PDA

View Full Version : Problem with Win32.FraudLoad.edt



bflat
2009-12-29, 21:57
Hello,
Below is the HJT log requested. Spybot has detected the Win32.FraudLoad.edt and is not able to delete it. My Google and Yahoo searches are being redirected. Thank you in advance for your assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:23 PM, on 12/29/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\msa.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} (ILINCInstall102 Class) - https://content10.ilinc.com/download/AXCltInstall.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DA25EE3A-530B-4494-AA8A-AA52557E37B6} (LinkedIn Signature Control) - http://www.linkedin.com/cab/LinkedInSignatureControl.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/mwmus/tool/systemcheck/ieatgpc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\DEFEND~1\DEFEND~1.0\adialhk.dll,C:\PROGRA~1\DEFEND~1\DEFEND~1.0\r3hook.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Defender Pro Internet Security (AVP) - Defender Pro - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 14530 bytes

Shaba
2010-01-01, 16:50
Hi bflat

Please post spybot report next :)

bflat
2010-01-01, 20:57
This is a rather large file. I will have to send it in pieces.

--- Search result list ---
Win32.FraudLoad.edt: [SBI $47454F1F] Executable (File, nothing done)
C:\Windows\msa.exe
Properties.size=178688
Properties.md5=C6F6EA5A0EBD353FC27AB05C54D862E1
Properties.filedate=1230517520
Properties.filedatetext=2008-12-28 20:25:20

Right Media: Tracking cookie (Internet Explorer: Brent) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-02-18 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-09-07 advcheck.dll (1.6.4.18)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-10-08 Includes\Adware.sbi (*)
2009-12-22 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2009-12-22 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-12-22 Includes\HijackersC.sbi (*)
2009-12-15 Includes\Keyloggers.sbi (*)
2009-12-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-12-15 Includes\Malware.sbi (*)
2009-12-23 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-12-15 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-12-22 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2009-12-22 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-12-08 Includes\Trojans.sbi (*)
2009-12-22 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, 00TCrdMain
command: C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
file: C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
size: 712704
MD5: E9E5692F51D6032A1105C7BE27FC0BAE

Located: HK_LM:Run, Acrobat Assistant 8.0
command: "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
file: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
size: 623992
MD5: 4A0BBDF88636F2EF08420BDCD343D286

Located: HK_LM:Run, AppleSyncNotifier
command: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
file: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
size: 177440
MD5: 633B66014DDEDA70C21CFD327BDC214A

Located: HK_LM:Run, AVP
command: "C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe"
file: C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe
size: 943680
MD5: B0683CAAAED1FFCE824614B64AFB44F5

Located: HK_LM:Run, Camera Assistant Software
command: "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
file: C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
size: 413696
MD5: 137962BA4B4B60A0E5F12D6C9DFA4C2F

Located: HK_LM:Run, GrooveMonitor
command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 31072
MD5: 644795F6985C740F5E36E9336B837D0B

Located: HK_LM:Run, HotKeysCmds
command: C:\Windows\system32\hkcmd.exe
file: C:\Windows\system32\hkcmd.exe
size: 154136
MD5: A13F4ABCD303F04A805155F6049D1CB2

Located: HK_LM:Run, HSON
command: %ProgramFiles%\TOSHIBA\TBS\HSON.exe
file: C:\Program Files\TOSHIBA\TBS\HSON.exe
size: 54608
MD5: 5F0D3BD87EA98332B5B1D5B86C40FBF9

Located: HK_LM:Run, IgfxTray
command: C:\Windows\system32\igfxtray.exe
file: C:\Windows\system32\igfxtray.exe
size: 141848
MD5: 1FE2E92576ED4BC83FFA4FDB2831C3B2

Located: HK_LM:Run, jswtrayutil
command: "C:\Program Files\Jumpstart\jswtrayutil.exe"
file: C:\Program Files\Jumpstart\jswtrayutil.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Kernel and Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\Windows\KHALMNPR.EXE
size: 69632
MD5: 90E4ED0445F73CA0D625023BBBF426D1

Located: HK_LM:Run, NDSTray.exe
command: NDSTray.exe
file: NDSTray.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Persistence
command: C:\Windows\system32\igfxpers.exe
file: C:\Windows\system32\igfxpers.exe
size: 129560
MD5: 4F535C9ECC352167B2F5B26D38A247BD

Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 4911104
MD5: 99C1D6B7C36C891EC099AA8D120185C4

Located: HK_LM:Run, SmoothView
command: %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
file: C:\Program Files\Toshiba\SmoothView\SmoothView.exe
size: 448080
MD5: 4E72F2DC0A0B2D48C70F7EE5D3B84B93

Located: HK_LM:Run, SMSTray
command: C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
file: C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
size: 132624
MD5: D2084C2112CBA266E08ED2A601E3C020

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1029416
MD5: 98888488D0E6DB0256E5E661BCD35EB6

Located: HK_LM:Run, TPwrMain
command: %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
file: C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
size: 431456
MD5: B0674AE101707D21F9E30484D6465704

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_CU:Run, AdobeBridge
where: S-1-5-21-874491842-3916550555-3844517252-1000...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, B1RQJ7YJ0U
where: S-1-5-21-874491842-3916550555-3844517252-1000...
command: C:\Windows\msa.exe
file: C:\Windows\msa.exe
size: 178688
MD5: C6F6EA5A0EBD353FC27AB05C54D862E1

Located: HK_CU:Run, CollaborationHost
where: S-1-5-21-874491842-3916550555-3844517252-1000...
command: C:\Windows\system32\p2phost.exe -s
file: C:\Windows\system32\p2phost.exe
size: 192000
MD5: 0B729DBAE22BCEACB1FA39B19748EBDC

Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-874491842-3916550555-3844517252-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C

Located: HK_CU:Run, swg
where: S-1-5-21-874491842-3916550555-3844517252-1000...
command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD

Located: HK_CU:Run, TOSCDSPD
where: S-1-5-21-874491842-3916550555-3844517252-1000...
command: TOSCDSPD.EXE
file: TOSCDSPD.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-874491842-3916550555-3844517252-1000...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D

Located: Startup (common), Device Detector 3.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
file: C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
size: 163840
MD5: 286DE2C0610B00C27F5EB65FD1B565D6

Located: Startup (common), Directrec Configuration Tool.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe
file: C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe
size: 122880
MD5: 39A060BC3A759DBAD730DDC7FAA0D148

Located: Startup (common), Logitech SetPoint.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
file: C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 809488
MD5: BEE697E8F1C3D88F5DCB14E3B246B6CB

Located: Startup (user), ERUNT AutoBackup.lnk
where: C:\Users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\ERUNT\AUTOBACK.EXE
file: C:\Program Files\ERUNT\AUTOBACK.EXE
size: 38912
MD5: E00DE20F0F6BED5CD2160247DDC9443B

Located: Startup (disabled), Device Detector 2 (DISABLED)
command: C:\PROGRA~1\Olympus\DEVICE~1\DevDtct2.exe
file: C:\PROGRA~1\Olympus\DEVICE~1\DevDtct2.exe
size: 163840
MD5: 286DE2C0610B00C27F5EB65FD1B565D6

Located: Startup (disabled), DisplayKEY eSYNC Info (DISABLED)
command: C:\PROGRA~1\GESECU~1\SYNCIN~1.EXE
file: C:\PROGRA~1\GESECU~1\SYNCIN~1.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (disabled), HotSync Manager (DISABLED)
command: C:\PROGRA~1\Palm\Hotsync.exe
file: C:\PROGRA~1\Palm\Hotsync.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (disabled), HP Digital Imaging Monitor (DISABLED)
command: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
file: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
size: 210520
MD5: F14219FC767F1383526AB423F278A8E3

Located: Startup (disabled), BounceBack Launcher (DISABLED)
command: C:\PROGRA~1\CMSPRO~1\BOUNCE~1\BBLAUN~1.EXE
file: C:\PROGRA~1\CMSPRO~1\BOUNCE~1\BBLAUN~1.EXE
size: 93888
MD5: 93FBE1EB252E7D2EF34B08200FC7D41C

Located: Startup (disabled), OneNote 2007 Screen Clipper and Launcher (DISABLED)
command: C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE /tsr
file: C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE
size: 98696
MD5: A6D772AA861E673636D48B6EB452ADE3

Located: Startup (disabled), YPOPs (DISABLED)
command: C:\PROGRA~1\YPOPs\YPOPs.exe
file: C:\PROGRA~1\YPOPs\YPOPs.exe
size: 528384
MD5: 8E59C4284CFD83DDDA7B013BFA664CD4

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, klogon
command: C:\Windows\system32\klogon.dll
file: C:\Windows\system32\klogon.dll
size: 204800
MD5: A4AB1988A6D0B2D2056170BB38E2F9E7

bflat
2010-01-01, 21:00
Part 2
--- Browser helper object list ---
{053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: HP Print Clips
Path: C:\Program Files\HP\Smart Web Printing\
Long name: hpswp_framework.dll
Short name: HPSWP_~3.DLL
Date (created): 3/2/2007 3:52:08 PM
Date (last access): 8/26/2008 2:25:06 PM
Date (last write): 3/2/2007 3:52:08 PM
Filesize: 177768
Attributes: readonly
MD5: A40456DE4EF7E318104955361C72AC9D
CRC32: 6F06AAE2
Version: 2.15.7.0

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\Program Files\Microsoft Office\Office12\
Long name: GrooveShellExtensions.dll
Short name: GRA8E1~1.DLL
Date (created): 2/12/2009 3:19:32 PM
Date (last access): 11/18/2009 12:04:34 PM
Date (last write): 2/12/2009 3:19:32 PM
Filesize: 2217848
Attributes: archive
MD5: A6B5A41C0ED007AB6C43CAD899E533D8
CRC32: BA078F79
Version: 12.0.6421.1000

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: C:\Program Files\Google\Google Toolbar\
Long name: GoogleToolbar_32.dll
Short name: GOOGLE~2.DLL
Date (created): 7/24/2009 12:51:08 PM
Date (last access): 7/24/2009 12:51:08 PM
Date (last write): 12/2/2009 7:34:48 PM
Filesize: 263280
Attributes: archive
MD5: 6CAC864C230B5E520AD054CF2DD66D59
CRC32: 7E94DC92
Version: 6.3.1014.1517

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\
Long name: swg.dll
Short name:
Date (created): 12/2/2009 9:27:36 PM
Date (last access): 12/2/2009 9:27:36 PM
Date (last write): 12/2/2009 9:27:36 PM
Filesize: 764912
Attributes: archive
MD5: CD91E666B2446530583FBFFCF537BE4C
CRC32: 34534F50
Version: 5.4.4525.1752

{CC7E636D-39AA-49b6-B511-65413DA137A1} (IE Developer Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: IE Developer Toolbar BHO
Path: C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\
Long name: IEDevToolbar.dll
Short name: IEDEVT~1.DLL
Date (created): 3/1/2007 2:05:42 PM
Date (last access): 9/12/2008 7:56:16 PM
Date (last write): 3/1/2007 2:05:42 PM
Filesize: 623992
Attributes:
MD5: D89FBD68928E85F266CF8F4162719B9B
CRC32: B1353241
Version: 1.0.2188.0

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 1/14/2009 11:36:34 AM
Date (last access): 1/14/2009 11:36:34 AM
Date (last write): 1/14/2009 11:36:34 AM
Filesize: 34816
Attributes:
MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162
CRC32: D7C13FB2
Version: 6.0.110.3

bflat
2010-01-01, 21:00
Part 3
--- ActiveX list ---
{03A89EFD-E023-A200-A22D-45F77558EB4C} (ILINCInstall102 Class)
DPF name:
CLSID name: ILINCInstall102 Class
Installer:
Codebase: https://content10.ilinc.com/download/AXCltInstall.dll
Path: C:\Windows\Downloaded Program Files\
Long name: AXCltInstall.dll
Short name: AXCLTI~1.DLL
Date (created): 2/8/2009 1:26:56 PM
Date (last access): 2/8/2009 1:26:56 PM
Date (last write): 2/8/2009 1:26:52 PM
Filesize: 632608
Attributes:
MD5: 523F158E9278A8C482F40A2534A5C841
CRC32: AFE3E469
Version: 10.2.1.2088

{0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control)
DPF name:
CLSID name: Facebook Photo Uploader 5 Control
Installer: C:\Windows\Downloaded Program Files\PhotoUploader5.inf
Codebase: http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
Path: C:\Windows\Downloaded Program Files\
Long name: PhotoUploader5.ocx
Short name: PHOTOU~1.OCX
Date (created): 10/10/2008 2:44:58 PM
Date (last access): 10/10/2008 2:44:58 PM
Date (last write): 10/10/2008 2:44:58 PM
Filesize: 3536384
Attributes:
MD5: 3F703EC5DB5638C08008132A78430136
CRC32: AB0E6745
Version: 5.5.8.0

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\Windows\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 2/6/2009 12:35:56 PM
Date (last access): 2/6/2009 12:35:56 PM
Date (last write): 2/6/2009 12:35:56 PM
Filesize: 1486208
Attributes:
MD5: 937A55210D8B8B75F017C79958ECE7D3
CRC32: CA9CD645
Version: 1.9.9.1

{4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control)
DPF name:
CLSID name: DLM Control
Installer: C:\Windows\Downloaded Program Files\DownloadManagerV2.inf
Codebase: http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
Path: C:\Windows\DOWNLO~1\
Long name: DownloadManagerV2.ocx
Short name: DOWNLO~1.OCX
Date (created): 5/20/2009 11:18:42 AM
Date (last access): 5/20/2009 11:18:42 AM
Date (last write): 5/20/2009 11:18:42 AM
Filesize: 45056
Attributes:
MD5: 352AB6C3942E509332DEC566AABCFD62
CRC32: F6DC3A02
Version: 2.2.5.0

{48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control)
DPF name:
CLSID name: MySpace Uploader Control
Installer: C:\Windows\Downloaded Program Files\MySpaceUploader.inf
Codebase: http://lads.myspace.com/upload/MySpaceUploader1006.cab
Path: C:\Windows\Downloaded Program Files\
Long name: MySpaceUploader.ocx
Short name: MYSPAC~1.OCX
Date (created): 2/1/2008 3:17:04 AM
Date (last access): 2/1/2008 3:17:04 AM
Date (last write): 2/1/2008 3:17:04 AM
Filesize: 2637440
Attributes:
MD5: 2245B3CAE09AF148D983F88F62153628
CRC32: A47295FA
Version: 1.0.0.6

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 1/14/2009 11:36:34 AM
Date (last access): 1/14/2009 11:36:34 AM
Date (last write): 1/14/2009 11:36:34 AM
Filesize: 94208
Attributes:
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 1/14/2009 11:36:34 AM
Date (last access): 1/14/2009 11:36:34 AM
Date (last write): 1/14/2009 11:36:34 AM
Filesize: 94208
Attributes:
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 1/14/2009 11:36:34 AM
Date (last access): 1/14/2009 11:36:34 AM
Date (last write): 1/14/2009 11:36:34 AM
Filesize: 94208
Attributes:
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_11.dll
Short name: NPJPI1~1.DLL
Date (created): 1/14/2009 11:36:34 AM
Date (last access): 1/14/2009 11:36:34 AM
Date (last write): 1/14/2009 11:36:34 AM
Filesize: 132504
Attributes:
MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
CRC32: CECB5751
Version: 6.0.110.3

{D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class)
DPF name:
CLSID name: CRLDownloadWrapper Class
Installer:
Codebase: http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Path: C:\Windows\Downloaded Program Files\
Long name: crlocx.ocx
Short name:
Date (created): 12/13/2008 7:17:18 PM
Date (last access): 12/13/2008 7:17:18 PM
Date (last write): 12/13/2008 7:17:18 PM
Filesize: 43760
Attributes:
MD5: 83412AE824500F533C22599DCAE43F1A
CRC32: AB100875
Version: 1.0.0.1

{DA25EE3A-530B-4494-AA8A-AA52557E37B6} (LinkedIn Signature Control)
DPF name:
CLSID name: LinkedIn Signature Control
Installer: C:\Windows\Downloaded Program Files\SignatureControl.inf
Codebase: http://www.linkedin.com/cab/LinkedInSignatureControl.cab
description:
classification: Open for discussion
known filename: LINKED~1.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\DOWNLO~1\
Long name: LinkedInSignatureControl.dll
Short name: LINKED~1.DLL
Date (created): 8/27/2008 8:02:48 PM
Date (last access): 6/11/2007 11:03:10 PM
Date (last write): 8/27/2008 8:02:48 PM
Filesize: 703488
Attributes:
MD5: E491336AE206B4896430B255A288F54F
CRC32: 2F6AFEC3
Version: 2.5.1.1889

{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
DPF name:
CLSID name: GpcContainer Class
Installer: C:\Windows\Downloaded Program Files\ieatgpc.inf
Codebase: https://mwmus.webex.com/mwmus/tool/systemcheck/ieatgpc.cab
description:
classification: Legitimate
known filename: ieatgpc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: ieatgpc.dll
Short name:
Date (created): 2/26/2007 2:10:16 AM
Date (last access): 2/26/2007 2:10:16 AM
Date (last write): 2/26/2007 2:10:16 AM
Filesize: 88134
Attributes:
MD5: B454F37295321536ACDB828109B4DC4C
CRC32: 45F26F11
Version: 2.1.0.0

bflat
2010-01-01, 21:02
Part 4
--- Process list ---
PID: 2676 (1272) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 59903071D7ACE6A02093C47E9E38AF97
PID: 2816 (1312) C:\Windows\system32\taskeng.exe
size: 169472
MD5: 5F109032CE46B7184ED9E50F9FE8489E
PID: 3192 (2632) C:\Windows\Explorer.EXE
size: 2927104
MD5: 4F554999D7D5F05DAAEBBA7B5BA1089D
PID: 3660 (3192) C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe
size: 943680
MD5: B0683CAAAED1FFCE824614B64AFB44F5
PID: 3684 (3192) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 31072
MD5: 644795F6985C740F5E36E9336B837D0B
PID: 3728 (3192) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
size: 623992
MD5: 4A0BBDF88636F2EF08420BDCD343D286
PID: 3736 (3192) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
size: 712704
MD5: E9E5692F51D6032A1105C7BE27FC0BAE
PID: 3748 (3192) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
size: 1056768
MD5: DBC3E8226BE6FE67FAE94025C80FE907
PID: 3756 (3192) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1029416
MD5: 98888488D0E6DB0256E5E661BCD35EB6
PID: 3764 (3192) C:\Windows\RtHDVCpl.exe
size: 4911104
MD5: 99C1D6B7C36C891EC099AA8D120185C4
PID: 3776 (3192) C:\Windows\System32\igfxpers.exe
size: 129560
MD5: 4F535C9ECC352167B2F5B26D38A247BD
PID: 3812 (3192) C:\Windows\System32\hkcmd.exe
size: 154136
MD5: A13F4ABCD303F04A805155F6049D1CB2
PID: 3828 (3192) C:\Windows\System32\igfxtray.exe
size: 141848
MD5: 1FE2E92576ED4BC83FFA4FDB2831C3B2
PID: 3836 (3192) C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345
PID: 3848 (3192) C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
size: 132624
MD5: D2084C2112CBA266E08ED2A601E3C020
PID: 3872 (3192) C:\Windows\ehome\ehtray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
PID: 3896 ( 956) C:\Windows\system32\igfxsrvc.exe
size: 252440
MD5: DF14865FD7961D9D4FA5A2A3C2F33560
PID: 3904 (3192) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
size: 430080
MD5: 137149B37E9C9DBDE30E4C40867252E4
PID: 3940 (3192) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD
PID: 3956 (3192) C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
size: 163840
MD5: 286DE2C0610B00C27F5EB65FD1B565D6
PID: 3988 (3192) C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 809488
MD5: BEE697E8F1C3D88F5DCB14E3B246B6CB
PID: 3240 (3988) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
size: 76304
MD5: D0403FF0524EE70DC8E956B09A2E004E
PID: 988 (3192) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
PID: 3340 ( 956) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 0F4195B9B348DE5CF9B822F81704B20E
PID: 4528 (3748) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
size: 405504
MD5: F064D3DA9BCEC02D9782D39446603DCA
PID: 4704 ( 956) C:\Windows\system32\wbem\unsecapp.exe
size: 37888
MD5: 25873356E52849C3F5B3F1B02317E8C8
PID: 5192 (3660) C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
size: 206152
MD5: 24B30C512A70DD81EE26A401F69CC8A9
PID: 2800 (1312) C:\Windows\system32\wuauclt.exe
size: 53472
MD5: 62BB79160F86CD962F312C68C6239BFD
PID: 3184 (6116) C:\Program Files\Internet Explorer\ieuser.exe
size: 299520
MD5: 5B2E1C16A2C420F60CD391B666003F14
PID: 3628 (3332) C:\Program Files\Internet Explorer\iexplore.exe
size: 634632
MD5: 79B60CC26404F8FC2B351A7551D93C17
PID: 5292 (3184) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
size: 285296
MD5: 26BD2AD330B1F1246996DB6075028607
PID: 4364 ( 956) C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
size: 173672
MD5: B850459C3CB463CF45D727D25202FB2C
PID: 5288 ( 956) C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
size: 257440
MD5: AE619F242F2CE340F3B33DDEAA88248D
PID: 5672 (3192) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4840 (2816) C:\Windows\msa.exe
size: 178688
MD5: C6F6EA5A0EBD353FC27AB05C54D862E1
PID: 5988 ( 956) C:\Windows\system32\DllHost.exe
size: 7168
MD5: BE01E566D1F569AAB32D0335613E1EEA
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 572 ( 4) smss.exe
size: 64000
PID: 644 ( 632) csrss.exe
size: 6144
PID: 688 ( 632) wininit.exe
size: 96768
PID: 700 ( 680) csrss.exe
size: 6144
PID: 736 ( 688) services.exe
size: 279040
PID: 752 ( 688) lsass.exe
size: 9728
PID: 760 ( 688) lsm.exe
size: 229888
PID: 828 ( 680) winlogon.exe
size: 314880
PID: 956 ( 736) svchost.exe
size: 21504
PID: 1008 ( 736) PresentationFontCache.exe
PID: 1056 ( 736) svchost.exe
size: 21504
PID: 1172 ( 736) svchost.exe
size: 21504
PID: 1272 ( 736) svchost.exe
size: 21504
PID: 1312 ( 736) svchost.exe
size: 21504
PID: 1372 (1172) audiodg.exe
size: 88064
PID: 1408 ( 736) SLsvc.exe
size: 2623488
PID: 1460 ( 736) svchost.exe
size: 21504
PID: 1652 ( 736) svchost.exe
size: 21504
PID: 1832 ( 736) spoolsv.exe
size: 125952
PID: 1860 ( 736) svchost.exe
size: 21504
PID: 624 ( 736) ACService.exe
PID: 632 ( 736) agrsmsvc.exe
size: 9216
PID: 952 ( 736) AppleMobileDeviceService.exe
PID: 1196 ( 736) SyncServicesBasics.exe
PID: 1484 ( 736) mDNSResponder.exe
PID: 1516 ( 736) CFSvcs.exe
PID: 2084 ( 736) DM1Service.exe
PID: 2116 ( 736) svchost.exe
size: 21504
PID: 2208 ( 736) svchost.exe
size: 21504
PID: 2248 ( 736) pinger.exe
PID: 2304 ( 736) svchost.exe
size: 21504
PID: 2332 ( 736) svchost.exe
size: 21504
PID: 2360 ( 736) svchost.exe
size: 21504
PID: 2376 ( 736) swupdtmr.exe
PID: 2452 ( 736) TNaviSrv.exe
PID: 2480 ( 736) TODDSrv.exe
size: 129632
PID: 2568 ( 736) TosCoSrv.exe
PID: 2660 (1312) taskeng.exe
size: 169472
PID: 2740 ( 736) TosIPCSrv.exe
PID: 2840 ( 736) ULCDRSvr.exe
PID: 2872 ( 736) svchost.exe
size: 21504
PID: 2904 ( 736) SearchIndexer.exe
size: 439808
PID: 3000 ( 736) SDWinSec.exe
PID: 3108 (1272) WUDFHost.exe
size: 142336
PID: 3516 (1312) taskeng.exe
size: 169472
PID: 620 ( 736) wmpnetwk.exe
PID: 4732 ( 956) WmiPrvSE.exe
PID: 4992 ( 736) FNPLicensingService.exe
PID: 5240 ( 736) avz.exe
PID: 5616 (3756) SynTPHelper.exe
PID: 7704 ( 736) iPodService.exe
PID: 4240 (2660) FastBrowserSearchProtection.exe
PID: 6616 (2248) Ivpsvmgr.exe
PID: 5536 (2904) SearchProtocolHost.exe
size: 184832
PID: 4968 (2904) SearchFilterHost.exe
size: 87552


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 1/1/2009 12:50:22 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.toshibadirect.com/dpdstart
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.toshibadirect.com/dpdstart
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896

bflat
2010-01-01, 21:08
****I've attached below the results of the Win32FraudLoad.edt error which is much smaller than the file I have been trying to attach. If you require the larger fiile (over 200,000 charachters) please let me know and I will provide.

Thanks****

Win32.FraudLoad.edt: [SBI $47454F1F] Executable (File, nothing done)
C:\Windows\msa.exe
Properties.size=178688
Properties.md5=C6F6EA5A0EBD353FC27AB05C54D862E1
Properties.filedate=1230517520
Properties.filedatetext=2008-12-28 20:25:20

Right Media: Tracking cookie (Internet Explorer: Brent) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-02-18 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-09-07 advcheck.dll (1.6.4.18)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-10-08 Includes\Adware.sbi (*)
2009-12-22 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2009-12-22 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-12-22 Includes\HijackersC.sbi (*)
2009-12-15 Includes\Keyloggers.sbi (*)
2009-12-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-12-15 Includes\Malware.sbi (*)
2009-12-23 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-12-15 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-12-22 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2009-12-22 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-12-08 Includes\Trojans.sbi (*)
2009-12-22 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Shaba
2010-01-02, 15:08
That's fine :)

Download at your desktop DDS from one of the links below:

Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://www.forospyware.com/sUBs/dds)

Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finish it will open 2 reports.
Copy/paste both reports back here and remove DDS from your desktop.

bflat
2010-01-02, 21:11
Here's the DDS.txt report:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Brent at 13:07:11.86 on Fri 01/02/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3061.1617 [GMT -6:00]

AV: Defender Pro Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Defender Pro Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Defender Pro Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\msa.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe
C:\Windows\Explorer.EXE
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQB1P0DR\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar =
uSearch Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title =
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
uRun: [AdobeBridge]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [B1RQJ7YJ0U] c:\windows\msa.exe
mRun: [<NO NAME>]
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AVP] "c:\program files\defender pro\defender pro internet security 6.0\avp.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SMSTray] c:\program files\samsung\samsung media studio 5\SMSTray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
StartupFolder: c:\users\brent\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\direct~1.lnk - c:\program files\olympus\devicedetector\DirectrecConfig.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\defender pro\defender pro internet security 6.0\ie_banner_deny.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\defender pro\defender pro internet security 6.0\scieplugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: heartlandmlsweb.com\www
DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {DA25EE3A-530B-4494-AA8A-AA52557E37B6} - hxxp://www.linkedin.com/cab/LinkedInSignatureControl.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mwmus.webex.com/mwmus/tool/systemcheck/ieatgpc.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\defend~1\defend~1.0\adialhk.dll,c:\progra~1\defend~1\defend~1.0\r3hook.dll c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL

============= SERVICES / DRIVERS ===============

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-7-28 20352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2007-1-25 20760]
R2 AVP;Defender Pro Internet Security;c:\program files\defender pro\defender pro internet security 6.0\avz.exe [2007-8-14 206152]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-8-23 1153368]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-13 7168]
R3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2008-12-30 16384]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-7-28 937984]

=============== Created Last 30 ================

2009-12-24 03:59:49 0 d-----w- c:\programdata\Sony
2009-12-24 03:59:07 0 d-----w- c:\program files\Sony
2009-12-23 19:56:48 0 d-----w- c:\users\brent\appdata\roaming\BitTorrent
2009-12-23 19:56:46 0 d-----w- c:\program files\BitTorrent
2009-12-10 14:17:55 0 d-----w- c:\programdata\ArcSoft
2009-12-10 14:16:49 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2009-12-09 20:17:10 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 20:17:09 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 20:17:09 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-08 19:14:46 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-08 19:14:46 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-06 23:02:41 0 d-----w- c:\program files\iPod
2009-12-06 23:02:38 0 d-----w- c:\program files\iTunes
2009-11-26 09:01:19 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 13:09:34 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 13:09:33 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 13:09:29 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-12 00:17:25 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-12 00:17:14 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-11 05:08:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-11-11 05:08:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2009-11-09 03:23:08 0 d-----w- c:\users\brent\appdata\roaming\PeaZip
2009-11-09 03:22:55 0 d-----w- c:\program files\PeaZip
2009-10-29 15:50:31 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-29 15:50:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-23 22:24:00 73728 ----a-w- c:\windows\system32\DSSUSB1.DLL
2009-10-23 22:24:00 69632 ----a-w- c:\windows\system32\DM1USBAPI.dll
2009-10-23 22:24:00 57344 ----a-w- c:\windows\system32\StrDevCheck.dll
2009-10-23 22:24:00 49152 ----a-w- c:\windows\system32\DSSUSBF.dll
2009-10-23 22:24:00 49152 ----a-w- c:\windows\system32\DSSUSB.DLL
2009-10-23 22:24:00 45056 ----a-w- c:\windows\system32\DM1USBAPIVB.dll
2009-10-23 22:24:00 39071 ----a-w- c:\windows\system32\drivers\DSSUSB1.SYS
2009-10-23 22:24:00 33363 ----a-w- c:\windows\system32\drivers\DSSUSB.SYS
2009-10-23 22:24:00 27326 ----a-w- c:\windows\system32\drivers\DM_1USB.sys
2009-10-23 22:24:00 25381 ----a-w- c:\windows\system32\drivers\DSSUSBF.sys
2009-10-23 22:21:54 0 d-----w- c:\program files\common files\Olympus Shared
2009-10-14 21:15:06 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 21:14:34 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 21:14:32 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 21:14:17 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-14 21:14:16 80896 ----a-w- c:\windows\system32\MSNP.ax
2009-10-14 21:14:16 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-14 21:14:16 217088 ----a-w- c:\windows\system32\psisrndr.ax
2009-10-14 21:14:16 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2009-10-14 21:13:50 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 21:13:48 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 21:13:44 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-07 18:16:49 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-07 18:16:14 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-07 18:15:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-07 18:15:59 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-09-29 12:40:38 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-29 12:40:38 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-29 12:39:08 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-22 18:02:30 0 dc----w- C:\perflogs
2009-09-22 00:25:55 0 d-----w- c:\windows\BounceBack
2009-09-09 21:11:21 897608 ------w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 21:11:20 9728 ------w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 21:11:20 27136 ------w- c:\windows\system32\NETSTAT.EXE
2009-09-09 21:11:20 19968 ------w- c:\windows\system32\ARP.EXE
2009-09-09 21:11:20 104960 ------w- c:\windows\system32\netiohlp.dll
2009-09-09 21:11:19 8704 ------w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 21:11:19 17920 ------w- c:\windows\system32\ROUTE.EXE
2009-09-09 21:11:19 17920 ------w- c:\windows\system32\netevent.dll
2009-09-09 21:11:19 11264 ------w- c:\windows\system32\MRINFO.EXE
2009-09-09 21:11:19 10240 ------w- c:\windows\system32\finger.exe
2009-09-09 21:10:46 2501921 ------w- c:\windows\system32\wlan.tmf
2009-09-09 21:10:45 513024 ------w- c:\windows\system32\wlansvc.dll
2009-09-09 21:10:45 302592 ------w- c:\windows\system32\wlansec.dll
2009-09-09 21:10:45 293376 ------w- c:\windows\system32\wlanmsm.dll
2009-09-09 21:10:45 127488 ------w- c:\windows\system32\L2SecHC.dll
2009-09-09 21:10:41 2868224 ------w- c:\windows\system32\mf.dll
2009-09-02 13:24:27 499712 ------w- c:\windows\system32\kerberos.dll
2009-09-02 13:24:27 175104 ------w- c:\windows\system32\wdigest.dll
2009-09-02 13:24:27 1256448 ------w- c:\windows\system32\lsasrv.dll
2009-09-02 13:24:26 9728 ------w- c:\windows\system32\lsass.exe
2009-09-02 13:24:26 72704 ------w- c:\windows\system32\secur32.dll
2009-09-02 13:24:26 439896 ------w- c:\windows\system32\drivers\ksecdd.sys
2009-09-02 13:24:26 270848 ------w- c:\windows\system32\schannel.dll
2009-09-02 13:24:17 28672 ------w- c:\windows\system32\Apphlpdm.dll
2009-09-02 13:24:16 4240384 ------w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:42:52 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 20:22:21 0 d-----w- c:\users\brent\appdata\roaming\eBookPro6
2009-08-11 22:47:56 71680 ------w- c:\windows\system32\atl.dll
2009-08-11 22:47:52 160256 ------w- c:\windows\system32\wkssvc.dll
2009-08-11 22:47:46 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 22:47:46 313344 ------w- c:\windows\system32\wmpdxm.dll
2009-08-11 22:47:45 4096 ----a-w- c:\windows\system32\msdxm.ocx
2009-08-11 22:47:45 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 22:47:44 43520 ------w- c:\windows\system32\msdxm.tlb
2009-08-11 22:47:44 18432 ------w- c:\windows\system32\amcompat.tlb
2009-08-11 22:47:40 91136 ------w- c:\windows\system32\avifil32.dll
2009-08-11 22:47:37 2066432 ------w- c:\windows\system32\mstscax.dll
2009-08-03 21:05:05 0 dc----w- C:\GEORGE
2009-07-21 06:05:40 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-07-15 12:02:14 0 d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-15 12:00:18 0 d-----w- c:\program files\Bonjour
2009-07-15 11:42:57 72704 ------w- c:\windows\system32\fontsub.dll
2009-07-15 11:42:57 289792 ------w- c:\windows\system32\atmfd.dll
2009-07-15 11:42:57 156672 ------w- c:\windows\system32\t2embed.dll
2009-07-15 11:42:57 10240 ------w- c:\windows\system32\dciman32.dll
2009-06-21 21:17:52 255352 ------w- c:\windows\system32\awrdscdc.ax
2009-06-21 21:17:33 0 d-----w- c:\program files\Audible
2009-06-11 20:15:10 636928 ------w- c:\windows\system32\localspl.dll
2009-06-11 20:15:07 784896 ------w- c:\windows\system32\rpcrt4.dll
2009-05-21 18:43:56 0 d-----w- c:\program files\Coupons
2009-05-05 14:00:37 0 d-----w- c:\program files\Microsoft User Agent String Utility
2009-05-04 23:25:00 57344 ------w- c:\windows\system32\MTXSYNCICON.dll
2009-05-04 23:25:00 245760 ------w- c:\windows\system32\MSCLib.dll
2009-05-04 23:25:00 155648 ------w- c:\windows\system32\MSFLib.dll
2009-05-04 23:25:00 15120 ------w- c:\windows\system32\PDINFO.xpd
2009-05-04 23:24:59 40960 ------w- c:\windows\system32\MTTELECHIP.dll
2009-05-04 23:24:59 364544 ------w- c:\windows\system32\MASetupWizard.dll
2009-05-04 23:24:59 24576 ------w- c:\windows\system32\MASetupCleaner.exe
2009-05-04 23:24:58 57344 ------w- c:\windows\system32\MK_Lyric.dll
2009-05-04 23:24:58 49152 ------w- c:\windows\system32\MaJGUILib.dll
2009-05-04 23:24:58 45056 ------w- c:\windows\system32\MaXMLProto.dll
2009-05-04 23:24:58 45056 ------w- c:\windows\system32\MACXMLProto.dll
2009-05-04 23:24:58 3262 ------w- c:\windows\system32\MPXBox.ico
2009-05-04 23:24:58 106609 ------w- c:\windows\system32\MaJUtilLib.dll
2009-05-04 23:24:46 397429 ------w- c:\windows\system32\PixtreeMP4FormatWriter.ax
2009-05-04 23:19:47 0 d-----w- c:\program files\Amazon
2009-04-24 08:17:43 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-23 19:09:40 31936 ------w- c:\windows\system32\BBUninstall.exe
2009-04-23 19:09:04 0 d-----w- c:\program files\CMS Products
2009-04-22 14:28:54 0 d-----w- c:\users\brent\appdata\roaming\CrystalButton
2009-04-02 01:26:48 0 d-----w- c:\program files\Fast Browser SearchP
2009-03-30 23:16:58 0 d-----w- c:\program files\Lame for Audacity
2009-03-30 23:03:06 0 d-----w- c:\program files\DivX
2009-03-30 23:03:01 0 d-----w- c:\program files\common files\DivX Shared
2009-03-28 18:42:33 0 d-----w- c:\users\brent\appdata\roaming\LinkedIn
2009-03-28 18:42:10 0 d-----w- c:\program files\LinkedIn
2009-03-16 19:38:59 0 d-----w- c:\program files\GoldWave
2009-03-16 01:49:20 87608 ------w- c:\users\brent\appdata\roaming\inst.exe
2009-03-16 01:49:20 47360 ------w- c:\windows\system32\drivers\pcouffin.sys
2009-03-16 01:49:20 47360 ------w- c:\users\brent\appdata\roaming\pcouffin.sys
2009-03-16 01:49:10 0 d-----w- c:\program files\DVDFab 5
2009-03-13 21:40:44 0 ------w- c:\windows\pcfriend.INI
2009-03-10 22:21:32 103744 ------w- c:\windows\system32\drivers\AnyDVD.sys
2009-03-03 19:19:32 0 d-----w- c:\program files\Audacity
2009-03-01 23:05:26 67 ------w- c:\windows\swupdate.INI
2009-02-27 02:54:45 0 d-----w- c:\program files\Photodex
2009-02-27 02:53:32 0 d-----w- c:\users\brent\appdata\roaming\Photodex
2009-02-24 19:34:16 90112 ------w- c:\windows\system32\dpl100.dll
2009-02-24 19:34:14 823296 ------w- c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34:14 823296 ------w- c:\windows\system32\divx_xx07.dll
2009-02-24 19:34:14 815104 ------w- c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34:14 802816 ------w- c:\windows\system32\divx_xx11.dll
2009-02-24 19:34:14 684032 ------w- c:\windows\system32\DivX.dll
2009-02-19 22:49:02 83448 ----a-w- c:\windows\system32\CddbLangJA.dll
2009-02-19 22:49:02 808440 ----a-w- c:\windows\system32\CDDBUI.dll
2009-02-19 22:49:02 796152 ----a-w- c:\windows\system32\CDDBControl.dll
2009-02-19 22:49:02 108024 ----a-w- c:\windows\system32\CddbLangIT.dll
2009-02-19 22:49:02 103928 ----a-w- c:\windows\system32\CddbLangNL.dll
2009-02-19 22:49:02 103928 ----a-w- c:\windows\system32\CddbLangFR.dll
2009-02-19 22:49:02 103928 ----a-w- c:\windows\system32\CddbLangES.dll
2009-02-19 22:49:02 103928 ----a-w- c:\windows\system32\CddbLangDE.dll
2009-02-17 23:54:24 0 d-----w- c:\users\brent\appdata\roaming\SlideRocketPlayer.62C1F915F5A6BA2BA0761B85080AA90D2A2F76E2.1
2009-02-17 17:11:30 24232 ------w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-02-17 13:33:14 89256 ------w- c:\windows\system32\ElbyCDIO.dll
2009-02-16 20:50:48 0 d-----w- c:\program files\DVD Ripper Wizard
2009-02-16 20:00:23 0 d-----w- c:\program files\Movavi Video Converter 7
2009-02-15 22:05:01 0 d-----w- c:\program files\Xvid
2009-02-15 13:35:26 0 d-----w- c:\users\brent\appdata\roaming\HandBrake
2009-02-15 02:05:11 0 d-----w- c:\programdata\SlySoft
2009-02-15 02:01:02 0 d-----w- c:\program files\SlySoft
2009-02-14 23:26:01 0 d-----w- c:\program files\HandBrake
2009-02-05 02:15:52 0 ------w- c:\windows\Dssole.INI
2009-02-05 02:15:23 0 d-----w- c:\program files\Olympus
2009-02-05 02:08:17 73728 ----a-w- c:\windows\system32\DSXUSB.dll
2009-02-05 02:08:17 39635 ----a-w- c:\windows\system32\drivers\DSXUSB.sys
2009-02-02 22:48:20 0 d-----w- c:\users\brent\appdata\roaming\PeerNetworking
2009-02-02 15:41:02 0 d-----w- c:\program files\iLinc
2009-01-14 17:36:57 410984 ------w- c:\windows\system32\deploytk.dll
2009-01-14 15:44:09 288768 ------w- c:\windows\system32\drivers\srv.sys
2009-01-14 01:39:10 0 d-----w- c:\programdata\WindowsSearch
2009-01-12 03:30:49 0 d-----w- c:\program files\Easy Screen Capture And Annotation
2009-01-02 20:03:16 0 d-----w- c:\programdata\WinZip
2008-12-30 22:39:16 16384 ------w- c:\windows\system32\drivers\vad.sys
2008-12-30 22:39:12 0 d-----w- c:\program files\Acoolsoft
2008-12-29 19:41:41 0 d-----w- c:\program files\Trend Micro
2008-12-29 02:25:24 178688 ----a-w- c:\windows\msa.exe
2008-12-29 02:25:13 229888 ----a-w- c:\windows\system32\sshnas.dll
2008-12-28 17:45:57 0 d-----w- c:\program files\MIDI Workplace
2008-12-26 03:27:51 177 -c----w- C:\test.rtf
2008-12-26 03:27:20 177664 ------w- c:\windows\cbuninstall.exe
2008-12-24 14:50:01 97800 ------w- c:\windows\system32\infocardapi.dll
2008-12-24 14:50:00 105016 ------w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-12-24 14:49:59 622080 ------w- c:\windows\system32\icardagt.exe
2008-12-24 14:49:59 43544 ------w- c:\windows\system32\PresentationHostProxy.dll
2008-12-24 14:49:59 37384 ------w- c:\windows\system32\infocardcpl.cpl
2008-12-24 14:49:59 11264 ------w- c:\windows\system32\icardres.dll
2008-12-24 14:49:57 781344 ------w- c:\windows\system32\PresentationNative_v0300.dll
2008-12-24 14:49:54 326160 ------w- c:\windows\system32\PresentationHost.exe
2008-12-24 14:40:23 96760 ------w- c:\windows\system32\dfshim.dll
2008-12-24 14:40:20 282112 ------w- c:\windows\system32\mscoree.dll
2008-12-24 14:40:17 41984 ------w- c:\windows\system32\netfxperf.dll
2008-12-24 14:39:51 158720 ------w- c:\windows\system32\mscorier.dll
2008-12-24 14:39:45 83968 ------w- c:\windows\system32\mscories.dll
2008-12-24 14:33:56 0 dc-h--r- C:\AHCache
2008-12-22 22:17:03 0 d-----w- c:\users\brent\appdata\roaming\Conferendum
2008-12-21 16:11:29 0 d-----w- c:\users\brent\appdata\roaming\Dimdim
2008-12-21 16:11:07 0 d-----w- c:\program files\Dimdim
2008-12-21 03:02:49 0 d-----w- c:\program files\DemoForge
2008-12-21 03:01:20 0 d--h--w- c:\program files\Zero G Registry
2008-12-21 02:51:59 0 d--h--w- c:\users\brent\InstallAnywhere
2008-12-12 16:18:16 87336 ------w- c:\windows\system32\dns-sd.exe
2008-12-12 16:11:46 61440 ------w- c:\windows\system32\dnssd.dll
2008-12-10 13:52:44 0 d-----w- c:\users\brent\appdata\roaming\Easy Web Builder
2008-12-09 19:59:24 2927104 ------w- c:\windows\explorer.exe
2008-12-09 19:59:12 296960 ------w- c:\windows\system32\gdi32.dll
2008-12-09 19:57:42 996352 ------w- c:\windows\system32\WMNetMgr.dll
2008-12-09 19:57:41 94720 ------w- c:\windows\system32\logagent.exe
2008-12-09 15:02:49 0 d-----w- c:\programdata\LogiShrd
2008-12-09 15:02:25 0 ---h--w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-12-09 15:02:25 0 ---h--w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-12-09 15:01:48 301656 ------w- c:\windows\system32\BtCoreIf.dll
2008-12-09 15:01:44 84496 ------w- c:\windows\system32\KemXML.dll
2008-12-09 15:01:44 170512 ------w- c:\windows\system32\kemutb.dll
2008-12-09 15:01:44 145936 ------w- c:\windows\system32\KemUtil.dll
2008-12-09 15:01:44 117264 ------w- c:\windows\system32\KemWnd.dll
2008-12-09 15:01:16 0 d-----w- c:\programdata\Logitech
2008-12-04 19:06:36 0 d-----w- c:\program files\YPOPs

==================== Find3M ====================

2009-10-27 13:20:19 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-15 13:48:47 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-15 13:48:47 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-29 12:31:56 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-29 12:31:56 51200 ----a-w- c:\windows\inf\infpub.dat
2009-09-29 12:31:56 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-08-24 12:16:12 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-03-17 03:38:46 13824 ------w- c:\windows\system32\apilogen.dll
2009-03-17 03:38:44 24064 ------w- c:\windows\system32\amxread.dll
2009-03-03 04:40:16 499200 ------w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-03-03 04:40:16 129024 ------w- c:\windows\system32\wbem\WmiDcPrv.dll
2009-03-03 04:39:36 183296 ------w- c:\windows\system32\sdohlp.dll
2009-03-03 04:39:32 551424 ------w- c:\windows\system32\rpcss.dll
2009-03-03 04:39:22 26112 ------w- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37:11 98304 ------w- c:\windows\system32\iasrecst.dll
2009-03-03 04:37:11 54784 ------w- c:\windows\system32\iasads.dll
2009-03-03 04:37:11 44032 ------w- c:\windows\system32\iasdatastore.dll
2009-03-03 04:36:24 615424 ------w- c:\windows\system32\wbem\fastprox.dll
2009-03-03 03:04:59 666624 ------w- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38:13 17408 ------w- c:\windows\system32\iashost.exe
2009-03-03 02:16:04 247296 ------w- c:\windows\system32\wbem\WmiPrvSE.exe
2009-01-02 18:58:56 88806176 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-01-02 11:30:50 1192340 --sha-w- c:\windows\system32\drivers\fidbox.idx
2008-12-23 15:29:38 630412 ------w- c:\windows\fonts\Base05_1.ttf
2008-12-23 15:29:38 630412 ------w- c:\windows\fonts\Base05_0.ttf
2008-12-23 15:29:38 630412 ------w- c:\windows\fonts\Base05.ttf
2008-11-10 17:41:34 32656 ----a-w- c:\windows\system32\msonpmon.dll
2008-10-22 03:57:30 241152 ------w- c:\windows\system32\PortableDeviceApi.dll
2008-10-21 05:25:17 1645568 ------w- c:\windows\system32\connect.dll
2008-10-10 20:46:26 69632 ------w- c:\windows\KHALMNPR.Exe
2008-08-24 21:01:06 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sh--w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ------w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ------w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ------w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ------w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ------w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ------w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ------w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ------w- c:\windows\inf\perflib\0000\perfc.dat
2008-08-23 06:24:14 14 --sh--r- c:\windows\system32\drivers\fbd.sys
2008-08-23 06:24:14 4 --sh--r- c:\windows\system32\drivers\taishop.sys

============= FINISH: 13:08:38.96 ===============

bflat
2010-01-02, 21:18
Here's the DDS "Attach.txt" in zipped format per instructions. Thanks for all of your help Shaba:)

4398

Shaba
2010-01-03, 15:17
Please copy/paste attach.txt to your next reply :)

bflat
2010-01-03, 17:54
Here's the Attach_1.txt......

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/28/2008 11:14:24 AM
System Uptime: 1/2/2009 12:47:53 PM (1 hours ago)

Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz | CPU | 1867/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 148 GiB total, 44.881 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acoolsoft PPT2Video Converter 2.0.0.56 Trial
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Acrobat 8.1.3 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe ConnectNow
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop Elements 5.0
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Amazon MP3 Downloader 1.0.3
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
Audacity 1.2.6
AudibleManager
AutoUpdate
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Batch Update
Bible Data Type System Files
BitTorrent
Bonjour
BounceBack Express
Brother HL-4040CN
Brother MFL-Pro Suite
BufferChm
Camera Assistant Software for Toshiba
CamStudio
CD/DVD Drive Acoustic Silencer
CDDRV_Installer
Common System Files
Compatibility Pack for the 2007 Office system
Connect
Constant Contact QuickImport v2 for Outlook
Coupon Printer for Windows
Defender Pro Internet Security
DeviceDiscovery
DeviceManagementQFolder
DivX Codec
DivX Version Checker
Drive Manager
DVD MovieFactory for TOSHIBA
DVD Ripper Wizard
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
Easy Screen Capture And Annotation 2.3.0.0
Easy Web Builder
ERUNT 1.1j
eSupportQFolder
Fast Browser Search Protection
FormViewer
FranklinCovey PlanPlus for Microsoft Outlook
FranklinCovey PlanPlus for Windows
GearDrvs
GoldWave v5.25
Google Desktop
Google Toolbar for Internet Explorer
GoToMeeting 4.1.0.366
Graphical Query Editor
HandBrake 0.9.3
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 9.0
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
iLinc Client
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet Explorer Developer Toolbar
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 3
KhalInstallWrapper
kuler
Libronix Digital Library System
Libronix DLS Application
Libronix DLS Shortcuts
LibronixUpdate
LinkedIn Outlook Toolbar
LLS Resource Driver
Logitech SetPoint
Memeo AutoBackup
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 SDK - ENU
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft XML Parser
Mirage Driver 1.1
MobileMe Control Panel
Movavi Video Converter 7
Move Media Player
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360
Notepad++
OEB Resource Driver
Olympus DSS Player
PDF Image Printer 7.0
PDF Resource Driver
PDF Settings CS4
PeaZip 2.7.1
Photo Story 3 for Windows
Photoshop Camera Raw
Pixel Bender Toolkit
QuickBooks Financial Center
QuickTime
RCA easyRip 2.1.7.0
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RegCure 1.5.1.3
Safari
Samsung Media Studio
Screencaster Plug-in for IE
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Windows Media Encoder (KB954156)
Sentence Diagramming
SolutionCenter
Spybot - Search & Destroy
Status
Suite Shared Configuration CS4
Synaptics Pointing Device Driver
The Logo Creator v5.2
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb976884)
User Agent String Utility
VC80CRTRedist - 8.0.50727.762
Vegas Pro 9.0
VideoWebWizard 2.0
Windows Media Encoder 9 Series
Xvid 1.2.1 final uninstall
YPOPs! 0.9.5.9

==== End Of File ===========================

Shaba
2010-01-04, 14:34
As per forum rules, all p2p programs have to be uninstalled.

So please uninstall BitTorrent, rerun DDS and post back fresh DDS logs.

bflat
2010-01-04, 16:41
Bit Torrent has been removed. Below is the DDS.txt report. Attach.txt report to follow:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Brent at 8:36:20.22 on Sun 01/04/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3061.1610 [GMT -6:00]

AV: Defender Pro Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Defender Pro Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Defender Pro Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\msa.exe
C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WYMNHP8\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar =
uSearch Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title =
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
uRun: [AdobeBridge]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [B1RQJ7YJ0U] c:\windows\msa.exe
mRun: [<NO NAME>]
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AVP] "c:\program files\defender pro\defender pro internet security 6.0\avp.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SMSTray] c:\program files\samsung\samsung media studio 5\SMSTray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
StartupFolder: c:\users\brent\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\direct~1.lnk - c:\program files\olympus\devicedetector\DirectrecConfig.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\defender pro\defender pro internet security 6.0\ie_banner_deny.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\defender pro\defender pro internet security 6.0\scieplugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: heartlandmlsweb.com\www
DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {DA25EE3A-530B-4494-AA8A-AA52557E37B6} - hxxp://www.linkedin.com/cab/LinkedInSignatureControl.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mwmus.webex.com/mwmus/tool/systemcheck/ieatgpc.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\defend~1\defend~1.0\adialhk.dll,c:\progra~1\defend~1\defend~1.0\r3hook.dll c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL

============= SERVICES / DRIVERS ===============

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-7-28 20352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2007-1-25 20760]
R2 AVP;Defender Pro Internet Security;c:\program files\defender pro\defender pro internet security 6.0\avz.exe [2007-8-14 206152]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-8-23 1153368]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-13 7168]
R3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2008-12-30 16384]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-7-28 937984]

=============== Created Last 30 ================

2009-12-24 03:59:49 0 d-----w- c:\programdata\Sony
2009-12-24 03:59:07 0 d-----w- c:\program files\Sony
2009-12-10 14:17:55 0 d-----w- c:\programdata\ArcSoft
2009-12-10 14:16:49 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2009-12-09 20:17:10 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 20:17:09 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 20:17:09 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-08 19:14:46 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-08 19:14:46 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-06 23:02:41 0 d-----w- c:\program files\iPod
2009-12-06 23:02:38 0 d-----w- c:\program files\iTunes
2009-11-26 09:01:19 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 13:09:34 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 13:09:33 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 13:09:29 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-12 00:17:25 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-12 00:17:14 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-11 05:08:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-11-11 05:08:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2009-11-09 03:23:08 0 d-----w- c:\users\brent\appdata\roaming\PeaZip
2009-11-09 03:22:55 0 d-----w- c:\program files\PeaZip
2009-10-29 15:50:31 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-29 15:50:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-23 22:24:00 73728 ----a-w- c:\windows\system32\DSSUSB1.DLL
2009-10-23 22:24:00 69632 ----a-w- c:\windows\system32\DM1USBAPI.dll
2009-10-23 22:24:00 57344 ----a-w- c:\windows\system32\StrDevCheck.dll
2009-10-23 22:24:00 49152 ----a-w- c:\windows\system32\DSSUSBF.dll
2009-10-23 22:24:00 49152 ----a-w- c:\windows\system32\DSSUSB.DLL
2009-10-23 22:24:00 45056 ----a-w- c:\windows\system32\DM1USBAPIVB.dll
2009-10-23 22:24:00 39071 ----a-w- c:\windows\system32\drivers\DSSUSB1.SYS
2009-10-23 22:24:00 33363 ----a-w- c:\windows\system32\drivers\DSSUSB.SYS
2009-10-23 22:24:00 27326 ----a-w- c:\windows\system32\drivers\DM_1USB.sys
2009-10-23 22:24:00 25381 ----a-w- c:\windows\system32\drivers\DSSUSBF.sys
2009-10-23 22:21:54 0 d-----w- c:\program files\common files\Olympus Shared
2009-10-14 21:15:06 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 21:14:34 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 21:14:32 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 21:14:17 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-14 21:14:16 80896 ----a-w- c:\windows\system32\MSNP.ax
2009-10-14 21:14:16 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-14 21:14:16 217088 ----a-w- c:\windows\system32\psisrndr.ax
2009-10-14 21:14:16 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2009-10-14 21:13:50 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 21:13:48 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 21:13:44 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-07 18:16:49 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-07 18:16:14 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-07 18:15:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-07 18:15:59 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-09-29 12:40:38 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-29 12:40:38 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-29 12:39:08 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-22 18:02:30 0 dc----w- C:\perflogs
2009-09-22 00:25:55 0 d-----w- c:\windows\BounceBack
2009-09-09 21:11:21 897608 ------w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 21:11:20 9728 ------w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 21:11:20 27136 ------w- c:\windows\system32\NETSTAT.EXE
2009-09-09 21:11:20 19968 ------w- c:\windows\system32\ARP.EXE
2009-09-09 21:11:20 104960 ------w- c:\windows\system32\netiohlp.dll
2009-09-09 21:11:19 8704 ------w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 21:11:19 17920 ------w- c:\windows\system32\ROUTE.EXE
2009-09-09 21:11:19 17920 ------w- c:\windows\system32\netevent.dll
2009-09-09 21:11:19 11264 ------w- c:\windows\system32\MRINFO.EXE
2009-09-09 21:11:19 10240 ------w- c:\windows\system32\finger.exe
2009-09-09 21:10:46 2501921 ------w- c:\windows\system32\wlan.tmf
2009-09-09 21:10:45 513024 ------w- c:\windows\system32\wlansvc.dll
2009-09-09 21:10:45 302592 ------w- c:\windows\system32\wlansec.dll
2009-09-09 21:10:45 293376 ------w- c:\windows\system32\wlanmsm.dll
2009-09-09 21:10:45 127488 ------w- c:\windows\system32\L2SecHC.dll
2009-09-09 21:10:41 2868224 ------w- c:\windows\system32\mf.dll
2009-09-02 13:24:27 499712 ------w- c:\windows\system32\kerberos.dll
2009-09-02 13:24:27 175104 ------w- c:\windows\system32\wdigest.dll
2009-09-02 13:24:27 1256448 ------w- c:\windows\system32\lsasrv.dll
2009-09-02 13:24:26 9728 ------w- c:\windows\system32\lsass.exe
2009-09-02 13:24:26 72704 ------w- c:\windows\system32\secur32.dll
2009-09-02 13:24:26 439896 ------w- c:\windows\system32\drivers\ksecdd.sys
2009-09-02 13:24:26 270848 ------w- c:\windows\system32\schannel.dll
2009-09-02 13:24:17 28672 ------w- c:\windows\system32\Apphlpdm.dll
2009-09-02 13:24:16 4240384 ------w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:42:52 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 20:22:21 0 d-----w- c:\users\brent\appdata\roaming\eBookPro6
2009-08-11 22:47:56 71680 ------w- c:\windows\system32\atl.dll
2009-08-11 22:47:52 160256 ------w- c:\windows\system32\wkssvc.dll
2009-08-11 22:47:46 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 22:47:46 313344 ------w- c:\windows\system32\wmpdxm.dll
2009-08-11 22:47:45 4096 ----a-w- c:\windows\system32\msdxm.ocx
2009-08-11 22:47:45 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 22:47:44 43520 ------w- c:\windows\system32\msdxm.tlb
2009-08-11 22:47:44 18432 ------w- c:\windows\system32\amcompat.tlb
2009-08-11 22:47:40 91136 ------w- c:\windows\system32\avifil32.dll
2009-08-11 22:47:37 2066432 ------w- c:\windows\system32\mstscax.dll
2009-08-03 21:05:05 0 dc----w- C:\GEORGE
2009-07-21 06:05:40 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-07-15 12:02:14 0 d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-15 12:00:18 0 d-----w- c:\program files\Bonjour
2009-07-15 11:42:57 72704 ------w- c:\windows\system32\fontsub.dll
2009-07-15 11:42:57 289792 ------w- c:\windows\system32\atmfd.dll
2009-07-15 11:42:57 156672 ------w- c:\windows\system32\t2embed.dll
2009-07-15 11:42:57 10240 ------w- c:\windows\system32\dciman32.dll
2009-06-21 21:17:52 255352 ------w- c:\windows\system32\awrdscdc.ax
2009-06-21 21:17:33 0 d-----w- c:\program files\Audible
2009-06-11 20:15:10 636928 ------w- c:\windows\system32\localspl.dll
2009-06-11 20:15:07 784896 ------w- c:\windows\system32\rpcrt4.dll
2009-05-21 18:43:56 0 d-----w- c:\program files\Coupons
2009-05-05 14:00:37 0 d-----w- c:\program files\Microsoft User Agent String Utility
2009-05-04 23:25:00 57344 ------w- c:\windows\system32\MTXSYNCICON.dll
2009-05-04 23:25:00 245760 ------w- c:\windows\system32\MSCLib.dll
2009-05-04 23:25:00 155648 ------w- c:\windows\system32\MSFLib.dll
2009-05-04 23:25:00 15120 ------w- c:\windows\system32\PDINFO.xpd
2009-05-04 23:24:59 40960 ------w- c:\windows\system32\MTTELECHIP.dll
2009-05-04 23:24:59 364544 ------w- c:\windows\system32\MASetupWizard.dll
2009-05-04 23:24:59 24576 ------w- c:\windows\system32\MASetupCleaner.exe
2009-05-04 23:24:58 57344 ------w- c:\windows\system32\MK_Lyric.dll
2009-05-04 23:24:58 49152 ------w- c:\windows\system32\MaJGUILib.dll
2009-05-04 23:24:58 45056 ------w- c:\windows\system32\MaXMLProto.dll
2009-05-04 23:24:58 45056 ------w- c:\windows\system32\MACXMLProto.dll
2009-05-04 23:24:58 3262 ------w- c:\windows\system32\MPXBox.ico
2009-05-04 23:24:58 106609 ------w- c:\windows\system32\MaJUtilLib.dll
2009-05-04 23:24:46 397429 ------w- c:\windows\system32\PixtreeMP4FormatWriter.ax
2009-05-04 23:19:47 0 d-----w- c:\program files\Amazon
2009-04-24 08:17:43 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-23 19:09:40 31936 ------w- c:\windows\system32\BBUninstall.exe
2009-04-23 19:09:04 0 d-----w- c:\program files\CMS Products
2009-04-22 14:28:54 0 d-----w- c:\users\brent\appdata\roaming\CrystalButton
2009-04-02 01:26:48 0 d-----w- c:\program files\Fast Browser SearchP
2009-03-30 23:16:58 0 d-----w- c:\program files\Lame for Audacity
2009-03-30 23:03:06 0 d-----w- c:\program files\DivX
2009-03-30 23:03:01 0 d-----w- c:\program files\common files\DivX Shared
2009-03-28 18:42:33 0 d-----w- c:\users\brent\appdata\roaming\LinkedIn
2009-03-28 18:42:10 0 d-----w- c:\program files\LinkedIn
2009-03-16 19:38:59 0 d-----w- c:\program files\GoldWave
2009-03-16 01:49:20 87608 ------w- c:\users\brent\appdata\roaming\inst.exe
2009-03-16 01:49:20 47360 ------w- c:\windows\system32\drivers\pcouffin.sys
2009-03-16 01:49:20 47360 ------w- c:\users\brent\appdata\roaming\pcouffin.sys
2009-03-16 01:49:10 0 d-----w- c:\program files\DVDFab 5
2009-03-13 21:40:44 0 ------w- c:\windows\pcfriend.INI
2009-03-10 22:21:32 103744 ------w- c:\windows\system32\drivers\AnyDVD.sys
2009-03-03 19:19:32 0 d-----w- c:\program files\Audacity
2009-03-01 23:05:26 67 ------w- c:\windows\swupdate.INI
2009-02-27 02:54:45 0 d-----w- c:\program files\Photodex
2009-02-27 02:53:32 0 d-----w- c:\users\brent\appdata\roaming\Photodex
2009-02-24 19:34:16 90112 ------w- c:\windows\system32\dpl100.dll
2009-02-24 19:34:14 823296 ------w- c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34:14 823296 ------w- c:\windows\system32\divx_xx07.dll
2009-02-24 19:34:14 815104 ------w- c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34:14 802816 ------w- c:\windows\system32\divx_xx11.dll
2009-02-24 19:34:14 684032 ------w- c:\windows\system32\DivX.dll
2009-02-19 22:49:02 83448 ----a-w- c:\windows\system32\CddbLangJA.dll
2009-02-19 22:49:02 808440 ----a-w- c:\windows\system32\CDDBUI.dll
2009-02-19 22:49:02 796152 ----a-w- c:\windows\system32\CDDBControl.dll
2009-02-19 22:49:02 108024 ----a-w- c:\windows\system32\CddbLangIT.dll
2009-02-19 22:49:02 103928 ----a-w- c:\windows\system32\CddbLangNL.dll
2009-02-19 22:49:02 103928 ----a-w- c:\windows\system32\CddbLangFR.dll
2009-02-19 22:49:02 103928 ----a-w- c:\windows\system32\CddbLangES.dll
2009-02-19 22:49:02 103928 ----a-w- c:\windows\system32\CddbLangDE.dll
2009-02-17 23:54:24 0 d-----w- c:\users\brent\appdata\roaming\SlideRocketPlayer.62C1F915F5A6BA2BA0761B85080AA90D2A2F76E2.1
2009-02-17 17:11:30 24232 ------w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-02-17 13:33:14 89256 ------w- c:\windows\system32\ElbyCDIO.dll
2009-02-16 20:50:48 0 d-----w- c:\program files\DVD Ripper Wizard
2009-02-16 20:00:23 0 d-----w- c:\program files\Movavi Video Converter 7
2009-02-15 22:05:01 0 d-----w- c:\program files\Xvid
2009-02-15 13:35:26 0 d-----w- c:\users\brent\appdata\roaming\HandBrake
2009-02-15 02:05:11 0 d-----w- c:\programdata\SlySoft
2009-02-15 02:01:02 0 d-----w- c:\program files\SlySoft
2009-02-14 23:26:01 0 d-----w- c:\program files\HandBrake
2009-02-05 02:15:52 0 ------w- c:\windows\Dssole.INI
2009-02-05 02:15:23 0 d-----w- c:\program files\Olympus
2009-02-05 02:08:17 73728 ----a-w- c:\windows\system32\DSXUSB.dll
2009-02-05 02:08:17 39635 ----a-w- c:\windows\system32\drivers\DSXUSB.sys
2009-02-02 22:48:20 0 d-----w- c:\users\brent\appdata\roaming\PeerNetworking
2009-02-02 15:41:02 0 d-----w- c:\program files\iLinc
2009-01-14 17:36:57 410984 ------w- c:\windows\system32\deploytk.dll
2009-01-14 15:44:09 288768 ------w- c:\windows\system32\drivers\srv.sys
2009-01-14 01:39:10 0 d-----w- c:\programdata\WindowsSearch
2009-01-12 03:30:49 0 d-----w- c:\program files\Easy Screen Capture And Annotation
2009-01-02 20:03:16 0 d-----w- c:\programdata\WinZip
2008-12-30 22:39:16 16384 ------w- c:\windows\system32\drivers\vad.sys
2008-12-30 22:39:12 0 d-----w- c:\program files\Acoolsoft
2008-12-29 19:41:41 0 d-----w- c:\program files\Trend Micro
2008-12-29 02:25:24 178688 ----a-w- c:\windows\msa.exe
2008-12-29 02:25:13 229888 ----a-w- c:\windows\system32\sshnas.dll
2008-12-28 17:45:57 0 d-----w- c:\program files\MIDI Workplace
2008-12-26 03:27:51 177 -c----w- C:\test.rtf
2008-12-26 03:27:20 177664 ------w- c:\windows\cbuninstall.exe
2008-12-24 14:50:01 97800 ------w- c:\windows\system32\infocardapi.dll
2008-12-24 14:50:00 105016 ------w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-12-24 14:49:59 622080 ------w- c:\windows\system32\icardagt.exe
2008-12-24 14:49:59 43544 ------w- c:\windows\system32\PresentationHostProxy.dll
2008-12-24 14:49:59 37384 ------w- c:\windows\system32\infocardcpl.cpl
2008-12-24 14:49:59 11264 ------w- c:\windows\system32\icardres.dll
2008-12-24 14:49:57 781344 ------w- c:\windows\system32\PresentationNative_v0300.dll
2008-12-24 14:49:54 326160 ------w- c:\windows\system32\PresentationHost.exe
2008-12-24 14:40:23 96760 ------w- c:\windows\system32\dfshim.dll
2008-12-24 14:40:20 282112 ------w- c:\windows\system32\mscoree.dll
2008-12-24 14:40:17 41984 ------w- c:\windows\system32\netfxperf.dll
2008-12-24 14:39:51 158720 ------w- c:\windows\system32\mscorier.dll
2008-12-24 14:39:45 83968 ------w- c:\windows\system32\mscories.dll
2008-12-24 14:33:56 0 dc-h--r- C:\AHCache
2008-12-22 22:17:03 0 d-----w- c:\users\brent\appdata\roaming\Conferendum
2008-12-21 16:11:29 0 d-----w- c:\users\brent\appdata\roaming\Dimdim
2008-12-21 16:11:07 0 d-----w- c:\program files\Dimdim
2008-12-21 03:02:49 0 d-----w- c:\program files\DemoForge
2008-12-21 03:01:20 0 d--h--w- c:\program files\Zero G Registry
2008-12-21 02:51:59 0 d--h--w- c:\users\brent\InstallAnywhere
2008-12-12 16:18:16 87336 ------w- c:\windows\system32\dns-sd.exe
2008-12-12 16:11:46 61440 ------w- c:\windows\system32\dnssd.dll
2008-12-10 13:52:44 0 d-----w- c:\users\brent\appdata\roaming\Easy Web Builder
2008-12-09 19:59:24 2927104 ------w- c:\windows\explorer.exe
2008-12-09 19:59:12 296960 ------w- c:\windows\system32\gdi32.dll
2008-12-09 19:57:42 996352 ------w- c:\windows\system32\WMNetMgr.dll
2008-12-09 19:57:41 94720 ------w- c:\windows\system32\logagent.exe
2008-12-09 15:02:49 0 d-----w- c:\programdata\LogiShrd
2008-12-09 15:02:25 0 ---h--w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-12-09 15:02:25 0 ---h--w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-12-09 15:01:48 301656 ------w- c:\windows\system32\BtCoreIf.dll
2008-12-09 15:01:44 84496 ------w- c:\windows\system32\KemXML.dll
2008-12-09 15:01:44 170512 ------w- c:\windows\system32\kemutb.dll
2008-12-09 15:01:44 145936 ------w- c:\windows\system32\KemUtil.dll
2008-12-09 15:01:44 117264 ------w- c:\windows\system32\KemWnd.dll
2008-12-09 15:01:16 0 d-----w- c:\programdata\Logitech

==================== Find3M ====================

2009-10-27 13:20:19 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-15 13:48:47 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-15 13:48:47 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-29 12:31:56 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-29 12:31:56 51200 ----a-w- c:\windows\inf\infpub.dat
2009-09-29 12:31:56 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-08-24 12:16:12 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-03-17 03:38:46 13824 ------w- c:\windows\system32\apilogen.dll
2009-03-17 03:38:44 24064 ------w- c:\windows\system32\amxread.dll
2009-03-03 04:40:16 499200 ------w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-03-03 04:40:16 129024 ------w- c:\windows\system32\wbem\WmiDcPrv.dll
2009-03-03 04:39:36 183296 ------w- c:\windows\system32\sdohlp.dll
2009-03-03 04:39:32 551424 ------w- c:\windows\system32\rpcss.dll
2009-03-03 04:39:22 26112 ------w- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37:11 98304 ------w- c:\windows\system32\iasrecst.dll
2009-03-03 04:37:11 54784 ------w- c:\windows\system32\iasads.dll
2009-03-03 04:37:11 44032 ------w- c:\windows\system32\iasdatastore.dll
2009-03-03 04:36:24 615424 ------w- c:\windows\system32\wbem\fastprox.dll
2009-03-03 03:04:59 666624 ------w- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38:13 17408 ------w- c:\windows\system32\iashost.exe
2009-03-03 02:16:04 247296 ------w- c:\windows\system32\wbem\WmiPrvSE.exe
2009-01-04 14:33:20 89481760 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-01-04 04:15:58 1201388 --sha-w- c:\windows\system32\drivers\fidbox.idx
2008-12-23 15:29:38 630412 ------w- c:\windows\fonts\Base05_1.ttf
2008-12-23 15:29:38 630412 ------w- c:\windows\fonts\Base05_0.ttf
2008-12-23 15:29:38 630412 ------w- c:\windows\fonts\Base05.ttf
2008-11-10 17:41:34 32656 ----a-w- c:\windows\system32\msonpmon.dll
2008-10-22 03:57:30 241152 ------w- c:\windows\system32\PortableDeviceApi.dll
2008-10-21 05:25:17 1645568 ------w- c:\windows\system32\connect.dll
2008-10-10 20:46:26 69632 ------w- c:\windows\KHALMNPR.Exe
2008-08-24 21:01:06 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sh--w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ------w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ------w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ------w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ------w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ------w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ------w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ------w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ------w- c:\windows\inf\perflib\0000\perfc.dat
2008-08-23 06:24:14 14 --sh--r- c:\windows\system32\drivers\fbd.sys
2008-08-23 06:24:14 4 --sh--r- c:\windows\system32\drivers\taishop.sys

============= FINISH: 8:38:24.71 ===============

bflat
2010-01-04, 16:42
Attach.txt report:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/28/2008 11:14:24 AM
System Uptime: 1/4/2009 8:23:18 AM (0 hours ago)

Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz | CPU | 1867/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 148 GiB total, 44.433 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acoolsoft PPT2Video Converter 2.0.0.56 Trial
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Acrobat 8.1.3 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe ConnectNow
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop Elements 5.0
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Amazon MP3 Downloader 1.0.3
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
Audacity 1.2.6
AudibleManager
AutoUpdate
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Batch Update
Bible Data Type System Files
Bonjour
BounceBack Express
Brother HL-4040CN
Brother MFL-Pro Suite
BufferChm
Camera Assistant Software for Toshiba
CamStudio
CD/DVD Drive Acoustic Silencer
CDDRV_Installer
Common System Files
Compatibility Pack for the 2007 Office system
Connect
Constant Contact QuickImport v2 for Outlook
Coupon Printer for Windows
Defender Pro Internet Security
DeviceDiscovery
DeviceManagementQFolder
DivX Codec
DivX Version Checker
Drive Manager
DVD MovieFactory for TOSHIBA
DVD Ripper Wizard
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
Easy Screen Capture And Annotation 2.3.0.0
Easy Web Builder
ERUNT 1.1j
eSupportQFolder
Fast Browser Search Protection
FormViewer
FranklinCovey PlanPlus for Microsoft Outlook
FranklinCovey PlanPlus for Windows
GearDrvs
GoldWave v5.25
Google Desktop
Google Toolbar for Internet Explorer
GoToMeeting 4.1.0.366
Graphical Query Editor
HandBrake 0.9.3
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 9.0
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
iLinc Client
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet Explorer Developer Toolbar
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 3
KhalInstallWrapper
kuler
Libronix Digital Library System
Libronix DLS Application
Libronix DLS Shortcuts
LibronixUpdate
LinkedIn Outlook Toolbar
LLS Resource Driver
Logitech SetPoint
Memeo AutoBackup
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 SDK - ENU
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft XML Parser
Mirage Driver 1.1
MobileMe Control Panel
Movavi Video Converter 7
Move Media Player
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360
Notepad++
OEB Resource Driver
Olympus DSS Player
PDF Image Printer 7.0
PDF Resource Driver
PDF Settings CS4
PeaZip 2.7.1
Photo Story 3 for Windows
Photoshop Camera Raw
Pixel Bender Toolkit
QuickBooks Financial Center
QuickTime
RCA easyRip 2.1.7.0
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RegCure 1.5.1.3
Safari
Samsung Media Studio
Screencaster Plug-in for IE
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Windows Media Encoder (KB954156)
Sentence Diagramming
SolutionCenter
Spybot - Search & Destroy
Status
Suite Shared Configuration CS4
Synaptics Pointing Device Driver
The Logo Creator v5.2
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb976884)
User Agent String Utility
VC80CRTRedist - 8.0.50727.762
Vegas Pro 9.0
VideoWebWizard 2.0
Windows Media Encoder 9 Series
Xvid 1.2.1 final uninstall
YPOPs! 0.9.5.9

==== End Of File ===========================

Shaba
2010-01-05, 06:41
Please uninstall also this:

Coupon Printer for Windows

Delete this file:

C:\Windows\msa.exe

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

bflat
2010-01-06, 04:44
Hello. Coupon Printer for Windows deleted per instructions. Attached below is the Kaspersky report per request. New HJT log to follow:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, January 5, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, January 05, 2010 20:14:06
Records in database: 3344026
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 297785
Threats found: 6
Infected objects found: 11
Suspicious objects found: 0
Scan duration: 05:35:27


File name / Threat / Threats count
C:\Windows\msa.exe/C:\Windows\msa.exe Infected: Packed.Win32.Krap.ag 1
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KA08V57\9udisnO0if2FKbbnkfyyarEMcbj1[2].htm Infected: Trojan-Clicker.JS.Iframe.di 1
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C7QZ0T8V\9udisnO0if2FKbbnkfyyarEMcbj1[1].htm Infected: Trojan-Clicker.JS.Iframe.di 1
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C7QZ0T8V\GVOCo0PUgOBgKCKSoC9wDEeseoFJ[1].htm Infected: Trojan-Clicker.JS.Iframe.de 1
C:\Users\Brent\AppData\Local\Temp\a.exe Infected: Trojan.Win32.FraudPack.ajhq 1
C:\Users\Brent\AppData\Local\Temp\b.exe Infected: Packed.Win32.Krap.ag 1
C:\Users\Brent\AppData\Local\Temp\nsi68B3.tmp.exe Infected: not-a-virus:AdWare.Win32.Shopper.ax 1
C:\Users\Brent\AppData\Local\Temp\nsn1862.tmp.exe Infected: not-a-virus:AdWare.Win32.Shopper.ax 1
C:\Users\Brent\AppData\Local\Temp\nsnC66C.tmp.exe Infected: not-a-virus:AdWare.Win32.Shopper.ax 1
C:\Windows\msa.exe Infected: Packed.Win32.Krap.ag 1
C:\Windows\System32\sshnas.dll Infected: Trojan.Win32.FraudPack.ajhv 1

Selected area has been scanned.

bflat
2010-01-06, 04:45
Below is the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:39 PM, on 1/5/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
c:\TOSHIBA\IVP\swupdate\TaisSoftIcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\msa.exe
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IC1068SO\HijackThis[1].exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 2861 bytes

Shaba
2010-01-06, 09:18
HijackThis is running now from temp folder and log is incomplete.

Please install HijackThis to a permanent folder and rerun scan again :)

bflat
2010-01-06, 18:45
Hopefully this is complete:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:57 AM, on 1/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\msa.exe
C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [B1RQJ7YJ0U] C:\Windows\msa.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} (ILINCInstall102 Class) - https://content10.ilinc.com/download/AXCltInstall.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DA25EE3A-530B-4494-AA8A-AA52557E37B6} (LinkedIn Signature Control) - http://www.linkedin.com/cab/LinkedInSignatureControl.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/mwmus/tool/systemcheck/ieatgpc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\DEFEND~1\DEFEND~1.0\adialhk.dll,C:\PROGRA~1\DEFEND~1\DEFEND~1.0\r3hook.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Defender Pro Internet Security (AVP) - Defender Pro - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 14693 bytes

Shaba
2010-01-06, 19:18
Download OTMoveIt (http://oldtimer.geekstogo.com/OTM.exe) by Old Timer and save it to your Desktop.
Double-click OTM.exe. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
Copy the lines in the codebox below.


:files
C:\Windows\msa.exe
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KA08V57\9udisnO0if2FKbbnkfyyarEMcbj1[2].htm I
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C7QZ0T8V\9udisnO0if2FKbbnkfyyarEMcbj1[1].htm
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C7QZ0T8V\GVOCo0PUgOBgKCKSoC9wDEeseoFJ[1].htm
C:\Users\Brent\AppData\Local\Temp\a.exe
C:\Users\Brent\AppData\Local\Temp\b.exe
C:\Users\Brent\AppData\Local\Temp\nsi68B3.tmp.exe
C:\Users\Brent\AppData\Local\Temp\nsn1862.tmp.exe
C:\Users\Brent\AppData\Local\Temp\nsnC66C.tmp.exe
C:\Windows\System32\sshnas.dll
[EmptyTemp]

Return to OTMoveIt, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

bflat
2010-01-07, 02:24
Attached is the log from OTM:

All processes killed
========== FILES ==========
C:\Windows\msa.exe moved successfully.
File/Folder C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KA08V57\9udisnO0if2FKbbnkfyyarEMcbj1[2].htm I not found.
File/Folder C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C7QZ0T8V\9udisnO0if2FKbbnkfyyarEMcbj1[1].htm not found.
C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C7QZ0T8V\GVOCo0PUgOBgKCKSoC9wDEeseoFJ[1].htm moved successfully.
C:\Users\Brent\AppData\Local\Temp\a.exe moved successfully.
C:\Users\Brent\AppData\Local\Temp\b.exe moved successfully.
C:\Users\Brent\AppData\Local\Temp\nsi68B3.tmp.exe moved successfully.
C:\Users\Brent\AppData\Local\Temp\nsn1862.tmp.exe moved successfully.
C:\Users\Brent\AppData\Local\Temp\nsnC66C.tmp.exe moved successfully.
C:\Windows\System32\sshnas.dll moved successfully.
File/Folder [EmptyTemp] not found.

OTM by OldTimer - Version 3.1.4.0 log created on 01062009_180826

Shaba
2010-01-07, 13:30
Good :)

Please post a fresh HijackThis log as well.

bflat
2010-01-07, 17:48
Attached is a fresh HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:57 AM, on 1/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\msa.exe
C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [B1RQJ7YJ0U] C:\Windows\msa.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} (ILINCInstall102 Class) - https://content10.ilinc.com/download/AXCltInstall.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DA25EE3A-530B-4494-AA8A-AA52557E37B6} (LinkedIn Signature Control) - http://www.linkedin.com/cab/LinkedInSignatureControl.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/mwmus/tool/systemcheck/ieatgpc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\DEFEND~1\DEFEND~1.0\adialhk.dll,C:\PROGRA~1\DEFEND~1\DEFEND~1.0\r3hook.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Defender Pro Internet Security (AVP) - Defender Pro - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 14693 bytes

Shaba
2010-01-07, 20:26
That looks like to be from yesterday.

Please rescan with hijackthis and post a fresh HijackThis log.

bflat
2010-01-07, 23:51
That was strange. When I ran it again, the same thing occurred. I had to uninstall and reinstall. Below is the current log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:08 PM, on 1/7/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe
C:\Windows\Explorer.EXE
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [B1RQJ7YJ0U] C:\Windows\msa.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} (ILINCInstall102 Class) - https://content10.ilinc.com/download/AXCltInstall.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DA25EE3A-530B-4494-AA8A-AA52557E37B6} (LinkedIn Signature Control) - http://www.linkedin.com/cab/LinkedInSignatureControl.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/mwmus/tool/systemcheck/ieatgpc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\DEFEND~1\DEFEND~1.0\adialhk.dll,C:\PROGRA~1\DEFEND~1\DEFEND~1.0\r3hook.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Defender Pro Internet Security (AVP) - Defender Pro - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 14639 bytes

Shaba
2010-01-08, 19:07
OK that is fine now :)

Still issues left?

bflat
2010-01-09, 19:57
No, that has fixed it. Thank you Shaba! Very much appreciated.

Shaba
2010-01-10, 11:19
Good :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Next we remove all used tools.

Please download OTCleanIt (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide (http://www.lognrock.com/forum/index.php?showtopic=6926)

Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913)


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)

Happy surfing and stay clean! :bigthumb:

Shaba
2010-01-30, 08:33
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.