Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old March 30th, 2012, 05:16 PM
detsi detsi is offline
Senior Member
 
Join Date: Jan 2011
O/S: Windows Vista 32-bit
Location: UK
Posts: 139
Home page changed

Hi, it seems that I have a virus,. My iGoogle homepage has been changed to Ask int. This has resulted from a problem since I attempted to install a link to download an Open office update via a program called Openfreely. Please help.
Reply With Quote


  #2  
Old March 30th, 2012, 05:44 PM
detsi detsi is offline
Senior Member
 
Join Date: Jan 2011
O/S: Windows Vista 32-bit
Location: UK
Posts: 139
I have removed Openfreely via Control panel and re-booted. My iGoogle homepage is back and I have ran full scans with MBAM and MSE but I would appreciate some confirmation that every thing is OK.

Last edited by detsi; March 30th, 2012 at 09:38 PM. Reason: mis spelling
Reply With Quote
  #3  
Old March 30th, 2012, 11:58 PM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,862
Hello detsi,

Today, 12:16 PM
Today, 12:44 PM

You're just a little quicker on the draw than our volunteer helpers here can respond to. But sure, let's take a look at things. No more changes there please unless we discuss them here.


If the system is Vista/Windows7, when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
  • If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


A lot, but comprehensive, and will make sure we get a good view of everything.
Reply With Quote
  #4  
Old March 31st, 2012, 09:47 AM
detsi detsi is offline
Senior Member
 
Join Date: Jan 2011
O/S: Windows Vista 32-bit
Location: UK
Posts: 139
Apologies if I appeared impatient, Jintan. I was only intending to present as much information as poss

OTL logfile created on: 31/03/2012 09:33:44 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\tedisted\bios-20090430111000\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 46.37% Memory free
3.74 Gb Paging File | 2.48 Gb Available in Paging File | 66.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 35.25 Gb Free Space | 47.40% Space Free | Partition Type: NTFS
Drive E: | 73.21 Gb Total Space | 64.61 Gb Free Space | 88.25% Space Free | Partition Type: NTFS

Computer Name: TEDISTED-PC | User Name: tedisted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/31 09:32:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\tedisted\bios-20090430111000\Desktop\OTL.exe
PRC - [2012/03/10 02:36:06 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/25 23:04:42 | 001,668,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/02/25 23:04:42 | 000,972,600 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/01/10 15:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 15:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/10/26 16:00:16 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
PRC - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/17 00:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 00:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/11 00:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/08 14:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/03/19 13:35:42 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/01/17 16:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/12/03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2005/07/15 22:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/30 09:46:44 | 008,797,344 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_20 2_228.dll
MOD - [2012/03/10 02:36:08 | 001,911,736 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/27 19:26:06 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\Rapport MS\baseline\RapportMS.dll
MOD - [2012/02/16 04:36:47 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web\2598077ccea480c6120d3a1ad4455be0\System.We b.ni.dll
MOD - [2012/02/16 04:36:16 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784 \System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 04:31:40 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xm l.ni.dll
MOD - [2012/02/16 04:31:20 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3 \System.Windows.Forms.ni.dll
MOD - [2012/02/16 04:31:08 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\137696d0416b65dbc1561152971488b4\Syste m.Drawing.ni.dll
MOD - [2012/02/16 04:29:38 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/10/12 18:57:39 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni .dll
MOD - [2008/10/08 11:28:54 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysMa nager.Graphics.Wizard\2.0.3034.36909__90ba9c70f846 762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l
MOD - [2008/10/08 11:28:54 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Ru ntime\2.0.3034.36868__90ba9c70f846762e\CLI.Caste.G raphics.Runtime.dll
MOD - [2008/10/08 11:28:54 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre .Graphics.Wizard\2.0.3034.36922__90ba9c70f846762e\ CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008/10/08 11:28:54 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.G raphics.Runtime\2.0.3034.37102__90ba9c70f846762e\C LI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008/10/08 11:28:54 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.G raphics.Runtime\2.0.3034.37066__90ba9c70f846762e\C LI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008/10/08 11:28:54 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wi zard\2.0.3034.36901__90ba9c70f846762e\CLI.Caste.Gr aphics.Wizard.dll
MOD - [2008/10/08 11:28:54 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProp erty.Graphics.Runtime\2.0.3034.37022__90ba9c70f846 762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l
MOD - [2008/10/08 11:28:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHan dling.Graphics.Runtime\2.0.3034.36888__90ba9c70f84 6762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll
MOD - [2008/10/08 11:28:50 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode. Graphics.Wizard\2.0.3034.37132__90ba9c70f846762e\C LI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008/10/08 11:28:24 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Gr aphics.Dashboard\2.0.3034.37138__90ba9c70f846762e\ CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008/10/08 11:28:24 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Da shboard\2.0.3034.36881__90ba9c70f846762e\CLI.Caste .Graphics.Dashboard.dll
MOD - [2008/10/08 11:28:23 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.G raphics.Dashboard\2.0.3034.37074__90ba9c70f846762e \CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008/10/08 11:28:23 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.G raphics.Wizard\2.0.3034.37080__90ba9c70f846762e\CL I.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008/10/08 11:28:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.G raphics.Runtime\2.0.3034.37073__90ba9c70f846762e\C LI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008/10/08 11:28:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayD PPE.Graphics.Runtime\2.0.3034.37130__90ba9c70f8467 62e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008/10/08 11:28:22 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Gr aphics.Wizard\2.0.3034.37094__90ba9c70f846762e\CLI .Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008/10/08 11:28:21 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Gr aphics.Dashboard\2.0.3034.37030__90ba9c70f846762e\ CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008/10/08 11:28:21 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysCo lour2.Graphics.Dashboard\2.0.3034.36935__90ba9c70f 846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll
MOD - [2008/10/08 11:28:21 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysMa nager.Graphics.Dashboard\2.0.3034.36889__90ba9c70f 846762e\CLI.Aspect.DisplaysManager.Graphics.Dashbo ard.dll
MOD - [2008/10/08 11:28:21 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre .Graphics.Dashboard\2.0.3034.36928__90ba9c70f84676 2e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008/10/08 11:28:21 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOp tions.Graphics.Dashboard\2.0.3034.37045__90ba9c70f 846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll
MOD - [2008/10/08 11:28:21 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Gr aphics.Runtime\2.0.3034.37030__90ba9c70f846762e\CL I.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008/10/08 11:28:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysCo lour2.Graphics.Runtime\2.0.3034.36941__90ba9c70f84 6762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll
MOD - [2008/10/08 11:28:21 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOp tions.Graphics.Runtime\2.0.3034.37044__90ba9c70f84 6762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll
MOD - [2008/10/08 11:28:20 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT. Graphics.Dashboard\2.0.3034.37023__90ba9c70f846762 e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008/10/08 11:28:20 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD. Graphics.Dashboard\2.0.3034.37059__90ba9c70f846762 e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008/10/08 11:28:20 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD. Graphics.Wizard\2.0.3034.36941__90ba9c70f846762e\C LI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008/10/08 11:28:20 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP. Graphics.Runtime\2.0.3034.37022__90ba9c70f846762e\ CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008/10/08 11:28:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT. Graphics.Runtime\2.0.3034.37030__90ba9c70f846762e\ CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008/10/08 11:28:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD. Graphics.Runtime\2.0.3034.37058__90ba9c70f846762e\ CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008/10/08 11:28:19 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.29 39.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/10/08 11:28:19 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Sh ared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Gr aphics.Shared.dll
MOD - [2008/10/08 11:28:19 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2. 0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601. dll
MOD - [2008/10/08 11:28:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.29 39.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/10/08 11:28:19 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManif est\2.0.2939.23802__90ba9c70f846762e\CLI.Foundatio n.XManifest.dll
MOD - [2008/10/08 11:28:19 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0 .2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dl l
MOD - [2008/10/08 11:28:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939 .23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008/10/08 11:28:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard. Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Compon ent.Wizard.Shared.dll
MOD - [2008/10/08 11:28:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboa rd.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Com ponent.Dashboard.Shared.dll
MOD - [2008/10/08 11:28:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client. Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Compon ent.Client.Shared.dll
MOD - [2008/10/08 11:28:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Sh ared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.H otkeys.Shared.dll
MOD - [2008/10/08 11:28:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shar ed\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CC AA.Shared.dll
MOD - [2008/10/08 11:28:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.29 39.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/10/08 11:28:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717 __90ba9c70f846762e\DEM.OS.dll
MOD - [2008/10/08 11:28:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2. 0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706. dll
MOD - [2008/10/08 11:28:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939 .23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008/10/08 11:28:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.25 73.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008/10/08 11:28:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime .Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Compo nent.Runtime.Shared.dll
MOD - [2008/10/08 11:28:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wi zard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.C aste.Graphics.Wizard.Shared.dll
MOD - [2008/10/08 11:28:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Da shboard.Shared\2.0.2939.23718__90ba9c70f846762e\CL I.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008/10/08 11:28:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\ 2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Sha red.dll
MOD - [2008/10/08 11:28:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared \2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.S hared.dll
MOD - [2008/10/08 11:28:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Share d\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE .Shared.dll
MOD - [2008/10/08 11:28:19 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90b a9c70f846762e\atixclib.dll
MOD - [2008/10/08 11:28:18 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.G raphics.Shared\2.0.2965.22300__90ba9c70f846762e\CL I.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008/10/08 11:28:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.G raphics.Shared\2.0.2939.23743__90ba9c70f846762e\CL I.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008/10/08 11:28:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT. Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\C LI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008/10/08 11:28:18 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Gr aphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI .Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008/10/08 11:28:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP. Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\C LI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008/10/08 11:28:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode. Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\C LI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008/10/08 11:28:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.G raphics.Shared\2.0.2939.23742__90ba9c70f846762e\CL I.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008/10/08 11:28:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProp erty.Graphics.Shared\2.0.2939.23708__90ba9c70f8467 62e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008/10/08 11:28:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayD PPE.Graphics.Shared\2.0.2939.23763__90ba9c70f84676 2e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008/10/08 11:28:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysCo lour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846 762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l
MOD - [2008/10/08 11:28:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD. Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\C LI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008/10/08 11:28:18 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOp tions.Graphics.Shared\2.0.2939.23741__90ba9c70f846 762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l
MOD - [2008/10/08 11:28:18 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomForm ats.Graphics.Shared\2.0.2939.23711__90ba9c70f84676 2e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008/10/08 11:28:18 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.29 39.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008/10/08 11:28:18 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.Displays Manager.Shared\2.0.2573.17685__90ba9c70f846762e\AC E.Graphics.DisplaysManager.Shared.dll
MOD - [2008/10/08 11:28:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHan dling.Graphics.Shared\2.0.2939.23719__90ba9c70f846 762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l
MOD - [2008/10/08 11:28:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.29 39.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008/10/08 11:28:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0 .2939.23687__90ba9c70f846762e\AEM.Server.Shared.dl l
MOD - [2008/10/08 11:28:07 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\ 2.0.3034.36895__90ba9c70f846762e\CLI.Component.Wiz ard.dll
MOD - [2008/10/08 11:28:07 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2. 0.3034.37123__90ba9c70f846762e\MOM.Implementation. dll
MOD - [2008/10/08 11:28:07 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime \2.0.3034.36861__90ba9c70f846762e\CLI.Component.Ru ntime.dll
MOD - [2008/10/08 11:28:07 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implem entation\2.0.3034.37122__90ba9c70f846762e\LOG.Foun dation.Implementation.dll
MOD - [2008/10/08 11:28:07 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime .Shared.Private\2.0.2939.23713__90ba9c70f846762e\C LI.Component.Runtime.Shared.Private.dll
MOD - [2008/10/08 11:28:07 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Privat e\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation. Private.dll
MOD - [2008/10/08 11:28:07 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit .Server\2.0.3034.37150__90ba9c70f846762e\AEM.Plugi n.Source.Kit.Server.dll
MOD - [2008/10/08 11:28:07 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Privat e\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation. Private.dll
MOD - [2008/10/08 11:28:07 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard. Shared.Private\2.0.2939.23694__90ba9c70f846762e\CL I.Component.Wizard.Shared.Private.dll
MOD - [2008/10/08 11:28:07 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implem entation.Private\2.0.2939.23712__90ba9c70f846762e\ LOG.Foundation.Implementation.Private.dll
MOD - [2008/10/08 11:28:07 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboa rd.Shared.Private\2.0.2939.23711__90ba9c70f846762e \CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008/10/08 11:28:07 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundati on.Private\2.0.2939.23677__90ba9c70f846762e\LOCALI ZATION.Foundation.Private.dll
MOD - [2008/10/08 11:28:07 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime .Extension.EEU\2.0.3034.36860__90ba9c70f846762e\CL I.Component.Runtime.Extension.EEU.dll
MOD - [2008/10/08 11:28:06 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboa rd\2.0.3034.36876__90ba9c70f846762e\CLI.Component. Dashboard.dll
MOD - [2008/10/08 11:28:06 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3034.368 61__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008/10/08 11:28:06 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3034.3 6859__90ba9c70f846762e\APM.Server.dll
MOD - [2008/10/08 11:28:06 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3034.3 6860__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/10/08 11:28:06 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client. Shared.Private\2.0.2939.23689__90ba9c70f846762e\CL I.Component.Client.Shared.Private.dll
MOD - [2008/10/08 11:28:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2. 0.3034.37123__90ba9c70f846762e\CCC.Implementation. dll
MOD - [2008/10/08 11:28:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90b a9c70f846762e\ATICCCom.dll
MOD - [2008/10/08 11:28:06 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Ru ntime.Shared.Private\2.0.2939.23746__90ba9c70f8467 62e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008/04/22 21:05:08 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/03/06 10:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/12/25 12:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 21:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/10 11:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/03/30 11:43:21 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/25 23:04:42 | 000,972,600 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/10 15:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2010/10/26 16:00:16 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/08/25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/11 00:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\tedisted\AppData\Local\Temp\cpuz132\cpuz1 32_x32.sys -- (cpuz132)
DRV - [2012/02/27 19:26:05 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\Rapport MS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2012/02/25 23:05:04 | 000,166,672 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/02/25 23:05:04 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/02/25 23:05:04 | 000,065,680 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/12/15 17:50:20 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\Rapport Cerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/04/27 03:25:14 | 000,132,608 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2010/04/27 03:25:14 | 000,104,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2010/04/27 03:25:14 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2010/02/26 15:54:00 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\RapportBuka.sys -- (RapportBuka)
DRV - [2008/07/29 06:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/15 19:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/04/28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/22 23:36:32 | 003,551,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/10 21:25:30 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/02/27 18:36:02 | 000,141,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2007/11/09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/30 10:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========
Reply With Quote
  #5  
Old March 31st, 2012, 09:49 AM
detsi detsi is offline
Senior Member
 
Join Date: Jan 2011
O/S: Windows Vista 32-bit
Location: UK
Posts: 139
========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdom...TSEE&bmod=TSEE
IE - HKLM\..\SearchScopes,DefaultScope = {4DE7069F-2845-459E-9F48-EED3193FE2F1}
IE - HKLM\..\SearchScopes\{4DE7069F-2845-459E-9F48-EED3193FE2F1}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7TSEE;


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2960984267-221489578-840608436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2960984267-221489578-840608436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/web?l=dis&o=16552&gct=hp&apn_dtid=^YYYYYY^YY^GB&ap n_ptnrs=^A9T&apn_uid=5525300572034605&p2=^A9T^YYYY YY^YY^GB
IE - HKU\S-1-5-21-2960984267-221489578-840608436-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2960984267-221489578-840608436-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2960984267-221489578-840608436-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2960984267-221489578-840608436-1000\..\SearchScopes,DefaultScope = {4DE7069F-2845-459E-9F48-EED3193FE2F1}
IE - HKU\S-1-5-21-2960984267-221489578-840608436-1000\..\SearchScopes\{4DE7069F-2845-459E-9F48-EED3193FE2F1}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7TSEE_enGB344
IE - HKU\S-1-5-21-2960984267-221489578-840608436-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7TSEE_enGB344&ie={inp utEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2960984267-221489578-840608436-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=fuiLfYJGyCrrMSEx5uIfSNRV6CI?q={searchTerm s}
IE - HKU\S-1-5-21-2960984267-221489578-840608436-1000\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = http://eu.ask.com/web?l=dis&o=16552&gct=sb&qsrc=2869&apn_dtid=^YYYYY Y^YY^GB&apn_ptnrs=^A9T&apn_uid=5525300572034605&p2 =^A9T^YYYYYY^YY^GB&q={searchTerms}
IE - HKU\S-1-5-21-2960984267-221489578-840608436-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box_im2_test_v2
IE - HKU\S-1-5-21-2960984267-221489578-840608436-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com/ig"
FF - prefs.js..keyword.URL: "http://eu.ask.com/web?l=dis&o=16552&gct=kwd&qsrc=2869&apn_dtid=^YYYY YY^YY^GB&apn_ptnrs=^A9T&apn_uid=5525300572034605&p 2=^A9T^YYYYYY^YY^GB&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_20 2_228.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/15 22:10:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/16 11:40:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Ex tensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009/09/10 13:46:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tedisted\AppData\Roaming\Mozilla\Extensio ns
[2012/03/30 16:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tedisted\AppData\Roaming\Mozilla\Firefox\ Profiles\tqajbbn4.default\extensions
[2012/03/13 18:50:30 | 000,000,000 | ---D | M] (FT SilverGlow) -- C:\Users\tedisted\AppData\Roaming\Mozilla\Firefox\ Profiles\tqajbbn4.default\extensions\{014fe8e0-6553-11e0-ae3e-0800200c9a66}
[2010/06/24 17:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tedisted\AppData\Roaming\Mozilla\Firefox\ Profiles\tqajbbn4.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}-trash
[2012/03/02 22:45:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\tedisted\AppData\Roaming\Mozilla\Firefox\ Profiles\tqajbbn4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/03/24 16:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tedisted\AppData\Roaming\Mozilla\Firefox\ Profiles\tqajbbn4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}-trash
[2012/03/13 10:46:07 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\tedisted\AppData\Roaming\Mozilla\Firefox\ Profiles\tqajbbn4.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012/03/13 19:06:38 | 000,000,000 | ---D | M] (Foxdie (Graphite)) -- C:\Users\tedisted\AppData\Roaming\Mozilla\Firefox\ Profiles\tqajbbn4.default\extensions\FoxdieGraphit e@tanjihay.com
[2012/03/17 19:27:46 | 000,000,931 | ---- | M] () -- C:\Users\tedisted\AppData\Roaming\Mozilla\Firefox\ Profiles\tqajbbn4.default\searchplugins\dictionary .xml
[2011/02/07 18:45:25 | 000,001,050 | ---- | M] () -- C:\Users\tedisted\AppData\Roaming\Mozilla\Firefox\ Profiles\tqajbbn4.default\searchplugins\siteadviso r.xml
[2012/03/28 07:44:42 | 000,002,112 | ---- | M] () -- C:\Users\tedisted\AppData\Roaming\Mozilla\Firefox\ Profiles\tqajbbn4.default\searchplugins\wot-safe-search.xml
[2011/07/21 21:07:58 | 000,002,057 | ---- | M] () -- C:\Users\tedisted\AppData\Roaming\Mozilla\Firefox\ Profiles\tqajbbn4.default\searchplugins\youtube-video-search.xml
[2012/03/30 16:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\TEDISTED\APPDATA\ROAMING\MOZILLA\FIREFOX\ PROFILES\TQAJBBN4.DEFAULT\EXTENSIONS\{C6FB3A99-0BF0-4AB3-9B5B-9FE631D6CDE3}.XPI
() (No name found) -- C:\USERS\TEDISTED\APPDATA\ROAMING\MOZILLA\FIREFOX\ PROFILES\TQAJBBN4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\TEDISTED\APPDATA\ROAMING\MOZILLA\FIREFOX\ PROFILES\TQAJBBN4.DEFAULT\EXTENSIONS\FASTERFOX_LIT E@BIGREDBRENT.XPI
[2012/03/10 02:36:40 | 000,134,072 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/20 22:56:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/30 16:41:25 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ask.xml
[2012/03/10 02:35:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/10 02:35:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2960984267-221489578-840608436-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2960984267-221489578-840608436-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/...k-21&site=home File not found
O15 - HKU\S-1-5-21-2960984267-221489578-840608436-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2960984267-221489578-840608436-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{2E836A96-66C5-4E61-BA82-906CCFC3FCCC}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3 .dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3 .dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\tedisted\AppData\Roaming\Mozilla\Firefox\ Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\tedisted\AppData\Roaming\Mozilla\Firefox\ Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/31 09:32:28 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\tedisted\bios-20090430111000\Desktop\OTL.exe
[2012/03/30 12:56:21 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012/03/30 12:52:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/30 12:52:30 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/30 12:52:30 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/30 09:46:46 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/03/22 20:12:12 | 004,435,968 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2012/03/14 11:50:01 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/14 11:49:58 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/14 11:49:58 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/14 11:49:58 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/14 11:49:58 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/14 11:49:58 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/14 11:49:35 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/03/13 12:22:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/13 12:22:13 | 000,000,000 | ---D | C] -- C:\Users\tedisted\AppData\Local\temp
[2012/03/13 12:20:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/13 11:12:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/09 08:55:05 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\80066998.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/31 09:37:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/31 09:32:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\tedisted\bios-20090430111000\Desktop\OTL.exe
[2012/03/31 09:24:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/31 08:50:25 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/31 08:50:25 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/31 08:50:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/30 21:18:08 | 000,611,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/30 21:18:08 | 000,109,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/30 21:15:05 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/30 21:12:59 | 1876,783,104 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/30 20:29:55 | 000,367,257 | ---- | M] () -- C:\Users\tedisted\AppData\Local\census.cache
[2012/03/30 20:29:49 | 000,183,440 | ---- | M] () -- C:\Users\tedisted\AppData\Local\ars.cache
[2012/03/30 17:04:43 | 000,284,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/30 12:56:23 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012/03/30 11:43:20 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/03/30 11:43:20 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/22 20:12:12 | 004,435,968 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2012/03/15 22:10:25 | 000,000,875 | ---- | M] () -- C:\Users\tedisted\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/15 22:10:25 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/09 08:55:05 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\80066998.sys
[2012/03/06 13:33:27 | 000,010,945 | ---- | M] () -- C:\Users\tedisted\Documents\joan.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/30 20:10:07 | 1876,783,104 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/30 16:43:02 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/03/30 12:56:23 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012/03/30 09:46:47 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/06 13:24:35 | 000,010,945 | ---- | C] () -- C:\Users\tedisted\Documents\joan.odt
[2011/09/09 21:06:49 | 000,367,257 | ---- | C] () -- C:\Users\tedisted\AppData\Local\census.cache
[2011/09/09 21:06:26 | 000,183,440 | ---- | C] () -- C:\Users\tedisted\AppData\Local\ars.cache
[2010/08/15 12:04:01 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/08/15 12:04:01 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/04/17 11:16:16 | 000,000,036 | ---- | C] () -- C:\Users\tedisted\AppData\Local\housecall.guid.cac he

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:3BFA9622
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C10D19E3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:91EA783C
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:73933431
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
Reply With Quote
  #6  
Old March 31st, 2012, 09:51 AM
detsi detsi is offline
Senior Member
 
Join Date: Jan 2011
O/S: Windows Vista 32-bit
Location: UK
Posts: 139
OTL Extras logfile created on: 31/03/2012 09:33:44 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\tedisted\bios-20090430111000\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 46.37% Memory free
3.74 Gb Paging File | 2.48 Gb Available in Paging File | 66.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 35.25 Gb Free Space | 47.40% Space Free | Partition Type: NTFS
Drive E: | 73.21 Gb Total Space | 64.61 Gb Free Space | 88.25% Space Free | Partition Type: NTFS

Computer Name: TEDISTED-PC | User Name: tedisted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2960984267-221489578-840608436-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{5CBEAC83-5268-4B68-928C-B5EE507E66C4}" = rport=139 | protocol=6 | dir=out | app=system |
"{5DE590AC-8BF8-4DEC-9A05-D816EAD0C826}" = lport=445 | protocol=6 | dir=in | app=system |
"{5E744583-B0A4-4E7A-8AE1-C2DBC529175C}" = lport=139 | protocol=6 | dir=in | app=system |
"{73B3027F-E381-4B61-BE38-7C4375AF8CFC}" = rport=137 | protocol=17 | dir=out | app=system |
"{78BD1751-D3EC-4710-960F-2E9547AF534B}" = rport=138 | protocol=17 | dir=out | app=system |
"{7AEB2DD1-BAB1-4B06-8785-F0693AE0F4BF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{830F397B-5EDC-413E-82A2-F4F93BA87BC5}" = lport=137 | protocol=17 | dir=in | app=system |
"{964CBB67-4EE6-4D59-B45D-4C0F9FC01A56}" = lport=138 | protocol=17 | dir=in | app=system |
"{A5685835-6B17-491A-B0EE-BD1F19006BA4}" = rport=445 | protocol=6 | dir=out | app=system |
"{F60B510E-6C14-465E-8C7C-0EB7ADB56BC4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{159F4483-E0A1-45C9-BEBE-9BE3EB63971C}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{1E48B3F1-C864-4BE5-A7D1-B039BD66DA9B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1EA2C1BE-3E84-4B6C-8B86-47AE0F400421}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{36C4FFD5-301B-4356-A150-60ECCFD31E5E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4B679EEA-6953-447E-8BE9-E2567A9DD23E}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{6E0C6602-CB35-4A07-BCFB-21E92BC0AB38}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7CF378AF-06C4-4439-82BD-3BA375A10413}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{8F52B449-9627-4225-9F0D-681692DB1D5B}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{95649A2C-C16F-4911-8521-EAAA963243ED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A5C9E1A4-329B-4572-BC7E-78D94BDCB647}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C08F48D4-DC64-49BA-93C4-5CCE6A431DF6}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{C80E7018-52DB-49C1-86F6-0A008A3EF32B}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{DC8D1820-7FE3-4CBB-8EDD-4D1C7AA705F9}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{E281BE67-ADBB-482E-8320-D7D2B7388442}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{F05FBEAB-E460-439D-9F97-AB6C2A1B05C9}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{F5FA55A1-FA11-4911-851A-29570AD912E3}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"TCP Query User{45752E57-3B26-4D2E-8AF7-A619E23BCD0C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0E2A94A7-A926-42F7-910A-B86305F8884E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07C9627A-CA0B-2AA2-062E-204359DF7BA1}" = Catalyst Control Center Core Implementation
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D8E81A5-B61C-4360-910C-A738FD1B220A}" = Toshiba TEMPRO
"{0EFB2016-41D2-5F30-8F60-25250F6DABDD}" = CCC Help Thai
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E57A11B-AB65-C6D1-F999-B3B37AB2298E}" = Catalyst Control Center Localization Japanese
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27265B80-303E-EFFF-6052-B11F91B634C3}" = Catalyst Control Center Localization Italian
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2920435D-CE92-5024-1694-DFD43A5FF074}" = Catalyst Control Center Localization Greek
"{2CD6D3D2-1EFC-F0B4-1761-FD4FA7F8750F}" = CCC Help Finnish
"{358004B9-3A16-87FF-4487-4D6F0C70E52F}" = Catalyst Control Center Localization Russian
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{38A3E884-313A-7AE0-11BC-482DE0C8766A}" = CCC Help Czech
"{3BB12DBC-0A8E-ECE2-F179-D06B99B8CD02}" = Catalyst Control Center Localization Czech
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E0E28DC-DA90-1BA2-FA36-AA3C2E4FB74A}" = Catalyst Control Center Graphics Previews Vista
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C90501F-864B-5AC4-867D-6AC35BE50721}" = ccc-utility
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{55398A75-13E0-570F-BD16-2EE5D9E5523D}" = Catalyst Control Center Localization Norwegian
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F131988-3326-AD64-1817-D76A2FE3C2D3}" = CCC Help Chinese Traditional
"{5FBF37CD-B7F9-564C-BDFC-73D970CF7AF2}" = CCC Help Italian
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61C63422-E5E2-8576-2B82-0E01F5AD2538}" = CCC Help English
"{61F90A4F-AD49-7FFB-F027-5B2CB64F0A70}" = Catalyst Control Center Graphics Light
"{629044C7-745A-64B8-467F-2F93ED50008B}" = CCC Help Chinese Standard
"{65BF23C0-4EF9-27CC-7B6F-190F4008A569}" = Catalyst Control Center Localization Polish
"{65D602E4-DCDE-0743-6A0A-F1A203449F47}" = CCC Help German
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B4874CA-13CF-2477-B697-B448201B56B6}" = CCC Help Norwegian
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6EB0B23B-AA51-6F4E-C94C-C1015ED61EEC}" = CCC Help Japanese
"{70495081-1DC8-AD4B-C197-12138B8FBC9E}" = CCC Help Danish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B929E2-3556-93DB-DEC0-FD56D3EFB473}" = Catalyst Control Center Localization Chinese Traditional
"{71C47830-182D-79FA-0790-0366E6E2C2EB}" = Catalyst Control Center Localization Spanish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{77CAD946-C573-6647-B222-B6870C072932}" = CCC Help Korean
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E83516C-931B-870F-5CDF-01FDF9A4AEF0}" = Catalyst Control Center Localization Turkish
"{86728841-C151-B8E4-43C6-DD289DE570B6}" = Catalyst Control Center Localization Swedish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86DBA852-5D5E-1856-D828-620E792EDC0D}" = Catalyst Control Center Localization Chinese Standard
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88BA2601-8A62-7AB7-DB8A-7AA2840B7C87}" = Catalyst Control Center Localization Thai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B587895-7716-1B99-5D85-3CA4AAF8A0F4}" = Catalyst Control Center Localization Dutch
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{9244F321-0BBD-9D4A-C1FB-6437E3D0550D}" = Catalyst Control Center Localization German
"{93F3EBDD-4007-C233-7320-977AC0941054}" = CCC Help Turkish
"{94AB6CE0-DB26-7048-2A5B-4647EA1FC693}" = ccc-core-static
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A103C127-2168-4493-8D01-4BF180BED12C}" = CCC Help Portuguese
"{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}" = ATI Catalyst Install Manager
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC2EE52D-05CD-8140-5D29-5AA29590971E}" = CCC Help French
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B02A78AE-EA3B-8261-AEBC-8221E22DCC1E}" = CCC Help Polish
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B1D67B62-35A8-A9A1-AA74-F6A495C8271A}" = Catalyst Control Center Localization Danish
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BC2EA92A-A5A9-A137-5204-F150EDB05DB3}" = CCC Help Hungarian
"{BC713970-8C3C-852B-4139-636F21114B7F}" = CCC Help Dutch
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5F1A9C4-C041-2E95-5D7E-EF56CED2B522}" = Skins
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D7CC05AF-067D-0D1A-1E4D-9DCBCDCC2D41}" = Catalyst Control Center Graphics Full New
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0FC3A5D-CF52-ABA7-92EF-D9794F372121}" = Catalyst Control Center Graphics Full Existing
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}" = TOSHIBA Manuals
"{EA7D1919-A6BF-979A-E3A2-F753E23D45FA}" = Catalyst Control Center Localization Hungarian
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED2BC5D9-20EE-FBB6-8483-240F19EFCAA5}" = CCC Help Swedish
"{F0345A2F-1D78-0AEA-7CBB-CEF48622EB44}" = Catalyst Control Center Localization Portuguese
"{F0646787-1A2F-34E9-A61D-9DAD69F606F8}" = CCC Help Spanish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F50E4D66-5280-FDF8-7F55-2E47FCF23E7D}" = Catalyst Control Center Localization Korean
"{F67E6AE5-F87B-025F-2D6B-26491304393F}" = CCC Help Russian
"{F9DAAC4B-5E3F-1D39-9D4B-6998664EF402}" = Catalyst Control Center Localization Finnish
"{F9F66B99-C1B3-ACEA-1F80-404CC4DD96BF}" = Catalyst Control Center Localization French
"{FA493449-3E34-4E05-8CA7-26A42E9F180E}" = CCC Help Greek
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 10.0.3 (x86 en-US)" = Mozilla Firefox 10.0.3 (x86 en-US)
"Picasa 3" = Picasa 3
"Rapport_msi" = Rapport
"Recuva" = Recuva
"Scrabble " = Scrabble
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"SpywareBlaster_is1" = SpywareBlaster 4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/03/2012 06:49:03 | Computer Name = tedisted-PC | Source = EventSystem | ID = 4621
Description =

Error - 13/03/2012 06:52:01 | Computer Name = tedisted-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/03/2012 07:26:03 | Computer Name = tedisted-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/03/2012 08:23:40 | Computer Name = tedisted-PC | Source = WinMgmt | ID = 10
Description =

Error - 14/03/2012 08:25:40 | Computer Name = tedisted-PC | Source = WinMgmt | ID = 10
Description =

Error - 14/03/2012 08:33:18 | Computer Name = tedisted-PC | Source = WinMgmt | ID = 10
Description =

Error - 16/03/2012 08:47:19 | Computer Name = tedisted-PC | Source = WinMgmt | ID = 10
Description =

Error - 17/03/2012 05:28:22 | Computer Name = tedisted-PC | Source = EventSystem | ID = 4621
Description =

Error - 17/03/2012 05:31:42 | Computer Name = tedisted-PC | Source = WinMgmt | ID = 10
Description =

Error - 23/03/2012 05:47:51 | Computer Name = tedisted-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 16/03/2011 14:17:51 | Computer Name = tedisted-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 31/03/2012 04:40:03 | Computer Name = tedisted-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/03/2012 04:40:04 | Computer Name = tedisted-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/03/2012 04:40:04 | Computer Name = tedisted-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/03/2012 04:40:05 | Computer Name = tedisted-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/03/2012 04:40:05 | Computer Name = tedisted-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/03/2012 04:40:06 | Computer Name = tedisted-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/03/2012 04:40:06 | Computer Name = tedisted-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/03/2012 04:40:07 | Computer Name = tedisted-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/03/2012 04:40:07 | Computer Name = tedisted-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/03/2012 04:40:08 | Computer Name = tedisted-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
Reply With Quote
  #7  
Old March 31st, 2012, 10:52 AM
detsi detsi is offline
Senior Member
 
Join Date: Jan 2011
O/S: Windows Vista 32-bit
Location: UK
Posts: 139
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-31 10:48:54
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVS-26VAT0 rev.11.01A11
Running: cx633jyz.exe; Driver: C:\Users\tedisted\AppData\Local\Temp\fwryrkod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x90C560D4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x90C56CA0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x90C56EB2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x90C5A70E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x90C5A750]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x90C5A8F4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x90C56DC4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x90C5627C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x90C5647C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x90C565BC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x90C5A858]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x90C5A7A2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x90C5A7E4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x90C5A81E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x90C56062]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x90C56F64]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x90C5A696]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x90C55FE0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateProcess [0x90C55EE8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x90C55F40]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\Rap portCerberus\34302\RapportCerberus32_34302.sys ZwCreateThreadEx [0x8E252640]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 191 83EBE914 4 Bytes [D4, 60, C5, 90]
.text ntkrnlpa.exe!KeSetEvent + 1D9 83EBE95C 4 Bytes [A0, 6C, C5, 90]
.text ntkrnlpa.exe!KeSetEvent + 2D1 83EBEA54 8 Bytes [B2, 6E, C5, 90, 0E, A7, C5, ...] {MOV DL, 0x6e; LDS EDX, DWORD [EAX-0x6f3a58f2]}
.text ntkrnlpa.exe!KeSetEvent + 2E1 83EBEA64 4 Bytes [50, A7, C5, 90]
.text ntkrnlpa.exe!KeSetEvent + 381 83EBEB04 4 Bytes [F4, A8, C5, 90] {HLT ; TEST AL, 0xc5; NOP }
.text ...
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x89350000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x89399000, 0x510, 0x40000040]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8D60A000, 0x1FB52A, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1084] ntdll.dll!KiUserApcDispatcher 77B25B78 5 Bytes JMP 00414CD0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1084] kernel32.dll!LoadLibraryExW + 173 764693EF 4 Bytes JMP 71AB000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1084] WS2_32.dll!getaddrinfo 7664418A 5 Bytes JMP 71A50022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1084] WS2_32.dll!gethostbyname 766562D4 5 Bytes JMP 71AE0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3300] ntdll.dll!KiUserApcDispatcher 77B25B78 5 Bytes JMP 0043A260 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3300] kernel32.dll!LoadLibraryExW + 173 764693EF 4 Bytes JMP 71AC000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3300] USER32.dll!InSendMessageEx + 3B1 76AAE6B0 6 Bytes JMP 71AE001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3300] WS2_32.dll!getaddrinfo 7664418A 5 Bytes JMP 71A20022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3300] WS2_32.dll!gethostbyname 766562D4 5 Bytes JMP 71A60022
.text C:\Program Files\Mozilla Firefox\firefox.exe[3624] ntdll.dll!LdrLoadDll 77AE9378 5 Bytes JMP 641D5610 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3624] ntdll.dll!NtMapViewOfSection 77B24994 5 Bytes JMP 719F0022
.text C:\Program Files\Mozilla Firefox\firefox.exe[3624] ntdll.dll!KiUserApcDispatcher + E 77B25B86 5 Bytes JMP 00B898D0 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3624] kernel32.dll!LoadLibraryExW + 173 764693EF 4 Bytes JMP 71AC000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3624] kernel32.dll!SetUnhandledExceptionFilter 7646A8C5 6 Bytes PUSH 71A30022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3624] GDI32.dll!BitBlt 77CD70A6 6 Bytes PUSH 71750022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3624] USER32.dll!DdeInitializeW 76AA7921 6 Bytes PUSH 71710022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3624] USER32.dll!RegisterClassExW 76AADA30 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3624] USER32.dll!CreateWindowExA 76AADC2A 6 Bytes JMP 7192000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3624] USER32.dll!RegisterClassW 76AAE1AB 6 Bytes PUSH 71A60022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3624] USER32.dll!CreateWindowExW 76AB1305 6 Bytes JMP 7196000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3624] USER32.dll!GetMessageW 76ABFEF7 6 Bytes PUSH 71650022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3624] USER32.dll!TranslateMessage 76AC01AD 6 Bytes PUSH 715B0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3624] USER32.dll!DispatchMessageW 76AC021C 6 Bytes PUSH 716D0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3624] USER32.dll!PeekMessageW 76AC045A 6 Bytes PUSH 719B0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3624] USER32.dll!GetWindowRect 76AC0E21 6 Bytes PUSH 71610022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3624] USER32.dll!GetClipboardData 76AE715A 6 Bytes PUSH 71690022; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4712] USER32.dll!SetWindowLongA 76AAE7CD 5 Bytes JMP 645C0A9D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4712] USER32.dll!SetWindowLongW 76AB13B4 5 Bytes JMP 645C0A2F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4712] USER32.dll!GetWindowInfo 76AB428E 5 Bytes JMP 64350DDF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4712] USER32.dll!TrackPopupMenu 76AC14F3 5 Bytes JMP 6435138A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Reply With Quote
  #8  
Old March 31st, 2012, 11:24 AM
detsi detsi is offline
Senior Member
 
Join Date: Jan 2011
O/S: Windows Vista 32-bit
Location: UK
Posts: 139
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-31 10:56:44
-----------------------------
10:56:44.787 OS Version: Windows 6.0.6002 Service Pack 2
10:56:44.787 Number of processors: 1 586 0x301
10:56:44.788 ComputerName: TEDISTED-PC UserName: tedisted
10:56:46.358 Initialize success
10:56:58.805 AVAST engine defs: 12033000
10:57:07.587 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:57:07.590 Disk 0 Vendor: WDC_WD1600BEVS-26VAT0 11.01A11 Size: 152627MB BusType: 3
10:57:07.784 Disk 0 MBR read successfully
10:57:07.790 Disk 0 MBR scan
10:57:07.798 Disk 0 Windows VISTA default MBR code
10:57:07.824 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
10:57:07.950 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76154 MB offset 3074048
10:57:08.053 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 74971 MB offset 159037440
10:57:08.263 Disk 0 scanning sectors +312579760
10:57:08.823 Disk 0 scanning C:\Windows\system32\drivers
10:58:49.701 Service scanning
10:59:01.562 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
10:59:19.254 Modules scanning
11:00:59.577 Disk 0 trace - called modules:
11:00:59.674 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
11:00:59.684 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866f7030]
11:00:59.691 3 CLASSPNP.SYS[8910e8b3] -> nt!IofCallDriver -> [0x8670e918]
11:00:59.700 5 acpi.sys[8060b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x866d7b98]
11:01:00.533 AVAST engine scan C:\Windows
11:01:47.113 AVAST engine scan C:\Windows\system32
11:11:53.031 AVAST engine scan C:\Windows\system32\drivers
11:12:12.624 AVAST engine scan C:\Users\tedisted
11:15:45.082 AVAST engine scan C:\ProgramData
11:17:56.790 Scan finished successfully
11:22:30.821 Disk 0 MBR has been saved successfully to "C:\Users\tedisted\bios-20090430111000\Desktop\MBR.dat"
11:22:30.833 The log file has been saved successfully to "C:\Users\tedisted\bios-20090430111000\Desktop\aswMBR.txt"
Reply With Quote
  #9  
Old March 31st, 2012, 11:55 AM
detsi detsi is offline
Senior Member
 
Join Date: Jan 2011
O/S: Windows Vista 32-bit
Location: UK
Posts: 139
Hi Jintan, Please find logs as required.
As you will probably discover my problem still remains. Any results searched for via my Firefox address bar are coming up in Ask.com.
Reply With Quote
  #10  
Old April 1st, 2012, 12:57 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,862
I commend you on having the well known, more vulnerable software, like Adobe Reader/Flash Player, and Oracle's Java all updated. Not often we see that, though perhaps Secunia helped with that.

As far as outright issues showing, all I see is perhaps some remnant driver file of Kaspersky's I guess remote assistance program:

[2012/03/09 08:55:05 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\80066998.sys

But nothing that suggests the driver/service itself remains there. Yes, Firefox has had some unwanted adware/spyware making changes there, so let's address that, then just scan to make sure nothing else lurks that we don't see here.

------------

First, see the steps here under Disabling crash protection (On Windows :) to disable the Plugin-container. Usually that causes problems with Firefox performance.

-----------

In Firefox, go to Help - Restart with Add-ons Disabled. In that "Firefox Safe Mode" display that opens, place checks next to the following, then click "Make changes and restart".

Reset toolbars and controls

Reset all user preferences to Firefox defaults

Restore default search engines

You can change those later to whatever you prefer, but for now, too many search hijackers have altered things there.

---------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log please.
Reply With Quote
  #11  
Old April 1st, 2012, 12:59 PM
detsi detsi is offline
Senior Member
 
Join Date: Jan 2011
O/S: Windows Vista 32-bit
Location: UK
Posts: 139
Hi Jintan,
No threats found from Eset scan, so no log to post. The 'Ask' search results no longer appear. So looking good.
The last time you helped me you suggested using OTL to help clean up. Shall I proceed with that and delete manually what else I've used?
Thank you, once again, for your help and advice. I have made a small contribution as an acknowledgement of my gratitude.
Detsi.

Last edited by detsi; April 1st, 2012 at 06:28 PM.
Reply With Quote
  #12  
Old April 1st, 2012, 11:51 PM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,862
Always glad to help, and good of you to contribute to CTH. All volunteers here, but contributions offset the expense of maintaining the forum itself.

Yes, you can use OTL to remove much of what our work added there, so if you recall how to do that, go ahead and knock it out.

And if you do not plan to use Eset in the near future, just go ahead and uninstall it through Control Panel - Programs and Features.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 10:07 AM.