[RESOLVED] I got some kind of Bug

**mollicaa** · July 19th, 2012, 04:58 PM

Ok the problem I have is I use yahoo mail for my email with two different computers and it is always sending out spam email. Now I am not sure which computer is the issue. So here are the logs from the first PC once this one is confirmed clean I will work on the second PC.

Thanks

Tony

Malware Log

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.19.12

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
admin :: ADMIN-PC [administrator]

7/19/2012 8:15:02 PM
mbam-log-2012-07-19 (20-15-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198118
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\admin\AppData\Local\Temp\is1598539481\1029139_Setup.DAT (Adware.TryMedia) -> Quarantined and deleted successfully.
C:\Users\admin\Downloads\WormsWorldParty-dm.exe (Adware.TryMedia) -> Quarantined and deleted successfully.

(end)

GMER Log

Clean, it came up blank.

aswMBR Log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-19 21:09:50
-----------------------------
21:09:50.615 OS Version: Windows x64 6.0.6002 Service Pack 2
21:09:50.615 Number of processors: 2 586 0xF0D
21:09:50.615 ComputerName: ADMIN-PC UserName: admin
21:09:51.863 Initialize success
21:11:08.467 AVAST engine defs: 12071901
21:11:23.100 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:11:23.100 Disk 0 Vendor: FUJITSU_ 0040 Size: 305245MB BusType: 3
21:11:23.131 Disk 0 MBR read successfully
21:11:23.131 Disk 0 MBR scan
21:11:23.147 Disk 0 Windows VISTA default MBR code
21:11:23.162 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:11:23.193 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 303744 MB offset 3074048
21:11:23.271 Disk 0 scanning C:\Windows\system32\drivers
21:11:40.197 Service scanning
21:12:13.769 Modules scanning
21:12:13.769 Disk 0 trace - called modules:
21:12:13.815 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:12:13.815 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800683e1b0]
21:12:13.815 3 CLASSPNP.SYS[fffffa60011cec33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004bbd050]
21:12:15.048 AVAST engine scan C:\Windows
21:12:19.525 AVAST engine scan C:\Windows\system32
21:17:53.407 AVAST engine scan C:\Windows\system32\drivers
21:18:11.737 AVAST engine scan C:\Users\admin
21:34:19.171 AVAST engine scan C:\ProgramData
21:36:31.552 Scan finished successfully
21:39:42.085 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
21:39:42.101 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"

**mollicaa** · July 19th, 2012, 04:59 PM

DDS Text file

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by admin at 21:43:19 on 2012-07-19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4085.2052 [GMT 1:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: CutePDF Editor Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: CutePDF Editor Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
uRun: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
uRun: [Google Update] "C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [NDSTray.exe] NDSTray.exe
mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon]
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{829A1057-AAD7-49F6-8B25-8973877F1EA2} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: CutePDF Editor Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: CutePDF Editor Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [NDSTray.exe] NDSTray.exe
mRun-x64: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpqSRMon]
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRunOnce-x64: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer
mRunOnce-x64: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot64.sys --> C:\Windows\system32\drivers\pavboot64.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-4 175104]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-4 138912]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
R3 NETw4v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw4v64.sys --> C:\Windows\system32\DRIVERS\NETw4v64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-26 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250056]
S3 COH_Mon;COH_Mon;\??\C:\Windows\system32\Drivers\COH_Mon.sys --> C:\Windows\system32\Drivers\COH_Mon.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-26 116648]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-5-14 89920]
S4 KR10I64;KR10I64;C:\Windows\system32\drivers\kr10i64.sys --> C:\Windows\system32\drivers\kr10i64.sys [?]
S4 KR10N64;KR10N64;C:\Windows\system32\drivers\kr10n64.sys --> C:\Windows\system32\drivers\kr10n64.sys [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-11 22:02:11 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-11 22:02:11 708608 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 22:02:05 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 22:02:05 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 22:02:05 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 22:02:05 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-11 22:02:01 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-11 22:02:01 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-11 22:02:01 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-07-11 22:02:01 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-11 22:02:01 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-11 22:02:01 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-26 21:36:34 -------- d-----w- C:\Downloads
2012-06-26 21:36:30 -------- d-----w- C:\Program Files (x86)\Yontoo
2012-06-26 21:36:28 -------- d-----w- C:\ProgramData\Tarma Installer
2012-06-21 13:25:57 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-06-21 13:25:52 -------- d-----w- C:\Users\admin\AppData\Local\APN
.
==================== Find3M ====================
.
2012-07-11 18:15:10 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 18:15:10 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 12:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-13 13:58:27 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 14:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-01 14:29:44 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-23 16:25:30 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-23 16:25:30 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-23 16:25:30 1267200 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-23 16:00:53 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
.
============= FINISH: 21:43:58.12 ===============

**Broni** · July 19th, 2012, 09:28 PM

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

I still need Attach.txt part of DDS.

Next....

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

**mollicaa** · July 20th, 2012, 05:39 PM

Here you go. will run the roguekiller and post.

Attach.zip

**Broni** · July 20th, 2012, 09:09 PM

Please observe forum rules.
All logs have to be pasted not attached or zipped.

**mollicaa** · July 21st, 2012, 04:11 AM

Sorry,

Just did what the file said to do.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/5/2011 4:23:35 PM
System Uptime: 7/19/2012 8:21:42 PM (1 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | CPU | 1667/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 297 GiB total, 186.025 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
Adobe Shockwave Player 11.5
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Ask Toolbar
BufferChm
C5200
C5200_Help
Camera Assistant Software for Toshiba
Cards_Calendar_OrderGift_DoMorePlugout
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
CutePDF Editor Toolbar Updater
CyberLink PowerCinema for TOSHIBA
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Setup
DocProc
DocProcQFolder
DVD MovieFactory for TOSHIBA
DVDFab 8.1.5.9 (20/01/2012) Qt
EA SPORTS online 2008
eSupportQFolder
Fax
FM Tuner Utility
GearDrvs
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
GPBaseService
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photosmart Essential
HP Photosmart Essential 2.5
HP Update
HPDiagnosticAlert
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
InterActual Player
Java(TM) 6 Update 3
LiveUpdate 3.3 (Symantec Corporation)
Madden NFL 08
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Panda ActiveScan 2.0
PanoStandAlone
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PSSWCORE
RAR File Open Knife - Free Opener
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Windows Media Encoder (KB2447961)
Skype Toolbars
Skype™ 5.3
SolutionCenter
Status
Toolbox
Toshiba Assist
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Games
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
VideoToolkit01
WebReg
Windows Media Encoder 9 Series
.
==== Event Viewer Messages From Past Week ========
.
7/19/2012 9:07:42 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00215C308DBF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/19/2012 8:24:56 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
7/19/2012 8:23:26 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
7/17/2012 9:49:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Pml Driver HPZ12 service to connect.
7/17/2012 9:49:14 PM, Error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/13/2012 7:22:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================

**mollicaa** · July 21st, 2012, 04:17 AM

Here is RogueKiller report.

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: admin [Admin rights]
Mode: Scan -- Date: 07/20/2012 22:40:53

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[BLACKLIST DLL] HKLM\[...]\Wow6432Node\RunOnce : B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll ("C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKLM\[...]\Wow6432Node\RunOnce : B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll ("C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHZ2320BH G1 +++++
--- User ---
[MBR] 6e95f95951b52bcc7bb7dad12fc273e1
[BSP] 47bce98fe9c17b4fd0fb146bf99b3103 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 303744 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

**Broni** · July 21st, 2012, 12:23 PM

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**mollicaa** · July 23rd, 2012, 05:09 PM

ComboFix 12-07-24.01 - admin 07/23/2012 21:32:12.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4085.1707 [GMT 1:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
.
.
2012-07-23 20:42 . 2012-07-23 20:48 -------- d-----w- c:\users\admin\AppData\Local\temp
2012-07-11 22:02 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 22:02 . 2012-06-05 16:22 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 22:02 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 22:02 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 22:02 . 2012-06-05 16:22 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 22:02 . 2012-06-05 16:22 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 22:02 . 2012-06-04 15:29 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 22:02 . 2012-06-02 00:22 347136 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 22:02 . 2012-06-02 00:22 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 22:02 . 2012-06-02 00:05 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-11 22:02 . 2012-06-02 00:04 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-11 22:02 . 2012-06-02 00:03 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-11 22:01 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-26 21:36 . 2012-06-26 21:49 -------- d-----w- C:\Downloads
2012-06-26 21:36 . 2012-06-26 21:36 -------- d-----w- c:\program files (x86)\Yontoo
2012-06-26 21:36 . 2012-06-26 21:36 -------- d-----w- c:\programdata\Tarma Installer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 02:05 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-07-11 18:15 . 2012-04-04 08:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-11 18:15 . 2011-05-23 02:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 12:46 . 2012-03-01 15:57 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-19 07:07 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 07:07 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 07:07 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 07:07 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 07:07 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-19 07:07 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 07:07 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-19 07:07 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 07:07 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-19 07:07 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 14:19 . 2012-06-19 07:07 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:19 . 2012-06-19 07:07 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 14:15 . 2012-06-19 07:07 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 14:12 . 2012-06-19 07:07 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-05-01 14:29 . 2012-06-13 17:56 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-06 20:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-30 432640]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"NDSTray.exe"="NDSTray.exe" [BU]
"PCMAgent"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-02-14 184320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-26 413696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-08 115560]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:15]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-26 12:51]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-26 12:51]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-768754289-1039303291-2473749190-1000Core.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-27 16:23]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-768754289-1039303291-2473749190-1000UA.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-27 16:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1573160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 137240]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 187928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 155672]
"RtHDVCpl"="RAVCpl64.exe" [2008-01-30 5682688]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-hpqSRMon - (no file)
SafeBoot-Symantec Antvirus
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\toshiba\IVP\ISM\pinger.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\program files (x86)\Toshiba\ConfigFree\NDSTray.exe
c:\program files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
.
**************************************************************************
.
Completion time: 2012-07-23 22:01:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-23 21:01
.
Pre-Run: 199,624,409,088 bytes free
Post-Run: 200,887,242,752 bytes free
.
- - End Of File - - B14CD42249519A65A9789AA536867A1B

**Broni** · July 23rd, 2012, 06:40 PM

Looks good

How is computer doing?

==============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

**mollicaa** · July 24th, 2012, 02:13 PM

computer appears to be working fine. Yahoo has not sent any spam since we started this.

**Broni** · July 24th, 2012, 03:13 PM

Good

Go on...

**mollicaa** · July 26th, 2012, 05:15 PM

OTL logfile created on: 7/26/2012 9:55:09 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\admin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 45.44% Memory free
8.15 Gb Paging File | 6.25 Gb Available in Paging File | 76.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296.62 Gb Total Space | 187.80 Gb Free Space | 63.31% Space Free | Partition Type: NTFS
Drive D: | 2.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/26 21:54:30 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
PRC - [2012/07/11 18:15:15 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/06/06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 19:55:12 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2009/07/08 21:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/02/14 20:08:30 | 000,184,320 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2008/01/22 19:00:30 | 004,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/01/22 00:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/09 23:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/12/25 22:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/25 22:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/12/14 04:52:00 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2007/10/26 01:41:18 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/10/24 01:27:16 | 000,066,928 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/26 03:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2006/08/24 01:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (No Company Name) ==========

MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2008/01/22 19:00:30 | 004,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2008/01/03 05:27:40 | 000,761,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/01/03 05:27:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/18 00:29:48 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2007/12/04 01:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/22 01:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012/07/11 19:15:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 19:37:56 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 18:22:16 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (EraserSvc11210)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/03/30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/22 00:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/12/25 22:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/10/24 01:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/29 01:06:42 | 000,168,296 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/25 02:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/01/26 03:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/08/24 01:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/08 16:44:36 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/04 15:36:12 | 000,225,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpsHelper.sys -- (WpsHelper)
DRV:64bit: - [2011/05/11 07:21:50 | 000,030,208 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV:64bit: - [2010/06/23 17:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/10/01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/17 19:37:52 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wpsdrvnt.sys -- (WPS)
DRV:64bit: - [2009/08/25 21:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2009/08/25 21:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL)
DRV:64bit: - [2009/08/25 21:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2009/07/14 14:03:50 | 000,025,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\COH_Mon.sys -- (COH_Mon)
DRV:64bit: - [2009/06/30 11:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/05/27 15:31:34 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\teefer2.sys -- (Teefer2)
DRV:64bit: - [2009/04/11 06:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/08/14 18:40:44 | 000,260,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/17 21:12:54 | 000,019,304 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/02/21 18:24:20 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/01/21 23:42:26 | 000,531,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2007/12/21 00:10:50 | 000,028,200 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/11/09 22:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/30 07:03:32 | 000,384,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/09/26 14:19:08 | 003,196,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel(R)
DRV:64bit: - [2007/09/13 22:27:10 | 007,041,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/07/28 03:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/27 04:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006/11/20 07:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2006/11/09 07:34:00 | 000,237,568 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
DRV:64bit: - [2006/11/09 07:33:00 | 000,248,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)
DRV:64bit: - [2006/10/24 01:33:08 | 000,018,944 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2006/10/19 21:10:40 | 000,027,456 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV - [2012/05/31 09:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/05/31 09:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/16 09:00:00 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120725.019\ex64.sys -- (NAVEX15)
DRV - [2012/05/16 09:00:00 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120725.019\eng64.sys -- (NAVENG)
DRV - [2009/08/25 21:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/08/25 21:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/08/25 21:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {EE5B2291-BD50-4971-9DF3-1BD1A37912B5}
IE:64bit: - HKLM\..\SearchScopes\{EE5B2291-BD50-4971-9DF3-1BD1A37912B5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-768754289-1039303291-2473749190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-768754289-1039303291-2473749190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-768754289-1039303291-2473749190-1000\..\SearchScopes,DefaultScope = {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}
IE - HKU\S-1-5-21-768754289-1039303291-2473749190-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-768754289-1039303291-2473749190-1000\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-768754289-1039303291-2473749190-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\admin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\admin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\admin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\admin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/17 21:09:07 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\admin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\admin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\admin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: CutePDF Editor Toolbar = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaandfbcihcbimjeehajifhciaocmbi\7.15.4.23955_0\
CHR - Extension: TimelineRemove = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\
CHR - Extension: Skype Extension = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/07/23 21:47:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CutePDF Editor Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (CutePDF Editor Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-768754289-1039303291-2473749190-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll (DivX, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-768754289-1039303291-2473749190-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-768754289-1039303291-2473749190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-768754289-1039303291-2473749190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/actives.../as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{829A1057-AAD7-49F6-8B25-8973877F1EA2}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\WHTSTR01.BMP
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\WHTSTR01.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/01 17:23:41 | 000,000,148 | R--- | M] () - D:\AUTORUN.inf -- [ UDF ]
O32 - AutoRun File - [2007/07/04 03:32:31 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2007/07/04 03:32:31 | 000,634,880 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007/07/04 03:23:42 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/26 21:54:29 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012/07/26 21:18:18 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Mozilla
[2012/07/24 00:29:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/23 22:01:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/23 22:01:49 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\temp
[2012/07/23 21:30:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/23 21:30:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/23 21:30:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/23 21:29:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/23 21:28:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/23 21:28:00 | 004,583,914 | R--- | C] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
[2012/07/20 22:40:33 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\RK_Quarantine
[2012/07/19 21:41:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\admin\Desktop\dds.scr
[2012/07/19 21:08:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\admin\Desktop\aswMBR.exe
[2012/07/19 20:12:16 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\admin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/12 03:01:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/12 03:01:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/12 03:01:43 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/12 03:01:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/12 03:01:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/12 03:01:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/12 03:01:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/12 03:01:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/12 03:01:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/12 03:01:40 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/12 03:01:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/12 03:01:39 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/12 03:01:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 23:02:01 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/06/26 22:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team17
[2012/06/26 22:36:34 | 000,000,000 | ---D | C] -- C:\Downloads
[2012/06/26 22:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/06/26 22:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/26 21:54:30 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012/07/26 21:52:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/26 21:50:54 | 000,000,000 | ---- | M] () -- C:\Users\admin\Desktop\OTL.exe.kpmc2f3.partial
[2012/07/26 21:28:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-768754289-1039303291-2473749190-1000UA.job
[2012/07/26 21:16:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/26 21:15:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/26 07:28:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-768754289-1039303291-2473749190-1000Core.job
[2012/07/24 21:37:18 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 21:37:18 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 00:32:47 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/24 00:32:47 | 000,604,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/24 00:32:47 | 000,104,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/24 00:27:50 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/24 00:26:30 | 4284,440,576 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/23 21:47:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/23 21:28:07 | 004,583,914 | R--- | M] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
[2012/07/20 22:39:48 | 001,552,384 | ---- | M] () -- C:\Users\admin\Desktop\RogueKiller.exe
[2012/07/20 22:34:43 | 000,002,569 | ---- | M] () -- C:\Users\admin\Desktop\Attach.zip
[2012/07/19 21:41:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\admin\Desktop\dds.scr
[2012/07/19 21:39:42 | 000,000,512 | ---- | M] () -- C:\Users\admin\Desktop\MBR.dat
[2012/07/19 21:09:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\admin\Desktop\aswMBR.exe
[2012/07/19 20:37:29 | 000,302,592 | ---- | M] () -- C:\Users\admin\Desktop\8j62hsjb.exe
[2012/07/19 20:12:17 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\admin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/12 22:06:12 | 000,002,015 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/12 03:27:09 | 000,397,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 21:20:24 | 000,009,216 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/11 19:15:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/11 19:15:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/26 21:49:00 | 000,000,000 | ---- | C] () -- C:\Users\admin\Desktop\OTL.exe.kpmc2f3.partial
[2012/07/23 21:30:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/23 21:30:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/23 21:30:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/23 21:30:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/23 21:30:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/20 22:39:47 | 001,552,384 | ---- | C] () -- C:\Users\admin\Desktop\RogueKiller.exe
[2012/07/20 22:34:43 | 000,002,569 | ---- | C] () -- C:\Users\admin\Desktop\Attach.zip
[2012/07/19 21:39:42 | 000,000,512 | ---- | C] () -- C:\Users\admin\Desktop\MBR.dat
[2012/07/19 20:37:13 | 000,302,592 | ---- | C] () -- C:\Users\admin\Desktop\8j62hsjb.exe
[2012/06/25 07:03:57 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/12/18 13:27:40 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2011/12/11 23:02:01 | 000,130,922 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011/12/11 23:01:52 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011/07/12 19:27:45 | 000,165,127 | ---- | C] () -- C:\Windows\hpoins21.dat
[2011/07/12 19:27:45 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2011/06/19 02:13:31 | 000,009,216 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/06 13:16:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/27 01:03:07 | 000,000,732 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps64.dat
[2011/05/22 03:50:28 | 000,005,864 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2011/05/14 23:33:15 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011/05/14 23:32:23 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/05/14 23:31:38 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011/05/14 21:42:36 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011/05/12 22:43:14 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2011/05/12 01:12:41 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/11 07:56:28 | 000,000,016 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys

< End of report >

**mollicaa** · July 26th, 2012, 05:17 PM

OTL Extras logfile created on: 7/26/2012 9:55:09 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\admin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 45.44% Memory free
8.15 Gb Paging File | 6.25 Gb Available in Paging File | 76.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296.62 Gb Total Space | 187.80 Gb Free Space | 63.31% Space Free | Partition Type: NTFS
Drive D: | 2.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 52 AB 77 E1 38 13 CC 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BEE875-3E83-4D6A-A855-6D1BA01CD829}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{096011C8-AB20-4263-9C6C-436EE23C7197}" = lport=137 | protocol=17 | dir=in | app=system |
"{36754513-DBAA-4E86-82CA-84D36D1BF65A}" = lport=139 | protocol=6 | dir=in | app=system |
"{48D83466-4AD0-4F4C-9286-3E2EC435FA7E}" = rport=139 | protocol=6 | dir=out | app=system |
"{55C4AC37-1E73-4497-BC26-87D91B22655E}" = lport=445 | protocol=6 | dir=in | app=system |
"{808D1522-7BFA-4A7B-8C10-72EA4D8DCA7B}" = rport=445 | protocol=6 | dir=out | app=system |
"{9A56EDB1-7A9E-47A4-9B5B-1745C6A22D38}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CCCEF834-1BB3-401D-8CD5-F57A0DEE314A}" = rport=137 | protocol=17 | dir=out | app=system |
"{E42C06D1-6565-43AE-BA9D-E366C59A0A83}" = rport=138 | protocol=17 | dir=out | app=system |
"{EBFA71EE-8CBA-4674-9111-FB9157923A58}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{127F08FC-65E0-4698-B42F-83B0F1D30C0E}" = protocol=58 | dir=out | [email protected],-28546 |
"{20271391-8BA7-4A3F-9BE8-F13D9A6AB4B4}" = protocol=1 | dir=out | [email protected],-28544 |
"{3100C7B0-025C-41B2-9F89-151E9A60E3EB}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\pcmservice.exe |
"{3B0E19D5-7F75-4231-BFDB-6470A8DDD9EC}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{4B6C43F2-FA1E-4A6B-AA65-90A41C852EA8}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{5AF06639-15CB-4BCB-AFDC-9A0ADD0DB9ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5F6FA1ED-BC43-4D81-BA27-016E89813DCE}" = protocol=1 | dir=in | [email protected],-28543 |
"{6788193F-46AD-4838-ACC3-2FCDF1F04AD9}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{78800BC5-0612-49B5-B5DF-A36847AD84B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7A0229A2-78DD-4BFB-B9F7-CEE4E268821A}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{924AFE1C-243A-4491-BD7C-B462DC9657B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{97CBA8E3-1455-41CC-82FC-924677419B14}" = protocol=58 | dir=in | [email protected],-28545 |
"{9FE8730C-78A8-4A68-B6BB-7F4F8951D586}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe |
"{A2779BA4-C7D7-456B-AACD-BF1618306ED8}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{CBDAC87B-1F5F-4002-8329-FCBD9D03C000}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{D1C498D6-63D7-4EE7-B3B9-B4E0293DB6F6}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{FD9CA7A6-199F-4C57-96B5-97FBCE20576B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"TCP Query User{DA6457E4-632C-4AFB-A47A-909BC2D55489}C:\program files (x86)\ea sports\madden nfl 08\updater.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\madden nfl 08\updater.exe |
"UDP Query User{24F8CE0D-6F7A-4600-A0A3-D26F6445CDC7}C:\program files (x86)\ea sports\madden nfl 08\updater.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\madden nfl 08\updater.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{52D530AD-5CCA-48dc-B6F0-6D14652B0291}" = AIO_CDA_ToolboxIni64
"{530992D4-DDBA-4F68-8B0D-FF50AC57531B}" = Symantec Endpoint Protection
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9C7AB2D0-7768-4708-B9DA-6C1F44C9833A}" = mCPlug
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CutePDF Writer Installation" = CutePDF Writer 3.0
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel(R) PROSet/Wireless Software
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5706E362-3161-46F1-A89A-61739E637EB1}" = FM Tuner Utility
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83A5D4E9-7FE6-336D-9525-F1C879496014}" = Google Talk Plugin
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3BC1DBD-64D6-4EBC-0091-24C811662D40}" = Madden NFL 08
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}" = C5200_Help
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"DivX Setup" = DivX Setup
"DVDFab 8 Qt_is1" = DVDFab 8.1.5.9 (20/01/2012) Qt
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"InterActual Player" = InterActual Player
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"RAR File Open Knife - Free Opener" = RAR File Open Knife - Free Opener
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-768754289-1039303291-2473749190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = CutePDF Editor Toolbar Updater
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/14/2012 2:17:43 PM | Computer Name = admin-PC | Source = Perflib | ID = 1023
Description =

Error - 6/14/2012 2:17:44 PM | Computer Name = admin-PC | Source = Perflib | ID = 1008
Description =

Error - 6/14/2012 2:17:44 PM | Computer Name = admin-PC | Source = Perflib | ID = 1023
Description =

Error - 6/16/2012 5:29:48 PM | Computer Name = admin-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 19.0.1084.56 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1288 Start Time: 01cd4c066c836e80 Termination Time: 14

Error - 6/19/2012 7:56:12 PM | Computer Name = admin-PC | Source = Perflib | ID = 1023
Description =

Error - 6/19/2012 7:56:14 PM | Computer Name = admin-PC | Source = Perflib | ID = 1008
Description =

Error - 6/19/2012 7:56:14 PM | Computer Name = admin-PC | Source = Perflib | ID = 1023
Description =

Error - 6/21/2012 9:32:57 AM | Computer Name = admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/21/2012 9:36:30 AM | Computer Name = admin-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/23/2012 6:23:02 AM | Computer Name = admin-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 6/1/2011 8:47:37 PM | Computer Name = admin-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 6/2/2011 7:42:30 AM | Computer Name = admin-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.7 for the Network Card with network
address 00215C308DBF has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/4/2011 7:08:49 PM | Computer Name = admin-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 00215C308DBF has been denied by the DHCP server 1.1.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/7/2011 6:50:53 AM | Computer Name = admin-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00215C308DBF has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/7/2011 12:28:42 PM | Computer Name = admin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:26:35 PM on 6/7/2011 was unexpected.

Error - 6/10/2011 5:28:08 PM | Computer Name = admin-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00215C308DBF has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/12/2011 10:00:13 AM | Computer Name = admin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:58:59 PM on 6/12/2011 was unexpected.

Error - 6/16/2011 3:25:14 PM | Computer Name = admin-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 6/18/2011 4:41:52 PM | Computer Name = admin-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.39 on
the Network Card with network address 00215C308DBF.

Error - 6/19/2011 11:28:42 AM | Computer Name = admin-PC | Source = DCOM | ID = 10010
Description =

< End of report >

**mollicaa** · July 26th, 2012, 05:19 PM

Do you see anything that I could safely remove?

Thread: [RESOLVED] I got some kind of Bug

Thread Tools

Search Thread

Display

[RESOLVED] I got some kind of Bug

Thread Information

Users Browsing this Thread

Posting Permissions