Author Topic: not sure if laptop got infected. (Read 1494 times)

asquare · « **on:** October 22, 2009, 10:57:53 PM »

Hi All,
Was trying to install a downloaded a CAD software to train myself. Ended up activating a trojan. Note to self : never use downloaded software.
trojan horse generic 14.CDAE

Succesfully moved it to the AVG vault but I keep getting virus threat alerts. Not sureif my sytem is affected. I am currently running trendmicro and avg scans to post more info.

But have run hijackthis and I am posting this log. Please help.

asquare

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:38 PM, on 10/22/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\AVG\AVG8\avgui.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\msa.exe
C:\Users\user\AppData\Local\Temp\b.exe
C:\Users\user\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF Viewer\Win32\PDFXCviewIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EPSON NX100 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDA.EXE /FU "C:\Users\user\AppData\Local\Temp\E_SCFED.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [PopRock] C:\Users\user\AppData\Local\Temp\b.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault SystÃ¨mes SolidWorks Corp. - C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1ca3f2a1954b85d) (gupdate1ca3f2a1954b85d) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\STacSV64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15618 bytes

guestolo · « **Reply #1 on:** October 22, 2009, 11:08:08 PM »

download [color=\"blue\"]OTS.exe[/color][/url] to your Desktop.

Close ALL OTHER PROGRAMS.
Right-click on OTS.exe and choose to "Run As Adminstrator", then let it Run
Check the box that says 64 bit
Under Additional Scans click "Extras".
Do not change any other settings.
Now click the Run Scan button on the left side of the toolbar.
Let it run unhindered until it finishes.
When the scan is complete, Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here.

guestolo · « **Reply #2 on:** October 23, 2009, 08:06:08 AM »

Not seeing anything in your last reply
Are you having problems posting the log?

asquare · « **Reply #3 on:** October 23, 2009, 03:46:58 PM »

guestolo · « **Reply #4 on:** October 24, 2009, 01:24:49 PM »

Can you temporarily disable Windows Defender realtime protection, so it won't interfere with the next steps

Start >>All Programs, and then clicking Windows Defender.
Click Tools, and then click Options.
Under Administrator options, select or clear the Use Windows Defender check box, and then click Save. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Afterwards:
Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Copy/Paste the information in the codebox below into the pane where it says "Paste Fix Here" and then click the green Run Fix button.

Code: [Select]

[Processes - Safe List]
NY -> b.exe -> C:\Users\user\AppData\Local\Temp\b.exe
NY -> b.exe -> C:\Users\user\AppData\Local\Temp\b.exe
[Registry - Safe List]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NY -> "PopRock" -> C:\Users\user\AppData\Local\Temp\b.exe [C:\Users\user\AppData\Local\Temp\b.exe]
[Files/Folders - Modified Within 30 Days]
NY -> {BB65B0FB-5712-401b-B616-E69AC55E2757}.job -> C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
NY -> {7B02EF0B-A410-4938-8480-9BA26420A627}.job -> C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
NY -> msa.exe -> C:\Windows\msa.exe
:Commands
[EmptyTemp]
[Reboot]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS.exe will finish moving any files that could not be moved during the fix and Notepad will open with the final results at that time. Post that information back here.

In addition:
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to [color=\"#006400\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#006400\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Include both the MBAM report and the fix log from OTS.exe please

asquare · « **Reply #5 on:** October 24, 2009, 03:02:11 PM »

asquare · « **Reply #6 on:** October 24, 2009, 03:09:30 PM »

it appears i am not able to post a lot of info in the massage body so i am attaching the files one by one hereEdit>>No need to attach the MBAM logI'll post it hereThe forum is having a problem with OTS code tags, I've removed themMalwarebytes' Anti-Malware 1.41Database version: 3027Windows 6.0.6002 Service Pack 210/24/2009 3:19:30 PMmbam-log-2009-10-24 (15-19-30).txtScan type: Quick ScanObjects scanned: 93020Time elapsed: 9 minute(s), 43 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 3Registry Values Infected: 0Registry Data Items Infected: 1Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:C:\Users\user\AppData\Local\Temp\a.exe (Rootkit.Agent) -> Quarantined and deleted successfully.OTS logfile created on: 10/24/2009 3:51:59 PM - Run 4OTS by OldTimer - Version 3.0.23.1 Folder = C:\Users\user\Downloads64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18828)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.93 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 30.13% Memory free4.00 Gb Paging File | 2.39 Gb Available in Paging File | 59.65% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 221.74 Gb Total Space | 143.98 Gb Free Space | 64.93% Space Free | Partition Type: NTFSDrive D: | 11.14 Gb Total Space | 1.86 Gb Free Space | 16.69% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: USER-PCCurrent User Name: userLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userInclude 64bit ScansCompany Name Whitelist: OnSkip Microsoft Files: OffFile Age = 30 Days [Processes - Safe List]aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/10/22 22:14:12 | 01,170,768 | ---- | M] (Lavasoft)aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/10/22 22:14:12 | 01,170,768 | ---- | M] (Lavasoft)aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/10/22 22:14:12 | 01,170,768 | ---- | M] (Lavasoft)aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/10/22 22:14:12 | 01,170,768 | ---- | M] (Lavasoft)aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/10/22 22:14:12 | 01,170,768 | ---- | M] (Lavasoft)aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/10/22 22:14:12 | 01,170,768 | ---- | M] (Lavasoft)aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/10/22 22:14:12 | 01,170,768 | ---- | M] (Lavasoft)aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009/10/22 22:14:14 | 00,781,656 | ---- | M] (Lavasoft)aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009/10/22 22:14:14 | 00,781,656 | ---- | M] (Lavasoft)aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009/10/22 22:14:14 | 00,781,656 | ---- | M] (Lavasoft)applemobiledeviceservice.exe -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.)avgcsrvx.exe -> C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe -> [2009/09/25 21:48:08 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.)avgcsrvx.exe -> C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe -> [2009/09/25 21:48:08 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.)avgcsrvx.exe -> C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe -> [2009/09/25 21:48:08 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.)avgcsrvx.exe -> C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe -> [2009/09/25 21:48:08 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.)avgcsrvx.exe -> C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe -> [2009/09/25 21:48:08 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.)avgcsrvx.exe -> C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe -> [2009/09/25 21:48:08 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.)avgcsrvx.exe -> C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe -> [2009/09/25 21:48:08 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.)avgcsrvx.exe -> C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe -> [2009/09/25 21:48:08 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.)avgemc.exe -> C:\Program Files (x86)\AVG\AVG8\avgemc.exe -> [2009/09/25 21:47:54 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.)avgtray.exe -> C:\Program Files (x86)\AVG\AVG8\avgtray.exe -> [2009/10/19 09:20:17 | 02,025,752 | ---- | M] (AVG Technologies CZ, s.r.o.)avgwdsvc.exe -> C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -> [2009/09/25 21:47:50 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)blservice.exe -> C:\Windows\SMINST\BLService.exe -> [2008/03/26 18:26:56 | 00,341,328 | ---- | M] ()blservice.exe -> C:\Windows\SMINST\BLService.exe -> [2008/03/26 18:26:56 | 00,341,328 | ---- | M] ()blservice.exe -> C:\Windows\SMINST\BLService.exe -> [2008/03/26 18:26:56 | 00,341,328 | ---- | M] ()bluetoothheadsetproxy.exe -> C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe -> [2008/01/16 21:34:04 | 00,014,376 | ---- | M] (Broadcom Corporation.)bluetoothheadsetproxy.exe -> C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe -> [2008/01/16 21:34:04 | 00,014,376 | ---- | M] (Broadcom Corporation.)com4qlbex.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -> [2008/02/07 14:23:34 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.)com4qlbex.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -> [2008/02/07 14:23:34 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.)firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2009/08/24 16:15:03 | 00,908,280 | ---- | M] (Mozilla Corporation)googlequicksearchbox.exe -> C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe -> [2009/09/26 08:10:56 | 00,122,880 | ---- | M] (Google Inc.)googletoolbarnotifier.exe -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2009/09/26 08:11:03 | 00,039,408 | ---- | M] (Google Inc.)googletoolbarnotifier.exe -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2009/09/26 08:11:03 | 00,039,408 | ---- | M] (Google Inc.)googletoolbarnotifier.exe -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2009/09/26 08:11:03 | 00,039,408 | ---- | M] (Google Inc.)hpqsrmon.exe -> C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe -> [2007/08/22 19:31:16 | 00,080,896 | ---- | M] (Hewlett-Packard)hpqtoaster.exe -> C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe -> [2007/05/16 13:43:04 | 00,677,432 | ---- | M] ()hpqwmiex.exe -> C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -> [2008/01/25 21:05:30 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.)hpswp_clipbook.exe -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe -> [2009/06/30 17:10:30 | 00,116,280 | ---- | M] (Hewlett-Packard Co.)hpwamain.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe -> [2007/11/20 10:44:58 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.)hpwuschd2.exe -> C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe -> [2007/05/08 19:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)iaanotif.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2008/04/15 20:54:40 | 00,178,712 | ---- | M] (Intel Corporation)iaanotif.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2008/04/15 20:54:40 | 00,178,712 | ---- | M] (Intel Corporation)iaanotif.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2008/04/15 20:54:40 | 00,178,712 | ---- | M] (Intel Corporation)iaanotif.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2008/04/15 20:54:40 | 00,178,712 | ---- | M] (Intel Corporation)iaanotif.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2008/04/15 20:54:40 | 00,178,712 | ---- | M] (Intel Corporation)iaantmon.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> [2008/04/15 20:54:42 | 00,354,840 | ---- | M] (Intel Corporation)iaantmon.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> [2008/04/15 20:54:42 | 00,354,840 | ---- | M] (Intel Corporation)ituneshelper.exe -> C:\Program Files (x86)\iTunes\iTunesHelper.exe -> [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.)jusched.exe -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe -> [2009/09/27 00:28:31 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)magicdisc.exe -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe -> [2009/02/23 19:43:12 | 00,576,000 | ---- | M] (MagicISO, Inc.)mbam.exe -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe -> [2009/09/10 14:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation)mdnsresponder.exe -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)mdnsresponder.exe -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)ots.exe -> C:\Users\user\Downloads\OTS.exe -> [2009/10/23 06:36:00 | 00,521,728 | ---- | M] (OldTimer Tools)qlbctrl.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe -> [2008/03/14 11:45:10 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.)qpcapsvc.exe -> C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -> [2008/04/24 02:51:58 | 00,292,232 | ---- | M] ()qpsched.exe -> C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe -> [2008/04/24 02:52:06 | 00,112,008 | ---- | M] ()qpservice.exe -> C:\Program Files (x86)\HP\QuickPlay\QPService.exe -> [2008/04/24 02:51:14 | 00,468,264 | ---- | M] (CyberLink Corp.)richvideo.exe -> C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -> [2007/01/09 05:25:00 | 00,272,024 | ---- | M] ()richvideo.exe -> C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -> [2007/01/09 05:25:00 | 00,272,024 | ---- | M] ()sdwinsec.exe -> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.)soffice.bin -> C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin -> [2009/08/19 10:23:24 | 07,418,368 | ---- | M] (OpenOffice.org)soffice.bin -> C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin -> [2009/08/19 10:23:24 | 07,418,368 | ---- | M] (OpenOffice.org)soffice.exe -> C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe -> [2009/08/19 10:23:22 | 07,424,000 | ---- | M] (OpenOffice.org)swboengine.exe -> C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe -> [2008/09/09 06:01:34 | 00,841,000 | ---- | M] (Dassault SystÃ¨mes SolidWorks Corp.)viewpointservice.exe -> C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)viewpointservice.exe -> C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)viewpointservice.exe -> C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)wifimsg.exe -> C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE -> [2007/09/26 09:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Win32 Services - Safe List]64bit-(AESTFilters) Andrea ST Filters Service [Win32_Own | Auto | Running] -> C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe -> [2008/02/12 16:05:54 | 00,086,016 | ---- | M] (Andrea Electronics Corporation)64bit-(BthServ) Bluetooth Support Service [Win32_Shared | Auto | Running] -> C:\Windows\SysNative\bthserv.dll -> [2009/04/11 03:11:13 | 00,053,760 | ---- | M] (Microsoft Corporation)64bit-(CoordinatorServiceHost) SW Distributed TS Coordinator Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe -> [2008/09/09 06:01:32 | 00,079,144 | ---- | M] (Dassault SystÃ¨mes SolidWorks Corp.)64bit-(hpsrv) HP Service [Win32_Own | Auto | Running] -> C:\Windows\SysNative\Hpservice.exe -> [2008/03/18 19:25:40 | 00,023,040 | ---- | M] (Hewlett-Packard Corporation)64bit-(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/09/21 16:36:16 | 00,660,256 | ---- | M] (Apple Inc.)64bit-(STacSV) Audio Service [Win32_Own | Auto | Running] -> C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_48fbb870\STacSV64.exe -> [2008/04/15 14:18:44 | 00,246,272 | ---- | M] (IDT, Inc.)64bit-(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008/01/20 22:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation)64bit-(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/20 22:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation)(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.)(avg8emc) AVG Free8 E-mail Scanner [Win32_Own | Auto | Running] -> C:\Program Files (x86)\AVG\AVG8\avgemc.exe -> [2009/09/25 21:47:54 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.)(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -> [2009/09/25 21:47:50 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/03/30 00:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation)(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2009/03/30 00:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation)(Com4QLBEx) Com4QLBEx [Win32_Own | On_Demand | Running] -> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -> [2008/02/07 14:23:34 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.)(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2008/01/20 22:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation)(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2008/01/20 22:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation)(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 11:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation)(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -> [2009/02/18 14:40:04 | 00,042,840 | ---- | M] (Microsoft Corporation)(GameConsoleService) GameConsoleService [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -> [2007/12/04 20:41:34 | 00,181,784 | ---- | M] (WildTangent, Inc.)(gupdate1ca3f2a1954b85d) Google Update Service (gupdate1ca3f2a1954b85d) [Win32_Own | Auto | Stopped] -> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -> [2009/09/27 00:21:00 | 00,133,104 | ---- | M] (Google Inc.)(gusvc) Google Software Updater [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/09/26 08:10:52 | 00,182,768 | ---- | M] (Google)(HP Health Check Service) HP Health Check Service [Win32_Own | Auto | Running] -> c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -> [2008/06/16 11:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard)(hpqwmiex) hpqwmiex [Win32_Own | On_Demand | Running] -> C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -> [2008/01/25 21:05:30 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.)(IAANTMON) IntelÂ® Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> [2008/04/15 20:54:42 | 00,354,840 | ---- | M] (Intel Corporation)(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation)(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -> [2009/02/18 14:39:11 | 00,857,432 | ---- | M] (Microsoft Corporation)(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/10/22 22:14:12 | 01,170,768 | ---- | M] (Lavasoft)(Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -> [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation)(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> C:\Windows\SysWow64\Msdtc -> [2006/11/02 09:34:14 | 00,000,000 | ---D | M](odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation)(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)(QPCapSvc) QuickPlay Background Capture Service (QBCS) [Win32_Own | Auto | Running] -> C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -> [2008/04/24 02:51:58 | 00,292,232 | ---- | M] ()(QPSched) QuickPlay Task Scheduler (QTS) [Win32_Own | Auto | Running] -> C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe -> [2008/04/24 02:52:06 | 00,112,008 | ---- | M] ()(RapiMgr) Windows Mobile-based device connectivity [Win32_Shared | Auto | Running] -> C:\Windows\WindowsMobile\rapimgr.dll -> [2008/01/20 22:47:00 | 00,211,968 | ---- | M] (Microsoft Corporation)(Recovery Service for Windows) Recovery Service for Windows [Win32_Own | Auto | Running] -> C:\Windows\SMINST\BLService.exe -> [2008/03/26 18:26:56 | 00,341,328 | ---- | M] ()(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -> [2007/01/09 05:25:00 | 00,272,024 | ---- | M] ()(SBSDWSCService) SBSD Security Center Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.)(SolidWorks Licensing Service) SolidWorks Licensing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -> [2009/10/20 23:49:45 | 00,079,360 | ---- | M] (SolidWorks)(vds) Virtual Disk [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vds.mof -> [2006/11/02 02:35:15 | 00,060,994 | ---- | M] ()(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vss.mof -> [2006/11/02 02:35:15 | 00,055,846 | ---- | M] ()(WcesComm) Windows Mobile 2003-based device connectivity [Win32_Shared | Auto | Running] -> C:\Windows\WindowsMobile\wcescomm.dll -> [2008/01/20 22:47:00 | 00,428,544 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List]64bit-(Accelerometer) HP Accelerometer [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\Accelerometer.sys -> [2008/03/27 15:10:14 | 00,040,296 | ---- | M] (Hewlett-Packard Corporation)64bit-(AvgLdx64) AVG Free AVI Loader Driver x64 [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\avgldx64.sys -> [2009/09/25 21:49:36 | 00,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.)64bit-(AvgMfx64) AVG Free On-access Scanner Minifilter Driver x64 [File_System | System | Running] -> C:\Windows\SysNative\Drivers\avgmfx64.sys -> [2009/09/25 21:49:35 | 00,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.)64bit-(AvgTdiA) AVG Free8 Network Redirector x64 [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\avgtdia.sys -> [2009/09/25 21:49:47 | 00,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.)64bit-(BCM43XV) Broadcom Extensible 802.11 Network Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\bcmwl664.sys -> [2006/10/06 22:13:22 | 00,550,912 | ---- | M] (Broadcom Corporation)64bit-(BthEnum) Bluetooth Enumerator Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\BthEnum.sys -> [2009/04/11 01:39:55 | 00,026,112 | ---- | M] (Microsoft Corporation)64bit-(BthPan) Bluetooth Device (Personal Area Network) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\bthpan.sys -> [2008/01/20 22:47:02 | 00,115,712 | ---- | M] (Microsoft Corporation)64bit-(BTHPORT) Bluetooth Port Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\BTHport.sys -> [2009/04/11 01:40:06 | 00,694,272 | ---- | M] (Microsoft Corporation)64bit-(BTHUSB) Bluetooth Radio USB Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\BTHUSB.sys -> [2009/04/11 01:39:53 | 00,034,816 | ---- | M] (Microsoft Corporation)64bit-(btwaudio) Bluetooth Audio Device Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btwaudio.sys -> [2008/02/01 04:41:52 | 00,089,128 | ---- | M] (Broadcom Corporation.)64bit-(btwavdt) Bluetooth AVDT [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btwavdt.sys -> [2008/02/01 04:41:52 | 00,095,784 | ---- | M] (Broadcom Corporation.)64bit-(btwrchid) btwrchid [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\btwrchid.sys -> [2008/02/01 04:41:52 | 00,019,752 | ---- | M] (Broadcom Corporation.)64bit-(CmBatt) Microsoft ACPI Control Method Battery Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CmBatt.sys -> [2008/01/20 22:46:51 | 00,017,792 | ---- | M] (Microsoft Corporation)64bit-(enecir) ENE CIR Receiver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\enecir.sys -> [2008/01/24 09:24:24 | 00,060,928 | ---- | M] (ENE TECHNOLOGY INC.)64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -> [2009/05/18 14:17:08 | 00,034,152 | ---- | M] (GEAR Software Inc.)64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HdAudio.sys -> [2006/11/02 01:28:10 | 00,273,920 | ---- | M] (Microsoft Corporation)64bit-(hpdskflt) HP Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\hpdskflt.sys -> [2008/03/27 15:10:56 | 00,026,984 | ---- | M] (Hewlett-Packard Corporation)64bit-(HpqKbFiltr) HpqKbFilter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -> [2007/06/18 20:13:12 | 00,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.)64bit-(HpqRemHid) HP Remote Control HID Device [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\HpqRemHid.sys -> [2007/07/11 13:30:34 | 00,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.)64bit-(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -> [2008/01/20 22:46:57 | 00,286,720 | ---- | M] (Conexant Systems, Inc.)64bit-(HSF_DPV) HSF_DPV [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -> [2008/01/20 22:46:57 | 01,523,712 | ---- | M] (Conexant Systems, Inc.)64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\iaStor.sys -> [2008/04/15 20:54:16 | 00,388,120 | ---- | M] (Intel Corporation)64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\igdkmd64.sys -> [2008/06/12 14:51:36 | 07,911,840 | ---- | M] (Intel Corporation)64bit-(IntcHdmiAddService) IntelÂ® High Definition Audio HDMI [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\IntcHdmi.sys -> [2008/06/04 13:55:16 | 00,129,536 | ---- | M] (IntelÂ® Corporation)64bit-(Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\SysNative\DRIVERS\Lbd.sys -> [2009/09/23 08:55:23 | 00,069,152 | ---- | M] (Lavasoft AB)64bit-(mcdbus) Driver for MagicISO SCSI Host Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\mcdbus.sys -> [2009/02/24 18:35:44 | 00,255,552 | ---- | M] (MagicISO, Inc.)64bit-(NETw5v64) IntelÂ® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\NETw5v64.sys -> [2008/04/28 02:38:12 | 04,730,368 | ---- | M] (Intel Corporation)64bit-(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\nvm60x64.sys -> [2006/10/09 22:09:03 | 00,742,696 | ---- | M] (NVIDIA Corporation)64bit-(RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\rfcomm.sys -> [2009/04/11 01:39:57 | 00,178,176 | ---- | M] (Microsoft Corporation)64bit-(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\Rtlh64.sys -> [2008/04/15 06:05:42 | 00,161,792 | ---- | M] (Realtek Corporation )64bit-(RTSTOR) Realtek USB 2.0 Card Reader [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\RTSTOR64.SYS -> [2008/04/21 23:59:06 | 00,065,536 | ---- | M] (Realtek Semiconductor Corp.)64bit-(sdbus) sdbus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\sdbus.sys -> [2008/01/20 22:46:55 | 00,111,104 | ---- | M] (Microsoft Corporation)64bit-(STHDA) IDT High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\stwrt64.sys -> [2008/04/15 14:19:56 | 00,453,120 | ---- | M] (IDT, Inc.)64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\SynTP.sys -> [2008/01/18 07:31:30 | 00,320,560 | ---- | M] (Synaptics, Inc.)64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\usbaapl64.sys -> [2009/08/28 19:42:52 | 00,049,152 | ---- | M] (Apple, Inc.)64bit-(usbvideo) USB Video Device (WDM) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\usbvideo.sys -> [2008/01/20 22:47:27 | 00,168,704 | ---- | M] (Microsoft Corporation)64bit-(usb_rndisx) USB RNDIS Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\usb8023x.sys -> [2009/04/11 01:43:06 | 00,019,456 | ---- | M] (Microsoft Corporation)64bit-(vcdrom) Virtual CD-ROM Device Driver [File_System | System | Stopped] -> C:\Windows\SysNative\drivers\VCdRom.sys -> [2001/12/19 11:45:00 | 00,008,576 | ---- | M] (Microsoft Corporation)64bit-(winachsf) winachsf [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -> [2008/01/20 22:46:57 | 00,724,480 | ---- | M] (Conexant Systems, Inc.)(mcdbus) Driver for MagicISO SCSI Host Controller [Kernel | On_Demand | Running] -> C:\Windows\SysWow64\DRIVERS\mcdbus.sys -> [2009/02/24 18:35:44 | 00,255,552 | ---- | M] (MagicISO, Inc.)(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWow64\Wbem\mpsdrv.mof -> [2006/09/18 17:35:23 | 00,001,088 | ---- | M] ()(Tcpip) TCP/IP Protocol Driver [Kernel | Boot | Running] -> C:\Windows\SysWow64\Wbem\tcpip.mof -> [2006/09/18 17:36:40 | 00,003,066 | ---- | M] () [Modules - Safe List]comctl32.dll -> C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll -> [2009/04/11 02:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation)ots.exe -> C:\Users\user\Downloads\OTS.exe -> [2009/10/23 06:36:00 | 00,521,728 | ---- | M] (OldTimer Tools) [Registry - Safe List]< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.ca/ig?hl=en -> HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 -> HKEY_CURRENT_USER\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/09/02 11:58:12 | 01,107,200 | ---- | M] ()HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\lq6onyxy.default\prefs.js -> extensions.enabledItems -> [email protected]:4.51 ->extensions.enabledItems -> {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 ->extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 ->extensions.enabledItems -> {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 ->extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 ->< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\MozillaHKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/09/23 00:12:45 | 00,000,000 | ---D | M]HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3 [C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2009/09/21 21:24:46 | 00,000,000 | ---D | M]HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2009/09/26 08:11:35 | 00,000,000 | ---D | M]HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2009/10/21 16:56:06 | 00,000,000 | ---D | M]< FireFox Extensions [User Folders] > -> -> C:\Users\user\AppData\Roaming\mozilla\Extensions -> [2009/09/26 08:12:51 | 00,000,000 | ---D | M] -> C:\Users\user\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/09/26 08:12:51 | 00,000,000 | ---D | M] -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\lq6onyxy.default\extensions -> [2009/10/22 19:15:47 | 00,104,245 | ---- | M] () -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\lq6onyxy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/10/22 19:15:47 | 00,104,245 | ---- | M] ()< FireFox Extensions [Program Folders] > -> -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions -> [2009/08/24 16:15:24 | 10,776,568 | ---- | M] (Mozilla Foundation) -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/08/24 16:15:24 | 10,776,568 | ---- | M] (Mozilla Foundation) -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} -> [2009/08/24 16:15:24 | 10,776,568 | ---- | M] (Mozilla Foundation) -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} -> [2009/08/24 16:15:24 | 10,776,568 | ---- | M] (Mozilla Foundation)< FireFox Components [Program Folders] > -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components -> [2009/09/26 08:11:35 | 00,000,000 | ---D | M]browserdirprovider.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/08/24 16:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation)brwsrcmp.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/08/24 16:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation)< FireFox Plugins [Program Folders] > -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins -> [2009/10/21 16:56:06 | 00,000,000 | ---D | M]npdeploytk.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/09/27 00:28:31 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.)npEModelPlugin.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npEModelPlugin.dll -> [2008/09/05 19:58:42 | 00,155,648 | ---- | M] (Dassault SystÃ¨mes SolidWorks Corp.)npFoxitReaderPlugin.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npFoxitReaderPlugin.dll -> [2009/09/27 00:59:55 | 00,072,960 | ---- | M] (Foxit Software Company)npnul32.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/08/24 16:15:27 | 00,065,016 | ---- | M] (mozilla.org)NPOFF12.DLL -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\NPOFF12.DLL -> [2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation)nsEModelPlugin.xpt -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\nsEModelPlugin.xpt -> [2008/09/05 19:31:18 | 00,002,522 | ---- | M] ()< FireFox SearchPlugins [Program Folders] > -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins -> [2009/09/26 08:11:35 | 00,000,000 | ---D | M]amazondotcom.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2009/08/24 14:45:46 | 00,001,394 | ---- | M] ()answers.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/08/24 14:45:46 | 00,002,193 | ---- | M] ()creativecommons.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/08/24 14:45:46 | 00,001,534 | ---- | M] ()eBay.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2009/08/24 14:45:46 | 00,002,344 | ---- | M] ()google.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/08/24 14:45:46 | 00,002,371 | ---- | M] ()wikipedia.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/08/24 14:45:46 | 00,001,178 | ---- | M] ()yahoo.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2009/08/24 14:45:46 | 00,000,792 | ---- | M] ()< HOSTS File > (335252 bytes and 11533 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> First 25 entries...Reset Hosts127.0.0.1 localhost::1 localhost127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com127.0.0.1 10sek.com127.0.0.1 www.10sek.com< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2009/10/12 23:28:47 | 00,350,320 | ---- | M] (Google Inc.){AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg64.dll [Google Toolbar Notifier BHO] -> [2009/10/09 16:38:05 | 00,317,936 | ---- | M] (Google Inc.){C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} [HKLM] -> C:\Program Files\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll [PDF-XChange Viewer IE-Plugin] -> [2009/09/08 15:01:20 | 01,307,416 | ---- | M] (Tracker Software Products Ltd.)< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found{0347C33E-8762-4905-BF09-768834316C61} [HKLM] -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [HP Print Enhancer] -> [2009/06/30 17:08:14 | 00,328,248 | ---- | M] (Hewlett-Packard Co.){06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/23 02:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated){3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/09/25 21:48:14 | 01,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.){53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited){72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2006/10/27 00:48:42 | 02,210,608 | ---- | M] (Microsoft Corporation){A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/09/02 11:58:12 | 01,107,200 | ---- | M] (){AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2009/10/12 23:28:46 | 00,258,160 | ---- | M] (Google Inc.){AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [Google Toolbar Notifier BHO] -> [2009/10/09 16:38:05 | 00,762,864 | ---- | M] (Google Inc.){C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} [HKLM] -> C:\Program Files\Tracker Software\PDF Viewer\Win32\PDFXCviewIEPlugin.dll [PDF-XChange Viewer IE-Plugin] -> [2009/09/08 15:01:18 | 01,108,760 | ---- | M] (Tracker Software Products Ltd.){DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java™ Plug-In 2 SSV Helper] -> [2009/09/27 00:28:31 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.){FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} [HKLM] -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [HP Smart BHO Class] -> [2009/06/30 17:07:40 | 00,509,496 | ---- | M] (Hewlett-Packard Co.)< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2009/10/12 23:28:47 | 00,350,320 | ---- | M] (Google Inc.)< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009/10/12 23:28:46 | 00,258,160 | ---- | M] (Google Inc.)"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/09/02 11:58:12 | 01,107,200 | ---- | M] ()< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2009/10/12 23:28:47 | 00,350,320 | ---- | M] (Google Inc.)WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009/10/12 23:28:46 | 00,258,160 | ---- | M] (Google Inc.)WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/09/02 11:58:12 | 01,107,200 | ---- | M] ()< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2008/06/18 13:14:32 | 00,209,432 | ---- | M] (Intel Corporation)"IAAnotif" -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe ["C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"] -> [2008/04/15 20:54:40 | 00,178,712 | ---- | M] (Intel Corporation)"IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2008/06/18 13:14:50 | 00,151,064 | ---- | M] (Intel Corporation)"OnScreenDisplay" -> C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe] -> [2008/01/24 00:46:54 | 00,685,568 | ---- | M] ( Hewlett-Packard Development Company, L.P.)"Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2008/06/18 13:14:42 | 00,181,784 | ---- | M] (Intel Corporation)"SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2008/01/18 07:31:28 | 01,220,392 | ---- | M] (Synaptics, Inc.)"SysTrayApp" -> C:\Program Files\IDT\WDM\sttray64.exe [%ProgramFiles%\IDT\WDM\sttray64.exe] -> [2008/04/15 14:17:30 | 00,444,416 | ---- | M] (IDT, Inc.)"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/20 22:47:32 | 01,584,184 | ---- | M] (Microsoft Corporation)"Windows Mobile-based device management" -> C:\Windows\WindowsMobile\wmdSync.exe [%windir%\WindowsMobile\wmdSync.exe] -> [2008/01/20 22:47:00 | 00,225,792 | ---- | M] (Microsoft Corporation)< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2007/05/11 06:06:32 | 00,040,048 | ---- | M] (Adobe Systems Incorporated)"AVG8_TRAY" -> C:\Program Files (x86)\AVG\AVG8\avgtray.exe [C:\PROGRA~2\AVG\AVG8\avgtray.exe] -> [2009/10/19 09:20:17 | 02,025,752 | ---- | M] (AVG Technologies CZ, s.r.o.)"Google Quick Search Box" -> C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe ["C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun] -> [2009/09/26 08:10:56 | 00,122,880 | ---- | M] (Google Inc.)"GrooveMonitor" -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2006/10/27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation)"HP Health Check Scheduler" -> c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> [2008/06/16 11:03:20 | 00,075,008 | ---- | M] (Hewlett-Packard)"HP Software Update" -> C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 19:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)"hpqSRMon" -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe] -> [2007/08/22 19:31:16 | 00,080,896 | ---- | M] (Hewlett-Packard)"hpWirelessAssistant" -> C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe] -> [2007/11/20 10:44:58 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.)"iTunesHelper" -> C:\Program Files (x86)\iTunes\iTunesHelper.exe ["C:\Program Files (x86)\iTunes\iTunesHelper.exe"] -> [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.)"Malwarebytes Anti-Malware (reboot)" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2009/09/10 14:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation)"QlbCtrl.exe" -> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ["C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start] -> [2008/03/14 11:45:10 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.)"QPService" -> C:\Program Files (x86)\HP\QuickPlay\QPService.exe ["C:\Program Files (x86)\HP\QuickPlay\QPService.exe"] -> [2008/04/24 02:51:14 | 00,468,264 | ---- | M] (CyberLink Corp.)"QuickTime Task" -> C:\Program Files (x86)\QuickTime\QTTask.exe ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime] -> [2009/09/05 01:54:42 | 00,417,792 | ---- | M] (Apple Inc.)"SolidWorks_CheckForUpdates" -> C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe ["C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler] -> [2008/09/15 11:34:16 | 07,218,472 | R--- | M] (Dassault SystÃ¨mes SolidWorks Corp.)"SunJavaUpdateSched" -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe ["C:\Program Files (x86)\Java\jre6\bin\jusched.exe"] -> [2009/09/27 00:28:31 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)"UCam_Menu" -> C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"] -> [2007/12/24 18:55:34 | 00,222,504 | ---- | M] (CyberLink Corp.)< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "EPSON NX100 Series" -> C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIEDA.EXE [C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDA.EXE /FU "C:\Users\user\AppData\Local\Temp\E_SCFED.tmp" /EF "HKCU"] -> File not found"Sidebar" -> C:\Program Files\Windows Sidebar\sidebar.exe [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun] -> [2009/04/11 03:10:53 | 01,555,968 | ---- | M] (Microsoft Corporation)"swg" -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2009/09/26 08:11:03 | 00,039,408 | ---- | M] (Google Inc.)< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoActiveDesktop" -> [1] -> File not found\\"ForceActiveDesktopOn" ->

-> File not found\\"BindDirectlyToPropertySetStorage" ->
-> File not found\\"NoActiveDesktopChanges" ->
-> File not found< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\"ConsentPromptBehaviorAdmin" -> [2] -> File not found\\"ConsentPromptBehaviorUser" -> [1] -> File not found\\"EnableInstallerDetection" -> [1] -> File not found\\"EnableLUA" ->
-> File not found\\"EnableSecureUIAPaths" -> [1] -> File not found\\"EnableVirtualization" -> [1] -> File not found\\"PromptOnSecureDesktop" -> [1] -> File not found\\"ValidateAdminCodeSignatures" ->
-> File not found\\"dontdisplaylastusername" ->
-> File not found\\"legalnoticecaption" -> [] -> File not found\\"legalnoticetext" -> [] -> File not found\\"scforceoption" ->
-> File not found\\"shutdownwithoutlogon" -> [1] -> File not found\\"undockwithoutlogon" -> [1] -> File not found\\"FilterAdministratorToken" ->
-> File not found\\"EnableUIADesktopToggle" ->
-> File not foundHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found< 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000] -> [2006/10/27 15:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)Google Sidewiki... -> C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html] -> [2009/10/12 23:28:52 | 00,646,144 | ---- | M] (Google Inc.)Send image to &Bluetooth Device... -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm] -> [2007/01/23 14:57:50 | 00,001,199 | ---- | M] ()Send page to &Bluetooth Device... -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm] -> [2007/01/23 14:57:52 | 00,002,758 | ---- | M] ()< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Google Photos Screensa&ver -> C:\Windows\SysWow64\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2009/09/29 14:19:06 | 02,146,304 | ---- | M] (Google Inc.)E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000] -> [2006/10/27 15:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)Google Sidewiki... -> C:&#

guestolo · « **Reply #7 on:** October 24, 2009, 04:23:23 PM »

I wanted to see the fix log from OTS.exe
Can you navigate to the following location:
C:\_OTS\MovedFiles
Inside that folder should be a copy of the log file
Can you post the contents

In addition: Right click on Hijackthis and choose to "Run as Admin"
Run a fresh Scan and save logfile and post the contents

Keep me informed how things are now running

asquare · « **Reply #8 on:** October 26, 2009, 06:29:35 PM »

[quote name=\'guestolo\' post=\'465920\' date=\'Oct 24 2009, 03:23 PM\']I wanted to see the fix log from OTS.exe
Can you navigate to the following location:
C:\_OTS\MovedFiles
Inside that folder should be a copy of the log file
Can you post the contents

In addition: Right click on Hijackthis and choose to "Run as Admin"
Run a fresh Scan and save logfile and post the contents

Keep me informed how things are now running[/quote]

Hi Guestolo,

The laptop seems to be running normally and I do not see any pop ups or traces of the Trojan. OK so I have the files below:

OTS log file:

All Processes Killed
[Processes - Safe List]
No active process named b.exe was found!
C:\Users\user\AppData\Local\Temp\b.exe moved successfully.
No active process named b.exe was found!
File C:\Users\user\AppData\Local\Temp\b.exe not found.
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\PopRock deleted successfully.
File C:\Users\user\AppData\Local\Temp\b.exe not found.
[Files/Folders - Modified Within 30 Days]
C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job moved successfully.
C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job moved successfully.
File C:\Windows\msa.exe not found!
File ds not found!
< End of fix log >
OTS by OldTimer - Version 3.0.23.1 fix logfile created on 10242009_143748

The Hijackthis log is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:26 PM, on 10/26/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Users\user\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF Viewer\Win32\PDFXCviewIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EPSON NX100 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDA.EXE /FU "C:\Users\user\AppData\Local\Temp\E_SCFED.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault SystÃ¨mes SolidWorks Corp. - C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1ca3f2a1954b85d) (gupdate1ca3f2a1954b85d) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\STacSV64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15347 bytes

Thanks
asquare

guestolo · « **Reply #9 on:** October 26, 2009, 10:38:17 PM »

Looks good
Can you do the following
Right click on Hijackthis and choose to "Run as Admin"
Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Right click on OTL.exe and choose to "Run as Admin"

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

asquare · « **Reply #10 on:** October 27, 2009, 06:15:42 AM »

[quote name=\'guestolo\' post=\'465961\' date=\'Oct 26 2009, 09:38 PM\']Looks good
Can you do the following
Right click on Hijackthis and choose to "Run as Admin"
Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Right click on OTL.exe and choose to "Run as Admin"

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

[/quote]

Thank you. I have completed the steps.

Regards
asquare

guestolo · « **Reply #11 on:** October 27, 2009, 08:02:09 AM »

Good work, I'll lock this topic as your problems appear resolved
Take care asquare

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: not sure if laptop got infected. (Read 1494 times)

asquare

not sure if laptop got infected.

guestolo

not sure if laptop got infected.

guestolo

not sure if laptop got infected.

asquare

not sure if laptop got infected.

guestolo

not sure if laptop got infected.

asquare

not sure if laptop got infected.

asquare

not sure if laptop got infected.

guestolo

not sure if laptop got infected.

asquare

not sure if laptop got infected.

guestolo

not sure if laptop got infected.

asquare

not sure if laptop got infected.

guestolo

not sure if laptop got infected.