRC - [2007/06/15 23:01:58 \| 00,448,080 \| ---- \| M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe PRC - [2008/01/22 16:25:26 \| 00,712,704 \| ---- \| M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe PRC - [2006/09/11 17:21:16 \| 00,180,224 \| ---- \| M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe PRC - [2008/01/09 17:02:08 \| 01,056,768 \| ---- \| M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe PRC - [2006/11/06 20:14:44 \| 00,034,352 \| ---- \| M] () -- C:\Program Files\Toshiba\Utilities\KeNotify.exe PRC - [2008/02/18 22:30:08 \| 01,862,144 \| ---- \| M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe PRC - [2008/01/29 21:51:52 \| 04,911,104 \| ---- \| M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007/07/16 11:54:07 \| 00,434,864 \| ---- \| M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe PRC - [2007/07/16 11:54:10 \| 00,025,264 \| ---- \| M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe PRC - [2008/07/30 10:47:56 \| 00,289,064 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2008/01/20 21:23:24 \| 00,215,552 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2007/02/08 02:12:48 \| 00,488,984 \| ---- \| M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe PRC - [2007/02/08 02:13:48 \| 00,774,168 \| ---- \| M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe PRC - [2009/02/05 15:08:45 \| 00,081,000 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2008/01/29 19:00:40 \| 00,430,080 \| ---- \| M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe PRC - [2008/01/20 21:25:11 \| 00,125,952 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe PRC - [2008/08/12 17:13:00 \| 21,741,864 \| R--- \| M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2008/12/12 13:46:08 \| 09,555,968 \| ---- \| M] () -- C:\Program Files\MySpace\IM\MySpaceIM.exe PRC - [2009/05/10 23:54:41 \| 00,039,408 \| ---- \| M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008/01/20 21:25:33 \| 00,202,240 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2008/01/20 21:23:52 \| 00,037,888 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2009/03/02 21:16:04 \| 00,247,296 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe PRC - [2007/09/20 12:58:48 \| 00,252,440 \| ---- \| M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe PRC - [2008/01/20 21:25:11 \| 00,037,376 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe PRC - [2006/09/08 16:54:30 \| 00,042,544 \| ---- \| M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe PRC - [2007/02/06 18:43:26 \| 00,252,704 \| ---- \| M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe PRC - [2006/09/08 17:06:08 \| 00,040,960 \| ---- \| M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe PRC - [2007/12/25 16:06:52 \| 00,405,504 \| ---- \| M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe PRC - [2008/07/30 10:47:48 \| 00,532,264 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2007/02/08 02:12:20 \| 00,230,936 \| ---- \| M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe PRC - [2008/08/12 17:13:00 \| 00,076,744 \| R--- \| M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe PRC - [2008/12/12 13:46:08 \| 09,555,968 \| ---- \| M] () -- C:\Program Files\MySpace\IM\MySpaceIM.exe PRC - [2007/01/25 21:45:42 \| 00,468,600 \| ---- \| M] (TOSHIBA Corporation) -- C:\Toshiba\IVP\ISM\ivpsvmgr.exe PRC - [2008/01/20 21:24:49 \| 00,299,520 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe PRC - [2009/07/18 16:39:09 \| 00,634,648 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/06/13 04:43:52 \| 00,280,176 \| ---- \| M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe PRC - [2009/07/18 16:39:09 \| 00,634,648 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/07/30 21:43:04 \| 00,513,536 \| ---- \| M] (OldTimer Tools) -- C:\Users\tyler\Downloads\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2006/10/05 15:10:12 \| 00,009,216 \| ---- \| M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto \| Running]) SRV - [2008/07/22 20:42:12 \| 00,116,040 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto \| Running]) SRV - [2009/02/05 15:01:25 \| 00,018,752 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto \| Running]) SRV - [2009/02/05 15:08:40 \| 00,138,680 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto \| Running]) SRV - [2009/02/05 15:08:26 \| 00,254,040 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand \| Running]) SRV - [2009/02/05 15:06:04 \| 00,352,920 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand \| Running]) SRV - [2007/07/24 15:17:08 \| 00,229,376 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto \| Running]) SRV - [2008/07/27 13:03:13 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) SRV - File not found -- -- (CLTNetCnService [Auto \| Stopped]) SRV - [2007/12/25 16:07:14 \| 00,040,960 \| ---- \| M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service [Auto \| Running]) SRV - [2008/01/20 21:25:09 \| 00,292,352 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand \| Stopped]) SRV - [2006/11/02 07:35:29 \| 00,131,072 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand \| Stopped]) SRV - [2006/11/02 07:35:29 \| 00,013,312 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto \| Stopped]) SRV - [2008/01/20 21:23:49 \| 01,013,760 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto \| Running]) SRV - [2008/06/19 20:14:44 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Auto \| Running]) SRV - [2008/05/05 17:25:46 \| 00,165,416 \| ---- \| M] (WildTangent, Inc.) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand \| Stopped]) SRV - [2008/02/18 22:30:08 \| 01,862,144 \| ---- \| M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand \| Stopped]) SRV - [2009/05/10 23:54:33 \| 00,182,768 \| ---- \| M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand \| Stopped]) SRV - [2005/11/14 04:06:04 \| 00,069,632 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand \| Stopped]) SRV - [2008/06/19 20:14:31 \| 00,881,664 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown \| Stopped]) SRV - [2008/07/30 10:47:48 \| 00,532,264 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand \| Running]) SRV - [2007/10/30 02:35:40 \| 00,937,984 \| ---- \| M] (Atheros Communications, Inc.) -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi [On_Demand \| Stopped]) SRV - [2007/02/06 18:45:26 \| 00,109,344 \| ---- \| M] (Logitech Inc.) -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe -- (LVPrcSrv [Auto \| Running]) SRV - [2007/02/06 18:47:12 \| 00,105,248 \| ---- \| M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto \| Stopped]) SRV - [2007/06/11 09:14:42 \| 00,099,248 \| ---- \| M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe -- (lxdiCATSCustConnectService [Auto \| Stopped]) SRV - [2007/06/11 09:14:51 \| 00,517,040 \| ---- \| M] ( ) -- C:\Windows\System32\lxdicoms.exe -- (lxdi_device [Auto \| Running]) SRV - [2008/06/19 20:14:31 \| 00,132,096 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled \| Stopped]) SRV - [2008/11/04 01:06:28 \| 00,441,712 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand \| Stopped]) SRV - [2006/10/26 17:03:08 \| 00,145,184 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand \| Stopped]) SRV - [2007/01/25 21:47:50 \| 00,136,816 \| ---- \| M] () -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger [Auto \| Running]) SRV - [2008/01/20 21:23:24 \| 00,167,936 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr [Auto \| Running]) SRV - [2009/01/07 12:40:56 \| 00,348,752 \| ---- \| M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand \| Stopped]) SRV - [2009/01/21 13:08:06 \| 01,095,560 \| ---- \| M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand \| Stopped]) SRV - [2007/10/23 19:27:16 \| 00,066,928 \| ---- \| M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr [Auto \| Running]) SRV - [2008/01/21 18:54:46 \| 00,083,312 \| ---- \| M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv [Auto \| Running]) SRV - [2007/11/21 20:23:32 \| 00,129,632 \| ---- \| M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv [Auto \| Running]) SRV - [2008/01/17 18:27:34 \| 00,431,456 \| ---- \| M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv [Auto \| Running]) SRV - [2007/09/28 19:05:16 \| 00,128,360 \| ---- \| M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service [Auto \| Running]) SRV - [2007/12/03 19:03:52 \| 00,126,976 \| ---- \| M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service [Auto \| Running]) SRV - [2006/08/23 19:39:48 \| 00,049,152 \| ---- \| M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto \| Running]) SRV - [2007/01/04 16:38:08 \| 00,024,652 \| ---- \| M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto \| Running]) SRV - [2008/01/20 21:23:24 \| 00,365,568 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm [Auto \| Running]) SRV - [2008/01/20 21:23:32 \| 00,272,952 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto \| Stopped]) SRV - [2008/01/20 21:25:33 \| 00,896,512 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto \| Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mystar.sfccmo.edu/cp/home/displaylogin IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=" FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: " yahoo.com" FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12 FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=" FF - prefs.js..network.proxy.no_proxies_on: ".local" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/05/04 10:08:27 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/24 12:57:46 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/24 12:57:46 \| 00,000,000 \| ---D \| M] [2008/12/17 14:24:20 \| 00,000,000 \| ---D \| M] -- C:\Users\tyler\AppData\Roaming\mozilla\Extensions [2008/12/17 14:24:20 \| 00,000,000 \| ---D \| M] -- C:\Users\tyler\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/07/29 18:47:18 \| 00,000,000 \| ---D \| M] -- C:\Users\tyler\AppData\Roaming\mozilla\Firefox\Profiles\d2v2p3et.default\extensions [2009/03/07 09:13:09 \| 00,000,000 \| ---D \| M] -- C:\Users\tyler\AppData\Roaming\mozilla\Firefox\Profiles\d2v2p3et.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/02/19 02:06:48 \| 00,001,728 \| ---- \| M] () -- C:\Users\tyler\AppData\Roaming\Mozilla\FireFox\Profiles\d2v2p3et.default\searchplugins\aim-search.xml [2008/12/12 13:23:54 \| 00,002,158 \| ---- \| M] () -- C:\Users\tyler\AppData\Roaming\Mozilla\FireFox\Profiles\d2v2p3et.default\searchplugins\MySpace.xml [2008/12/17 14:24:02 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2009/07/24 12:57:46 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/07/24 12:57:42 \| 00,023,032 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/07/24 12:57:42 \| 00,134,648 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007/04/10 18:21:08 \| 00,163,256 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2008/11/24 15:35:00 \| 00,114,688 \| ---- \| M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2008/09/26 11:40:34 \| 00,053,248 \| ---- \| M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll [2009/07/24 12:57:44 \| 00,065,528 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007/04/16 12:07:12 \| 00,180,293 \| ---- \| M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2008/12/02 03:04:40 \| 00,001,394 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2008/12/02 03:04:40 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/06/14 05:13:50 \| 00,001,519 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml [2008/12/02 03:04:40 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2008/12/02 03:04:40 \| 00,002,343 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2008/12/02 03:04:40 \| 00,001,706 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2008/12/02 03:04:40 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe () O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe () O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe () O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe () O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe () O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation) O4 - HKCU..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe () O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/CLUE%20Classic/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} http://kr.gameguard.nprotect.com/inca/onscan//tyscan/nps.cab (Nps Control) O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/CLUE%20Classic/Images/armhelper.ocx (ArmHelper Control) O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player) O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} http://entimg.msn.com/client/msnmusax7113.cab (MsnMusicAx Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 \| 00,000,024 \| ---- \| M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found ========== Files/Folders - Created Within 14 Days ========== [6 C:\ProgramData\.tmp files] [2009/07/30 21:43:14 \| 00,000,520 \| ---- \| C] () -- C:\Users\tyler\Desktop\OTL.exe - Shortcut.lnk [2009/07/29 20:00:24 \| 00,000,000 \| ---- \| C] () -- C:\Windows\System32\settings.dat [2009/07/29 19:50:21 \| 06,291,456 \| -H-- \| C] () -- C:\Users\tyler\AppData\Local\IconCache.db [2009/07/29 19:31:13 \| 00,000,000 \| ---D \| C] -- C:\Users\tyler\AppData\Roaming\Malwarebytes [2009/07/29 19:31:10 \| 00,000,789 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/07/29 19:31:08 \| 00,038,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/07/29 19:31:06 \| 00,019,096 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/07/29 19:31:06 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/07/29 19:31:06 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/07/29 19:23:30 \| 00,000,566 \| ---- \| C] () -- C:\Users\tyler\Desktop\erunt_setup - Shortcut.lnk [2009/07/29 18:58:13 \| 00,000,520 \| ---- \| C] () -- C:\Users\tyler\Desktop\TFC - Shortcut.lnk [2009/07/29 17:58:55 \| 00,000,000 \| ---D \| C] -- C:\Users\tyler\AppData\Local\temp [2009/07/29 17:58:48 \| 00,000,000 \| -HSD \| C] -- C:\$RECYCLE.BIN [2009/07/29 15:49:30 \| 21,374,48448 \| -HS- \| C] () -- C:\hiberfil.sys [2009/07/29 12:54:14 \| 00,219,648 \| ---- \| C] () -- C:\Windows\PEV.exe [2009/07/29 11:31:15 \| 00,000,556 \| ---- \| C] () -- C:\Users\tyler\Desktop\Combo-fix - Shortcut.lnk [2009/07/28 21:25:39 \| 00,023,152 \| ---- \| C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys [2009/07/28 21:25:39 \| 00,001,820 \| ---- \| C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk [2009/07/28 21:25:38 \| 00,051,376 \| ---- \| C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys [2009/07/28 21:25:36 \| 00,097,480 \| ---- \| C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr [2009/07/28 21:25:35 \| 00,114,768 \| ---- \| C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys [2009/07/28 21:25:35 \| 00,020,560 \| ---- \| C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2009/07/28 21:25:00 \| 01,256,296 \| ---- \| C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe [2009/07/28 21:25:00 \| 00,380,928 \| ---- \| C] () -- C:\Windows\System32\actskin4.ocx [2009/07/28 21:25:00 \| 00,051,792 \| ---- \| C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2009/07/28 21:24:58 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Alwil Software [2009/07/27 19:42:46 \| 00,000,000 \| ---D \| C] -- C:\Windows\Minidump [2009/07/27 19:41:33 \| 16,241,6979 \| ---- \| C] () -- C:\Windows\MEMORY.DMP [2009/07/27 15:30:34 \| 00,000,000 \| ---D \| C] -- C:\Windows\ERDNT [2009/07/27 09:32:53 \| 00,159,600 \| ---- \| C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2009/07/27 09:32:22 \| 00,130,936 \| ---- \| C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2009/07/27 09:32:22 \| 00,073,840 \| ---- \| C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2009/07/27 09:32:03 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\PC Tools [2009/07/27 09:32:02 \| 00,064,392 \| ---- \| C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2009/07/27 09:31:58 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\PC Tools ========== Files - Modified Within 14 Days ========== [6 C:\ProgramData\*.tmp files] [2009/07/30 21:43:14 \| 00,000,520 \| ---- \| M] () -- C:\Users\tyler\Desktop\OTL.exe - Shortcut.lnk [2009/07/30 21:33:33 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2009/07/30 21:33:33 \| 00,003,616 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/07/30 21:33:33 \| 00,003,616 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/07/29 21:46:14 \| 00,694,964 \| ---- \| M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/07/29 21:46:14 \| 00,598,588 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2009/07/29 21:46:14 \| 00,102,194 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2009/07/29 21:40:49 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2009/07/29 21:40:34 \| 21,374,48448 \| -HS- \| M] () -- C:\hiberfil.sys [2009/07/29 21:39:31 \| 06,291,456 \| -H-- \| M] () -- C:\Users\tyler\AppData\Local\IconCache.db [2009/07/29 20:00:24 \| 00,000,000 \| ---- \| M] () -- C:\Windows\System32\settings.dat [2009/07/29 19:31:10 \| 00,000,789 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/07/29 19:23:30 \| 00,000,566 \| ---- \| M] () -- C:\Users\tyler\Desktop\erunt_setup - Shortcut.lnk [2009/07/29 18:58:13 \| 00,000,520 \| ---- \| M] () -- C:\Users\tyler\Desktop\TFC - Shortcut.lnk [2009/07/29 18:00:00 \| 00,000,408 \| ---- \| M] () -- C:\Windows\tasks\Norton Security Scan for tyler.job [2009/07/29 17:56:38 \| 00,000,215 \| ---- \| M] () -- C:\Windows\system.ini [2009/07/29 11:31:15 \| 00,000,556 \| ---- \| M] () -- C:\Users\tyler\Desktop\Combo-fix - Shortcut.lnk [2009/07/28 21:25:39 \| 00,001,820 \| ---- \| M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk [2009/07/28 21:25:34 \| 00,002,577 \| ---- \| M] () -- C:\Windows\System32\config.nt [2009/07/27 19:42:46 \| 16,241,6979 \| ---- \| M] () -- C:\Windows\MEMORY.DMP [2009/07/27 09:32:05 \| 00,001,730 \| ---- \| M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk ========== LOP Check ========== [2009/07/29 19:31:13 \| 00,000,000 \| ---D \| M] -- C:\Users\tyler\AppData\Roaming [2009/06/12 02:13:10 \| 00,000,000 \| ---D \| M] -- C:\Users\tyler\AppData\Roaming\GamesCafe [2008/07/22 14:46:07 \| 00,000,000 \| ---D \| M] -- C:\Users\tyler\AppData\Roaming\iWin [2008/12/30 23:47:50 \| 00,000,000 \| ---D \| M] -- C:\Users\tyler\AppData\Roaming\Lexmark Productivity Studio [2008/07/22 21:09:10 \| 00,000,000 \| ---D \| M] -- C:\Users\tyler\AppData\Roaming\Ludia [2006/11/02 07:37:34 \| 00,000,000 \| ---D \| M] -- C:\Users\tyler\AppData\Roaming\Media Center Programs [2009/01/19 10:55:12 \| 00,000,000 \| ---D \| M] -- C:\Users\tyler\AppData\Roaming\Sony [2009/06/12 02:11:39 \| 00,000,000 \| ---D \| M] -- C:\Users\tyler\AppData\Roaming\SpinTop [2009/01/19 00:33:57 \| 00,000,000 \| ---D \| M] -- C:\Users\tyler\AppData\Roaming\Template [2009/05/27 19:03:36 \| 00,000,000 \| ---D \| M] -- C:\Users\tyler\AppData\Roaming\TOSHIBA [2008/08/19 18:50:00 \| 00,000,000 \| ---D \| M] -- C:\Users\tyler\AppData\Roaming\U3 [2008/09/04 10:51:59 \| 00,000,000 \| ---D \| M] -- C:\Users\tyler\AppData\Roaming\Ulead Systems [2008/11/26 04:07:52 \| 00,000,000 \| ---D \| M] -- C:\Users\tyler\AppData\Roaming\uTorrent [2008/07/21 11:56:36 \| 00,000,000 \| ---D \| M] -- C:\Users\tyler\AppData\Roaming\WildTangent [2008/07/23 00:24:20 \| 00,000,000 \| ---D \| M] -- C:\Users\tyler\AppData\Roaming\WinBatch [2009/07/29 18:00:00 \| 00,000,408 \| ---- \| M] () -- C:\Windows\Tasks\Norton Security Scan for tyler.job [2009/07/29 21:40:49 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\Tasks\SA.DAT [2009/07/29 21:39:47 \| 00,032,528 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\tyler\Documents\Fort Minor- Where'd You Go.mp3:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\tyler\Documents\178681.mp3:TOC.WMV @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:7C9E34A2 < End of report >

chamber View Member Profile	Jul 31 2009, 10:51 AM Post #7
Trusted Helper Posts: 1,823 From: ~/ OS: Linux all the way!	Hi dogee54, Can you describe what problems you are experiencing? 1) Remove Programs I see you have Viewpoint installed... Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know from this article: Viewpoint to Plunge Into Adware I suggest you remove the program now. You have some remnants of Norton on your system, did you previously have it installed? HERE is a link to the Norton Removal Tool. 2) OTL Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :OTL PRC - [2007/01/04 16:38:08 \| 00,024,652 \| ---- \| M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe SRV - [2007/01/04 16:38:08 \| 00,024,652 \| ---- \| M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto \| Running]) [2007/04/16 12:07:12 \| 00,180,293 \| ---- \| M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2009/07/29 18:00:00 \| 00,000,408 \| ---- \| M] () -- C:\Windows\tasks\Norton Security Scan for tyler.job [2008/11/26 04:07:52 \| 00,000,000 \| ---D \| M] -- C:\Users\tyler\AppData\Roaming\uTorrent :Services :Reg :Files :Commands [purity] [emptytemp] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done 3) OTS To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link. Download OTS to your Desktop Close ALL OTHER PROGRAMS. Double-click on OTS.exe to start the program. Check the box that says Scan All Users Under Additional Scans check the following: File - Lop Check File - Purity Scan Evnt - EvtViewer (last 10) Now click the Run Scan button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Please attach the log in your next post. To attach a file, do the following: Click Add Reply Under the reply panel is the Attachments Panel Browse for the attachment file you want to upload, then click the green Upload button Once it has uploaded, click the Manage Current Attachments drop down box Click on to insert the attachment into your post In your reply I would like to see, 1) OTS log (please attach this) 2) OTL fix log (please copy and paste this)

dogee54 View Member Profile	Jul 31 2009, 09:19 PM Post #8
Member Posts: 34 OS: windows xp	All processes killed ========== OTL ========== No active process named ViewpointService.exe was found! Service\Driver Viewpoint Manager Service deleted successfully. C:\Program Files\Viewpoint\Common\ViewpointService.exe moved successfully. DllUnregisterServer procedure not found in C:\Program Files\mozilla firefox\plugins\npViewpoint.dll C:\Program Files\mozilla firefox\plugins\npViewpoint.dll NOT unregistered. C:\Program Files\mozilla firefox\plugins\npViewpoint.dll moved successfully. C:\Windows\tasks\Norton Security Scan for tyler.job moved successfully. C:\Users\tyler\AppData\Roaming\uTorrent moved successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Mcx1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: tyler ->Temp folder emptied: 21182265 bytes ->Temporary Internet Files folder emptied: 12285693 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 34322973 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. Windows Temp folder emptied: 19010 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 64.67 mb OTL by OldTimer - Version 3.0.10.3 log created on 07312009_221312 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...

dogee54 View Member Profile	Jul 31 2009, 09:29 PM Post #9
Member Posts: 34 OS: windows xp	Here it is. Thanks so much for your help. Running better already. Attached File(s) OTL.Txt ( 119.46K ) Number of downloads: 5

chamber View Member Profile	Aug 1 2009, 11:40 AM Post #10
Trusted Helper Posts: 1,823 From: ~/ OS: Linux all the way!	Hi, Could you run OTS rather than OTL and attach that file for me please?

dogee54 View Member Profile	Aug 1 2009, 10:18 PM Post #11
Member Posts: 34 OS: windows xp	OTS.Txt ( 182.31K ) Number of downloads: 6 OTS.Txt ( 182.31K ) Number of downloads: 6 OTS.Txt ( 182.31K ) Number of downloads: 6 [attachment=32510:OTS.Txt]

dogee54 View Member Profile	Aug 1 2009, 10:20 PM Post #12
Member Posts: 34 OS: windows xp	OK sorry, I posted 3 of the same file. Thanks again!!

chamber View Member Profile	Aug 2 2009, 10:44 AM Post #13
Trusted Helper Posts: 1,823 From: ~/ OS: Linux all the way!	Hi dogee54, Can you let me know what problems you were having? 1) OTS Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button. QUOTE [Kill All Processes] [Unregister Dlls] [Registry - Safe List] < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> YN -> HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> YN -> HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] < FireFox Plugins [Program Folders] > -> YY -> npViewpoint.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npViewpoint.xpt < FireFox SearchPlugins [Program Folders] > -> YY -> avg_igeared.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\avg_igeared.xml < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1452565212-3830894032-3070308988-1000\] > -> HKEY_USERS\S-1-5-21-1452565212-3830894032-3070308988-1000\Software\Microsoft\Internet Explorer\Toolbar\ YN -> WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] [Files/Folders - Created Within 30 Days] NY -> NortonInstaller -> C:\ProgramData\NortonInstaller NY -> N360BUOptions.ini -> C:\ProgramData\N360BUOptions.ini [Files/Folders - Modified Within 30 Days] NY -> Combo-fix - Shortcut.lnk -> C:\Users\tyler\Desktop\Combo-fix - Shortcut.lnk [Empty Temp Folders] [Start Explorer] [Reboot] The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here I will review the information when it comes back in. 2) Malwarebytes Please download Malwarebytes' Anti-Malware from Here. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly. 3) JavaRa Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. 4) Kaspersky scan Please do an online scan with Kaspersky WebScanner Click on Accept You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. In your reply I would like to see copied and pasted, 1) OTS log 2) Malwarebytes log 3) Kaspersky scan

dogee54 View Member Profile	Aug 2 2009, 10:02 PM Post #14
Member Posts: 34 OS: windows xp	All Processes Killed [Registry - Safe List] Registry key HKEY_USERS\EFAULT\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found. Registry key HKEY_USERS\1-5-18\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found. C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npViewpoint.xpt moved successfully. C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\avg_igeared.xml moved successfully. Registry value HKEY_USERS\S-1-5-21-1452565212-3830894032-3070308988-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found. [Files/Folders - Created Within 30 Days] C:\ProgramData\NortonInstaller\Settings folder moved successfully. C:\ProgramData\NortonInstaller\Logs\07-31-2009-21h59m54s folder moved successfully. C:\ProgramData\NortonInstaller\Logs folder moved successfully. C:\ProgramData\NortonInstaller folder moved successfully. C:\ProgramData\N360BUOptions.ini moved successfully. [Files/Folders - Modified Within 30 Days] C:\Users\tyler\Desktop\Combo-fix - Shortcut.lnk moved successfully. [Empty Temp Folders] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Mcx1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: tyler ->Temp folder emptied: 694500 bytes File delete failed. C:\Users\tyler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 10026613 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 34947976 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. File delete failed. C:\Windows\temp\~DFFCE.tmp scheduled to be deleted on reboot. File delete failed. C:\Windows\temp\~DFFD6.tmp scheduled to be deleted on reboot. Windows Temp folder emptied: 562494 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 44.09 mb < End of fix log > OTS by OldTimer - Version 3.0.10.1 fix logfile created on 08022009_225412 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. File\Folder C:\Windows\temp\~DFFCE.tmp not found! File\Folder C:\Windows\temp\~DFFD6.tmp not found! Registry entries deleted on Reboot...

dogee54 View Member Profile	Aug 2 2009, 10:12 PM Post #15
Member Posts: 34 OS: windows xp	Malwarebytes' Anti-Malware 1.39 Database version: 2548 Windows 6.0.6001 Service Pack 1 8/2/2009 11:10:52 PM mbam-log-2009-08-02 (23-10-52).txt Scan type: Quick Scan Objects scanned: 90639 Time elapsed: 4 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal (Solved)Trojan horse Generic13.BZUK [Solved]	2 / 279	20th July 2009 - 03:49 PM Tikatu started - last by fenzodahl512
Virus, Spyware and Trojan Removal Trojan horse crpt izo [Solved] 12	18 / 168	8th November 2009 - 05:53 AM bluesboy2000 started - last by Essexboy
Virus, Spyware and Trojan Removal Trojan Horse generic14.AOEG [Solved]	8 / 96	9th November 2009 - 03:15 PM Chandra Love started - last by Essexboy
Virus, Spyware and Trojan Removal Trojan horse Rootkit-Pakes.U [Solved] 12	28 / 314	17th November 2009 - 12:34 PM nancywoo started - last by Essexboy