Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome not working after malware removal


  • This topic is locked This topic is locked
13 replies to this topic

#1 dienophile

dienophile

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 10 July 2010 - 01:14 PM

Hi, I have been using Google Chrome for many months without a problem. However, last night I was somehow infected by malware. A fake anti-virus program appeared in my system tray and I could not kill it or any other processes. It prevented me from running MalwareBytes or getting to the Task Manager. I restarted my computer in safe mode and ran MalwareBytes and it removed 7 things. However, since then, I have not been able to use Google Chrome or Internet Explorer; I am currently only using Firefox because that is the only browser that works. I did some searching online and found that other people have had this problem after removing malware from their computers as well.

I would greatly appreciate it if someone could help me figure out what is wrong with my computer.

I am running Windows Vista (64-bit) SP 2.

As stated in the Preparation Guide, here is the log produced by DDS. Also, I ran GMER, and I attached the file that I saved from it. However, a bunch of the options were grayed out, so I wasn't sure what else to do. I will await further instruction and rerun GMER if need be.


Thank you so much!


DDS (Ver_10-03-17.01) - NTFSX64
Run by Ken at 13:18:11.29 on Sat 07/10/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2571 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\oodag.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\My Book\WD Backup\uBBMonitor.exe
C:\Windows\SysWOW64\WDBtnMgr.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\Program Files (x86)\Western Digital Technologies\Spindown\ExSpinDn.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Ken\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\helppane.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\conime.exe
C:\Users\Ken\Downloads\Defogger.exe
C:\Users\Ken\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - No File
TB: {A057A204-BACC-4D26-8087-36EE87E26986} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\ken\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files (x86)\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [AdobeUpdater] "c:\program files (x86)\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [WD Spindown Utility] "c:\program files (x86)\western digital technologies\spindown\ExSpinDn.exe"
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\ken\appdata\roaming\micros~1\windows\startm~1\programs\startup\sdktra~1.lnk - c:\sun\sdk\jdk\bin\javaw.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\wdback~1.lnk - c:\program files (x86)\my book\wd backup\uBBMonitor.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files (x86)\opanda\iexif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files (x86)\opanda\iexif 2.3\IExifCom.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
TB-X64: {A057A204-BACC-4D26-8087-36EE87E26986} - No File
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\ken\appdata\roaming\mozilla\firefox\profiles\l6vd2bd1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.merlinmann.com/rightnow/|http://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=
FF - component: c:\program files (x86)\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files (x86)\tabletplugins\npwacom.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\ken\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\ken\appdata\roaming\mozilla\firefox\profiles\l6vd2bd1.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071304000006.dll
FF - plugin: c:\users\ken\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2008-10-8 53488]
R0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\drivers\tos_sps64.sys [2008-3-14 531968]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2009-11-5 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2009-11-5 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-5 74880]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-3-20 5556520]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 175104]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-3-20 127784]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-15 8704]
R3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw4v64.sys [2007-9-26 3196416]
S1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2009-7-20 8576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity64.sys [2010-7-10 29752]
S3 Spyder2;ColorVision Spyder2;c:\windows\system32\drivers\Spyder2.sys [2007-2-13 15360]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-10-12 89920]
S4 KR10I64;KR10I64;c:\windows\system32\drivers\KR10I64.sys [2008-2-15 248320]
S4 KR10N64;KR10N64;c:\windows\system32\drivers\KR10N64.sys [2008-2-15 237568]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\viewpoint\common\ViewpointService.exe [2008-6-30 24652]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-07-10 17:17:35 20 ----a-w- c:\users\ken\defogger_reenable
2010-07-10 16:54:24 29752 ----a-w- c:\windows\system32\drivers\rspSanity64.sys
2010-07-10 16:54:23 0 d-----w- c:\program files\SanityCheck
2010-06-23 07:02:07 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-06-23 07:02:07 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-06-23 07:02:07 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 07:02:07 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 07:02:07 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 07:02:07 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-06-23 07:02:07 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-06-23 07:02:07 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 07:02:07 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-06-23 07:02:07 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 02:55:33 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2010-06-23 02:55:33 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-23 02:55:33 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 02:55:33 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll

==================== Find3M ====================

2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-04 06:56:19 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 06:51:49 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 06:51:48 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-04 05:59:11 1209344 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-04 05:58:07 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-05-04 05:56:49 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-04 05:56:28 5950976 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-04 05:56:25 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-05-04 05:56:25 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-04 05:55:56 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-05-04 05:55:42 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2010-05-04 05:55:42 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-05-04 05:55:41 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-05-04 05:55:41 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-05-04 05:55:41 11076096 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-04 05:55:37 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-04 05:01:59 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-04 04:31:05 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-05-04 04:30:58 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-05-04 04:30:19 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-05-01 14:39:56 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:33:28 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-23 14:13:55 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-03-21 17:10:07 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-21 17:10:07 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-21 17:10:06 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-19 05:06:36 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-27 02:09:52 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-03-12 00:05:43 6 --sh--r- c:\windows\system32\drivers\taishop.sys
2009-10-16 02:34:42 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-06-30 19:27:03 13 --sh--r- c:\windows\syswow64\drivers\fbd.sys

============= FINISH: 13:20:53.05 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 13 July 2010 - 04:09 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.RKUnHooker
      3.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dienophile

dienophile
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 14 July 2010 - 07:19 PM

Hi Gringo, thank you SO much for your help! I truly appreciate it! Now for what you requested...

I attempted to go through the steps that you posted. I will post the contents of both logs here. However, I tried to run RKUnHooker and I could not open it; this is the error that it gave me verbatim "Error loading driver, NTSTATUS code 0xC000036B". I tried it a few times but I could not run it.

What should I do after this?

Here are the contents of the logs, DDS first and then attach:


DDS (Ver_10-03-17.01) - NTFSX64
Run by Ken at 20:11:24.55 on Wed 07/14/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.1657 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\oodag.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\My Book\WD Backup\uBBMonitor.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\SysWOW64\WDBtnMgr.exe
C:\Program Files (x86)\Western Digital Technologies\Spindown\ExSpinDn.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Toshiba\IVP\ISM\ivpsvmgr.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Users\Ken\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\conime.exe
C:\Users\Ken\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - No File
TB: {A057A204-BACC-4D26-8087-36EE87E26986} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\ken\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files (x86)\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [AdobeUpdater] "c:\program files (x86)\common files\adobe\updater5\AdobeUpdater.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [NDSTray.exe] NDSTray.exe
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [WD Spindown Utility] "c:\program files (x86)\western digital technologies\spindown\ExSpinDn.exe"
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\ken\appdata\roaming\micros~1\windows\startm~1\programs\startup\sdktra~1.lnk - c:\sun\sdk\jdk\bin\javaw.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\wdback~1.lnk - c:\program files (x86)\my book\wd backup\uBBMonitor.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files (x86)\opanda\iexif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files (x86)\opanda\iexif 2.3\IExifCom.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
TB-X64: {A057A204-BACC-4D26-8087-36EE87E26986} - No File
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\ken\appdata\roaming\mozilla\firefox\profiles\l6vd2bd1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.merlinmann.com/rightnow/|http://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=
FF - component: c:\program files (x86)\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files (x86)\tabletplugins\npwacom.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\ken\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\ken\appdata\roaming\mozilla\firefox\profiles\l6vd2bd1.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071304000006.dll
FF - plugin: c:\users\ken\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2008-10-8 53488]
R0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\drivers\tos_sps64.sys [2008-3-14 531968]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2009-11-5 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2009-11-5 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-5 74880]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-3-20 5556520]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 175104]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-3-20 127784]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-15 8704]
R3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw4v64.sys [2007-9-26 3196416]
S1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2009-7-20 8576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity64.sys [2010-7-10 29752]
S3 Spyder2;ColorVision Spyder2;c:\windows\system32\drivers\Spyder2.sys [2007-2-13 15360]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-10-12 89920]
S4 KR10I64;KR10I64;c:\windows\system32\drivers\KR10I64.sys [2008-2-15 248320]
S4 KR10N64;KR10N64;c:\windows\system32\drivers\KR10N64.sys [2008-2-15 237568]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\viewpoint\common\ViewpointService.exe [2008-6-30 24652]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-07-10 17:17:35 20 ----a-w- c:\users\ken\defogger_reenable
2010-07-10 16:54:24 29752 ----a-w- c:\windows\system32\drivers\rspSanity64.sys
2010-07-10 16:54:23 0 d-----w- c:\program files\SanityCheck
2010-06-23 07:02:07 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-06-23 07:02:07 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-06-23 07:02:07 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 07:02:07 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 07:02:07 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 07:02:07 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-06-23 07:02:07 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-06-23 07:02:07 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 07:02:07 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-06-23 07:02:07 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 02:55:33 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2010-06-23 02:55:33 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-23 02:55:33 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 02:55:33 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll

==================== Find3M ====================

2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-04 06:56:19 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 06:51:49 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 06:51:48 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-04 05:59:11 1209344 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-04 05:58:07 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-05-04 05:56:49 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-04 05:56:28 5950976 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-04 05:56:25 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-05-04 05:56:25 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-04 05:55:56 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-05-04 05:55:42 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2010-05-04 05:55:42 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-05-04 05:55:41 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-05-04 05:55:41 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-05-04 05:55:41 11076096 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-04 05:55:37 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-04 05:01:59 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-04 04:31:05 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-05-04 04:30:58 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-05-04 04:30:19 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-05-01 14:39:56 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:33:28 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-23 14:13:55 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-03-21 17:10:07 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-21 17:10:07 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-21 17:10:06 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-19 05:06:36 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-27 02:09:52 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-03-12 00:05:43 6 --sh--r- c:\windows\system32\drivers\taishop.sys
2009-10-16 02:34:42 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-06-30 19:27:03 13 --sh--r- c:\windows\syswow64\drivers\fbd.sys

============= FINISH: 20:11:56.56 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/14/2008 9:06:37 PM
System Uptime: 7/13/2010 9:19:40 AM (35 hours ago)

Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel® Core™2 Duo CPU T8100 @ 2.10GHz | CPU | 2101/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 185 GiB total, 66.607 GiB free.
D: is FIXED (NTFS) - 186 GiB total, 26.385 GiB free.
E: is CDROM ()
G: is FIXED (FAT32) - 931 GiB total, 170.693 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP785: 6/16/2010 12:36:28 AM - Scheduled Checkpoint
RP786: 6/19/2010 2:01:49 PM - Scheduled Checkpoint
RP787: 6/20/2010 2:44:09 PM - Scheduled Checkpoint
RP788: 6/20/2010 7:00:14 PM - Windows Backup
RP789: 6/22/2010 11:19:40 PM - Scheduled Checkpoint
RP790: 6/23/2010 3:00:27 AM - Windows Update
RP791: 6/24/2010 9:41:00 PM - Scheduled Checkpoint
RP792: 6/25/2010 3:00:31 AM - Windows Update
RP793: 6/25/2010 11:02:25 PM - Scheduled Checkpoint
RP794: 6/27/2010 12:00:07 AM - Scheduled Checkpoint
RP795: 6/27/2010 7:00:13 PM - Windows Backup
RP796: 6/28/2010 10:13:44 PM - Scheduled Checkpoint
RP797: 6/29/2010 9:29:45 PM - Scheduled Checkpoint
RP798: 7/1/2010 10:30:21 PM - Scheduled Checkpoint
RP799: 7/3/2010 12:00:07 AM - Scheduled Checkpoint
RP800: 7/4/2010 9:05:12 PM - Scheduled Checkpoint
RP801: 7/5/2010 4:05:00 PM - Windows Backup
RP802: 7/7/2010 10:36:44 PM - Scheduled Checkpoint
RP803: 7/10/2010 3:51:07 PM - Scheduled Checkpoint
RP804: 7/11/2010 7:00:13 PM - Windows Backup
RP805: 7/14/2010 3:00:31 AM - Windows Update

==== Installed Programs ======================

µTorrent
2007 Microsoft Office system
ACD/Labs Software in C:\Program Files (x86)\ACDFREE12\
Activation Assistant for the 2007 Microsoft Office suites
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.0
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 6
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Amazon MP3 Downloader 1.0.5
Apple Application Support
Apple Software Update
Audacity 1.2.6
Auto Gordian Knot 2.55
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Bear Access Fall 2008
Bonjour Core for Windows
BufferChm
C4100
c4100_Help
Camera Assistant Software for Toshiba
Camera Control Pro 2
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
CD/DVD Drive Acoustic Silencer
Combined Community Codec Pack 2008-01-24
Copy
CoreAVC Professional Edition (remove only)
CustomerResearchQFolder
CyberLink PowerCinema for TOSHIBA
DC++ 0.750
Destinations
DeviceManagementQFolder
DJ_AIO_03_F4200_Software_Min
DocProc
DocProcQFolder
DVD MovieFactory for TOSHIBA
DVD Shrink 3.2
Enblend/Enfuse cvs080226 built by Yuv
eSupportQFolder
FairUse Wizard 2
Fax
FLV Player 2.0 (build 25)
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Goombah Partner COM Server
Haali Media Splitter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photosmart Essential
HP Update
HPProductAssistant
HPSSupply
InFlac 1.1.1
Java Platform, Enterprise Edition 5 SDK
Java™ 6 Update 14
Java™ 6 Update 3
Java™ 6 Update 7
Java™ SE Development Kit 6 Update 14
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft XML Parser
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.19)
Mozilla Thunderbird (2.0.0.14)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360
Notepad++
Opanda IExif 2.3
OpenOffice.org Installer 1.0
Pando Media Booster
PDF Settings
Pen Tablet
Photomatix Pro version 3.1.3
PhotoME Beta-Release
QuickTime
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
SigmaPlot 11.0
Skins
Skype Toolbars
Skype™ 4.2
SolutionCenter
Spyder2PRO
Status
Steam
Team Fortress 2
Toolbox
Toshiba Assist
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrayApp
TweakNow PowerPack 2010
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2202131)
VideoLAN VLC media player 0.8.6i
Videora iPod Converter 5.03
Viewpoint Media Player
VOB2MPG v3
VobSub v2.23 (Remove Only)
WD Backup
WD Diagnostics
WD Spindown or Stop Utility for External Drive, v1.00
WebReg
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR archiver
Wolfram Notebook Indexer 2.0
XviD MPEG4 Video Codec (remove only)

==== Event Viewer Messages From Past Week ========

7/9/2010 9:54:20 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001E333D8623. The following error occurred: The wait operation timed out.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
7/14/2010 3:03:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
7/14/2010 3:03:29 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/14/2010 3:02:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/10/2010 9:33:28 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
7/10/2010 9:33:28 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2010 9:33:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/10/2010 9:32:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/10/2010 9:32:29 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
7/10/2010 9:32:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/10/2010 2:19:18 PM, Error: Application Popup [1060] - \??\C:\Windows\System32\drivers\VCdRom.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/10/2010 12:45:04 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2010 12:44:44 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
7/10/2010 12:44:44 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2010 12:44:44 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2010 12:44:44 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2010 12:44:44 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2010 12:44:44 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2010 12:44:44 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2010 12:44:44 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2010 12:44:44 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2010 12:44:44 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2010 12:44:44 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/10/2010 12:44:44 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2010 12:44:44 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2010 12:44:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/10/2010 12:44:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/10/2010 12:44:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

==== End Of File ===========================


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 14 July 2010 - 07:39 PM

Hello

now I see why those scans won't work - this is a 64 bit system

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Vista and Win 7 Users please Right Click and run as Admin all programs that I ask you to run

: Malwarebytes' Anti-Malware :
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Download and run OTL:

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. The two logs from OTL
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 dienophile

dienophile
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 14 July 2010 - 09:54 PM

Hello again, Gringo!

I still am not able to use Chrome or IE. Firefox is the only browser that still works so something is still wrong with my computer. sad.gif However, I do not SEE anything else wrong with it, although other things might be.

I did everything in your post and here are the results.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4315

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/14/2010 10:28:39 PM
mbam-log-2010-07-14 (22-28-39).txt

Scan type: Quick scan
Objects scanned: 177962
Time elapsed: 13 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 7/14/2010 10:43:42 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Ken\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 184.84 Gb Total Space | 66.77 Gb Free Space | 36.12% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 26.39 Gb Free Space | 14.16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931.40 Gb Total Space | 170.69 Gb Free Space | 18.33% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KEN-LAPTOP
Current User Name: Ken
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Ken\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Ken\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Sun\SDK\jdk\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\WDBtnMgr.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Toshiba\IVP\ISM\pinger.exe ()
PRC - C:\Toshiba\IVP\ISM\Ivpsvmgr.exe (TOSHIBA Corporation)
PRC - C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files (x86)\Western Digital Technologies\Spindown\ExSpinDn.exe (Western Digital Technologies, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Ken\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV:64bit: - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV:64bit: - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV:64bit: - (O&O Defrag) -- C:\Windows\SysNative\oodag.exe (O&O Software GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TNaviSrv) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (pinger) -- C:\Toshiba\IVP\ISM\pinger.exe ()
SRV - (Viewpoint Manager Service) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (rspSanity) -- C:\Windows\SysNative\DRIVERS\rspSanity64.sys (Resplendence Software Projects Sp.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\Windows\SysNative\DRIVERS\AegisP.sys (Cisco Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (UVCFTR) -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (NETw4v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys (Intel Corporation)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (Spyder2) -- C:\Windows\SysNative\DRIVERS\Spyder2.sys ()
DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\DRIVERS\FwLnk.sys (TOSHIBA Corporation)
DRV:64bit: - (KR10N64) -- C:\Windows\SysNative\drivers\kr10n64.sys (TOSHIBA CORPORATION)
DRV:64bit: - (KR10I64) -- C:\Windows\SysNative\drivers\kr10i64.sys (TOSHIBA CORPORATION)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\DRIVERS\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (vcdrom) -- C:\Windows\SysNative\drivers\VCdRom.sys (Microsoft Corporation)
DRV - (vcdrom) -- C:\Windows\SysWOW64\drivers\VCdRom.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1924550830-1380185869-1734337018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-1924550830-1380185869-1734337018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-1924550830-1380185869-1734337018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1924550830-1380185869-1734337018-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1924550830-1380185869-1734337018-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1924550830-1380185869-1734337018-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.merlinmann.com/rightnow/|http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.3
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071304000006
FF - prefs.js..extensions.enabledItems: peraperakun@gmail.com:2.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: ubiquity@labs.mozilla.com:0.1.9
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/15 17:06:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/15 17:06:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2009/09/19 18:11:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2008/06/30 15:30:36 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions
[2010/07/11 11:38:25 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\l6vd2bd1.default\extensions
[2009/12/15 01:44:27 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\l6vd2bd1.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/07/03 11:28:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\l6vd2bd1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/08/24 20:47:17 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\l6vd2bd1.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2009/06/20 10:24:07 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\l6vd2bd1.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/12/15 01:44:27 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\l6vd2bd1.default\extensions\max@subfighter.com
[2009/05/03 13:51:41 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\l6vd2bd1.default\extensions\moveplayer@movenetworks.com
[2009/12/15 01:44:35 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\l6vd2bd1.default\extensions\peraperakun@gmail.com
[2009/12/15 01:44:33 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\l6vd2bd1.default\extensions\ubiquity@labs.mozilla.com
[2010/07/11 11:38:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/28 10:17:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/08/10 20:37:21 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - No CLSID value found.
O3 - HKU\S-1-5-21-1924550830-1380185869-1734337018-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8087-36EE87E26986} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [WD Button Manager] C:\Windows\SysWow64\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WD Spindown Utility] C:\Program Files (x86)\Western Digital Technologies\Spindown\ExSpinDn.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1924550830-1380185869-1734337018-1000..\Run: [AdobeUpdater] C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1924550830-1380185869-1734337018-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1924550830-1380185869-1734337018-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SDK Tray Menu.lnk = C:\Sun\SDK\jdk\bin\javaw.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm ()
O8:64bit: - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm ()
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm ()
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ken\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ken\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0cea334d-99b3-11de-9dda-001e333d8623}\Shell - "" = AutoRun
O33 - MountPoints2\{0cea334d-99b3-11de-9dda-001e333d8623}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{0dcebb44-2ab0-11de-b597-001e333d8623}\Shell - "" = AutoRun
O33 - MountPoints2\{0dcebb44-2ab0-11de-b597-001e333d8623}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{26319d3d-2b46-11de-b631-001e333d8623}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{3124b8bc-759b-11de-88fa-001e333d8623}\Shell - "" = AutoRun
O33 - MountPoints2\{3124b8bc-759b-11de-88fa-001e333d8623}\Shell\AutoRun\command - "" = F:\Windows\AutoRun\autorun.exe -- File not found
O33 - MountPoints2\{482487b7-46f5-11dd-b990-001e333d8623}\Shell - "" = AutoRun
O33 - MountPoints2\{482487b7-46f5-11dd-b990-001e333d8623}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{83f87fca-af6a-11de-ada7-001e333d8623}\Shell\AutoRun\command - "" = H:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\{847206fe-b643-11dd-b271-001e333d8623}\Shell - "" = AutoRun
O33 - MountPoints2\{847206fe-b643-11dd-b271-001e333d8623}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{86723eb1-0a51-11de-b094-001e333d8623}\Shell - "" = AutoRun
O33 - MountPoints2\{86723eb1-0a51-11de-b094-001e333d8623}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e590a29a-dd12-11de-929c-001e333d8623}\Shell - "" = AutoRun
O33 - MountPoints2\{e590a29a-dd12-11de-929c-001e333d8623}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f4c924d0-6a63-11dd-9154-001e333d8623}\Shell\AutoRun\command - "" = L:\LinksysConnectPC.exe -- File not found
O33 - MountPoints2\{f4c924d5-6a63-11dd-9154-001e333d8623}\Shell - "" = AutoRun
O33 - MountPoints2\{f4c924d5-6a63-11dd-9154-001e333d8623}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/14 22:35:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/14 22:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/07/10 13:26:46 | 000,000,000 | ---D | C] -- C:\Users\Ken\Desktop\gmer
[2010/07/10 12:54:24 | 000,029,752 | ---- | C] (Resplendence Software Projects Sp.) -- C:\Windows\SysNative\drivers\rspSanity64.sys
[2010/07/10 12:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\SanityCheck
[2010/07/10 12:52:10 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/10 00:36:47 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\rayxrbtni
[2010/06/23 03:02:07 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/06/23 03:02:07 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/06/23 03:02:07 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/23 03:02:07 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/06/23 03:02:07 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/23 03:02:07 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/06/23 03:02:07 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/06/23 03:02:07 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/06/22 22:55:33 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/06/22 22:55:33 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/06/22 22:55:33 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/22 22:55:33 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/14 22:46:54 | 004,194,304 | -HS- | M] () -- C:\Users\Ken\ntuser.dat
[2010/07/14 22:34:54 | 000,000,914 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/14 22:34:37 | 000,000,734 | ---- | M] () -- C:\Users\Ken\Desktop\NTREGOPT.lnk
[2010/07/14 22:34:36 | 000,000,715 | ---- | M] () -- C:\Users\Ken\Desktop\ERUNT.lnk
[2010/07/14 22:02:59 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BF31626D-CA34-4B1C-BEA4-A1A722F89F6A}.job
[2010/07/14 21:52:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1924550830-1380185869-1734337018-1000UA.job
[2010/07/14 21:38:38 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/14 21:38:38 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/14 20:15:13 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/07/14 20:13:13 | 000,133,632 | ---- | M] () -- C:\Users\Ken\Desktop\RKUnhookerLE.EXE
[2010/07/14 20:10:55 | 000,525,824 | ---- | M] () -- C:\Users\Ken\Desktop\dds.scr
[2010/07/14 19:39:47 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1924550830-1380185869-1734337018-1000Core.job
[2010/07/14 19:39:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/10 14:21:23 | 000,000,004 | ---- | M] () -- C:\Users\Ken\tray.pid
[2010/07/10 14:20:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/10 14:19:38 | 4292,829,184 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/10 14:19:33 | 000,112,376 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2010/07/10 14:17:49 | 000,524,288 | -HS- | M] () -- C:\Users\Ken\ntuser.dat{66956971-06d2-11de-aece-001e333d8623}.TMContainer00000000000000000001.regtrans-ms
[2010/07/10 14:17:49 | 000,065,536 | -HS- | M] () -- C:\Users\Ken\ntuser.dat{66956971-06d2-11de-aece-001e333d8623}.TM.blf
[2010/07/10 14:17:47 | 002,402,214 | -H-- | M] () -- C:\Users\Ken\AppData\Local\IconCache.db
[2010/07/10 13:26:13 | 000,284,915 | ---- | M] () -- C:\Users\Ken\Desktop\gmer.zip
[2010/07/10 13:17:36 | 000,000,020 | ---- | M] () -- C:\Users\Ken\defogger_reenable
[2010/07/10 13:01:20 | 000,007,977 | ---- | M] () -- C:\Users\Ken\AppData\Local\Temp42.html
[2010/07/10 12:54:50 | 000,001,293 | ---- | M] () -- C:\Users\Ken\AppData\Local\Temp1.html
[2010/07/10 11:34:15 | 000,001,356 | ---- | M] () -- C:\Users\Ken\AppData\Local\d3d9caps.dat
[2010/07/09 22:00:01 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/09 22:00:01 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/09 22:00:01 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/09 21:57:07 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/07 21:31:44 | 000,207,872 | ---- | M] () -- C:\Users\Ken\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/19 12:33:14 | 552,015,325 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/14 22:34:54 | 000,000,914 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/14 22:34:37 | 000,000,734 | ---- | C] () -- C:\Users\Ken\Desktop\NTREGOPT.lnk
[2010/07/14 22:34:36 | 000,000,715 | ---- | C] () -- C:\Users\Ken\Desktop\ERUNT.lnk
[2010/07/14 20:13:18 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/07/14 20:13:13 | 000,133,632 | ---- | C] () -- C:\Users\Ken\Desktop\RKUnhookerLE.EXE
[2010/07/14 20:10:53 | 000,525,824 | ---- | C] () -- C:\Users\Ken\Desktop\dds.scr
[2010/07/10 13:26:10 | 000,284,915 | ---- | C] () -- C:\Users\Ken\Desktop\gmer.zip
[2010/07/10 13:17:35 | 000,000,020 | ---- | C] () -- C:\Users\Ken\defogger_reenable
[2010/07/10 13:01:20 | 000,007,977 | ---- | C] () -- C:\Users\Ken\AppData\Local\Temp42.html
[2010/07/10 12:54:40 | 000,001,293 | ---- | C] () -- C:\Users\Ken\AppData\Local\Temp1.html
[2010/07/10 12:30:41 | 4292,829,184 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/31 22:36:59 | 000,000,000 | ---- | C] () -- C:\Windows\OODCNT.INI
[2009/10/12 01:28:55 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/12 01:28:35 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/12 01:28:24 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\nm6md47.dll
[2009/10/12 01:28:24 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
[2009/10/12 01:28:24 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
[2009/10/12 01:28:24 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2009/10/12 01:28:24 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2009/10/12 01:28:24 | 000,000,339 | ---- | C] () -- C:\Windows\SysWow64\rvapw85.dll
[2009/10/12 01:28:24 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll
[2009/10/12 01:28:24 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2009/10/12 01:28:24 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\gtgam4a.dll
[2009/08/29 16:39:59 | 000,001,662 | ---- | C] () -- C:\Windows\ProgramLive.INI
[2009/07/03 20:45:24 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009/01/25 17:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/08 19:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008/07/04 13:02:19 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/06/30 15:27:03 | 000,000,013 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2008/03/14 21:43:44 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2008/03/14 21:43:44 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2008/03/14 21:43:44 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2008/02/15 07:19:35 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/15 06:19:35 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/02/15 06:19:35 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/02/15 06:19:35 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/02/15 06:19:35 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/02/15 06:19:35 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/02/15 06:19:35 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/04 05:22:16 | 000,245,760 | R--- | C] () -- C:\Windows\SysWow64\setupsup.dll
[2007/12/21 20:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\TosBtAcc.dll
[2005/07/23 01:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\TosCommAPI.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2001/06/15 12:41:12 | 000,000,601 | ---- | C] () -- C:\Windows\krb5.ini
[1996/03/21 23:32:26 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\DLWBC31.DLL
< End of report >

OTL Extras logfile created on: 7/14/2010 10:43:42 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Ken\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 184.84 Gb Total Space | 66.77 Gb Free Space | 36.12% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 26.39 Gb Free Space | 14.16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931.40 Gb Total Space | 170.69 Gb Free Space | 18.33% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KEN-LAPTOP
Current User Name: Ken
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1924550830-1380185869-1734337018-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 59 D9 B2 42 00 4B CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1924550830-1380185869-1734337018-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11989FDB-BD85-41DB-84A9-A6FC12B23932}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2B35E6D0-7E6E-42DE-8980-2BFFA4550BF9}" = lport=137 | protocol=17 | dir=in | app=system |
"{2C066A8A-6AEB-44CA-8D47-B3DDE9CDFF17}" = rport=139 | protocol=6 | dir=out | app=system |
"{31F80377-6652-4480-BD7A-1F2D1C5F02DB}" = lport=138 | protocol=17 | dir=in | app=system |
"{4255B1AB-FE28-437A-A254-148CF15E3F1E}" = lport=139 | protocol=6 | dir=in | app=system |
"{44E67966-E3CB-4388-B43E-F230BD749C5D}" = rport=138 | protocol=17 | dir=out | app=system |
"{466AC1C2-A131-4E84-ADE3-389D8ECA7CB0}" = lport=445 | protocol=6 | dir=in | app=system |
"{4D0F02BC-2705-40FA-BB5D-2F79943530B6}" = lport=40681 | protocol=17 | dir=in | name=utor1 |
"{8715BD72-7BA9-488B-BFC5-E7B88D364006}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{9B75E635-F685-4DD3-85A9-16CEC1AAE55E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B6CFC3E2-0FFE-4D68-B224-0B5CD096883E}" = rport=137 | protocol=17 | dir=out | app=system |
"{EC11A06C-58B9-421E-A6DC-F623ECEF999F}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{060C1A7A-2934-43AB-A0C7-E9C6E18A78C2}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{09C3E62F-A077-4C16-BE1E-ABB09A8ED49A}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{0BA5FE40-8F43-40F9-AF4E-6C00ECA37BE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0D3326C8-AE91-4598-88AD-9EAA70478C4B}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{12C8AAE3-54D9-4FA8-9A26-EEDF24EAE5BF}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{16E73CC6-A652-4893-9D1D-2CB45195B05F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1E44BEDA-C541-48ED-88D9-29F59763ACBE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1F1C2C08-36DE-4B66-BA43-7440F2EDAA0E}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{21AA7E24-E7BF-4FB7-99D2-249C76023861}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathkernel.exe |
"{22662B2B-E844-4FE4-A447-8D94FA70DFBB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{23A177CB-D4AE-45F6-9BBE-9672EE824B13}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{23A59BA3-C7FB-4862-851B-C01434D8033E}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\math.exe |
"{2560296F-4F48-41BE-94A8-579CF6403530}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{29798C60-97D1-45EA-B30C-A45A564AF292}" = protocol=6 | dir=in | app=c:\users\ken\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{3100C7B0-025C-41B2-9F89-151E9A60E3EB}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\pcmservice.exe |
"{3248C1F1-099A-4DA3-8CC4-A2C1611FF84F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{36401BA1-4D59-4D80-BF2A-ACC253DF0BD0}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{3A468136-D017-43CA-827A-29E17C6177EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3C37E6DD-31C1-464A-AFDC-9777E2496EDB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3FCF3D8F-84AE-49A9-B247-CC6FC62BE24E}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{42603F5C-0543-49DB-B021-E76E2FE94AC0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{44996CF7-BF27-4674-9F47-8B6B5B30881F}" = protocol=6 | dir=in | app=c:\users\ken\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{47BFEDFD-172E-4AF1-8195-A41DC03DE023}" = protocol=17 | dir=in | app=c:\users\ken\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{48691467-C268-4795-96D3-9BD7A1D6A258}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathkernel.exe |
"{489FD4F4-030C-4391-8AE6-F1E9535E674F}" = protocol=6 | dir=in | app=c:\users\ken\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{511BA134-A93D-4650-9607-8118BBF03492}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{517A1CE1-3563-4399-9DE8-BB3E328079E2}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{51B4DFCB-6EA5-4AF8-8D30-E159C0D3282E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5344E55B-BED3-4DDE-86F6-DACA6744A767}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{57E3EB1E-8B48-4681-8AC7-EAA3C4F53BB8}" = protocol=17 | dir=in | app=c:\users\ken\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{59D518E3-3B48-4EDA-BACD-88CE922F00ED}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5BA9544D-653C-4CA7-AA1C-B3AEB0EE9698}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{609CB663-71F6-4352-AF2A-5E7C9E46953B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{60BF5914-361B-406E-90DD-3247AA6F82B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6C0FF49C-4C2F-418F-A40D-313FAC642FE8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6CEB5A1B-4E30-4667-9B00-03D4EBC8D33B}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathematica.exe |
"{70F60AC9-2909-44A1-A1F7-6CD775D9B826}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{72795D03-774E-45D0-A7B9-B4B8C4DE0186}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{72DA8F6C-343F-4E3E-A84D-DD24C286E240}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{74BF8FF6-A68E-4924-A079-C778B43EDEEB}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{75AB627C-A76F-4E23-BEDF-C5DE75AE4C3B}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{7645ADEA-C4B6-48D5-87BA-8940C1B1ECD5}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{787E03D8-AC90-44C3-AEE4-C3D11F48421D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{79987DB6-2B91-4429-B784-C1691A1FFA7B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{7F09C0E8-EEFD-4BD8-9009-73D62338BFA2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{82B8BFD8-03A1-4F7D-9444-5F420571E9F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{83B16CB9-698D-4B6F-9DA8-7EEDFD8A86D1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8423E1AC-C39F-45EA-A064-F33502976B9F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{85C21815-BD88-4AB9-8A6E-9C4A7CD739D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{86112BB5-429F-4491-8DAC-F4720D84DC9F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8E28F669-84A1-461F-AF06-8C9824EEA851}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8F484F67-0B7F-4B54-9990-9BCD11F7AD45}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{97F1F34A-9050-4CBD-A0FE-02AD4CD74FBD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9FE8730C-78A8-4A68-B6BB-7F4F8951D586}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe |
"{A2779BA4-C7D7-456B-AACD-BF1618306ED8}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{AB04C976-9E44-4523-9C15-3D3A85711C8D}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B0F89A4B-7901-413D-BB60-3874103763A1}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{B1257911-0584-4AA0-AEBE-CEB4F5FCDCBB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B38F1B43-DA82-4458-B5ED-9ACD5C267446}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{BA442790-4236-43C5-8DDA-FB02CF683D1C}" = protocol=17 | dir=in | app=c:\users\ken\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{BCD867D7-0724-40B3-8D85-9F7A1A73A51E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BF9C23ED-FBFB-499E-9A25-EF57A64204D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C02E7CE8-4F5E-420C-87A0-D5B943A23882}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C1B35F04-F6BD-4562-A848-22CA72E163CA}" = protocol=17 | dir=in | app=c:\users\ken\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C9E84A7D-2778-4C8C-AF98-52DC273681B3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{CA28DE86-03F8-4AF8-B783-DB0A5CDF9F2E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CC4C81C7-C677-4967-8A1E-6F6D1CA4E433}" = protocol=6 | dir=in | app=c:\users\ken\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{D1C498D6-63D7-4EE7-B3B9-B4E0293DB6F6}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{D287C1F6-D0A3-4238-AB75-97D2E92495FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D5727F2B-FD49-41D7-A43E-7F80738D7CB1}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{D622C215-370B-410F-846E-8CF5CE448063}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D68A5C17-A01C-40A7-8A28-ECBE4EE4A7A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DC34DBC7-1FD0-428A-8C03-66A69A4C3114}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E0D85636-1A7D-485B-B67E-9FAE6687D186}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\math.exe |
"{E108DCA3-A9AB-4CE6-88E9-769DCCB9E8FC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E317A645-5CEC-4AB2-BEEA-639F89CA6C41}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E73966FB-5275-4A87-A5FE-297B034750C3}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathematica.exe |
"{F605A1FD-22ED-4B20-8D5D-8227C606B21C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FD6D51B3-8823-4486-A240-2E3B63F05ED4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{08C66B30-B09D-451B-AFA9-D63282749C4E}C:\program files (x86)\steam\steamapps\kenk325\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\kenk325\team fortress 2\hl2.exe |
"TCP Query User{10C88CC3-A23E-45B9-8B00-675339D74820}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{3EB5C073-1BB4-4403-9603-33B4AE53100B}C:\program files (x86)\microsoft games\midtown madness 2\midtown2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\midtown madness 2\midtown2.exe |
"TCP Query User{42CE0C7C-E6BC-4AA0-B952-D8DD2F91C945}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"TCP Query User{4A96006C-B2A3-4940-9362-A4758B62041D}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{61146CDD-4692-4CC6-972F-D948FBDBB4C9}C:\program files (x86)\ruckus player\ruckus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ruckus player\ruckus.exe |
"TCP Query User{61E8F3B8-B969-4F2B-BFDC-80DC17FADCA0}C:\program files (x86)\ruckus player\ruckus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ruckus player\ruckus.exe |
"TCP Query User{72099920-F822-412A-9175-8EA4E8B06E52}C:\users\ken\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\ken\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{78C7F0AA-A76C-49B3-8BD3-84531E2C517B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{83F47B8E-4F12-4DC9-986A-EF7C9E4890F9}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{9EC219FD-752B-44A1-BB73-91E315C982FE}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{AE29538C-C8AF-4C90-9CDF-658AEFD636DF}C:\program files (x86)\steam\steamapps\kenk325\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\kenk325\team fortress 2\hl2.exe |
"TCP Query User{BC32B9A9-3B8F-4472-8BF8-9373DEF1C60C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{C1F0AFCE-1B6B-46C6-A371-B52F5D63F7BA}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"TCP Query User{CEFD8532-14AA-4E5B-95B3-E83F9CCDE917}C:\program files (x86)\valvesoftware\the orange box\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valvesoftware\the orange box\team fortress 2\hl2.exe |
"TCP Query User{ED8CF622-119E-4E9F-AC2C-0F49F90AB374}C:\program files (x86)\java\jdk1.6.0_14\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_14\jre\bin\javaw.exe |
"TCP Query User{FE78989A-716D-41ED-BDA5-1AC8E541CC35}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"UDP Query User{067CFE62-5DC3-47F8-9EC0-DA7D0E0B1507}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{1855E5EC-94EE-4A13-B8F7-2DBF841E4F43}C:\program files (x86)\valvesoftware\the orange box\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valvesoftware\the orange box\team fortress 2\hl2.exe |
"UDP Query User{304A055C-A10B-410A-9FA7-BD85DDBA9AE6}C:\program files (x86)\java\jdk1.6.0_14\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_14\jre\bin\javaw.exe |
"UDP Query User{33BDDA16-D3FA-4880-9FCD-33734EA789FF}C:\program files (x86)\ruckus player\ruckus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ruckus player\ruckus.exe |
"UDP Query User{3F2F9F77-EA46-46AE-972E-FEA653617F12}C:\program files (x86)\steam\steamapps\kenk325\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\kenk325\team fortress 2\hl2.exe |
"UDP Query User{415664A1-D1CB-4EC8-A362-3D0D41B9547D}C:\program files (x86)\ruckus player\ruckus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ruckus player\ruckus.exe |
"UDP Query User{42C7EBAA-6B9F-4A35-93DE-C2F0B62E8BC4}C:\users\ken\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\ken\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{62A2F381-E410-4086-8984-E11DEB5FA39F}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{6E0E028E-AD1D-4F64-99BC-42A9026A1354}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"UDP Query User{72AFB770-B64B-45C1-98B2-7A8B1839FBA2}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{92E256E8-06E9-4533-93DC-C80E141DE75D}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"UDP Query User{BBD810BF-0D94-4BE9-A5B7-AFB09CF0567C}C:\program files (x86)\microsoft games\midtown madness 2\midtown2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\midtown madness 2\midtown2.exe |
"UDP Query User{C32FEB6F-183A-4B58-A70B-75192224406C}C:\program files (x86)\steam\steamapps\kenk325\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\kenk325\team fortress 2\hl2.exe |
"UDP Query User{CAE499E6-A981-4EDE-8E70-6663E9C148EC}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{DB06071E-D911-4902-AE3C-7E5A48036113}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"UDP Query User{EF0E11F2-63BF-4EEF-9A75-BE07465911DE}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"UDP Query User{F1261EB2-2D9B-472A-97EC-5EDDE732101D}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1D0CA3FB-CD50-4F22-85EE-7A9451C9A792}" = iTunes
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{37EA4EB5-2C4D-40CC-9EB1-762F1711ECDE}" = Adobe Photoshop Lightroom 2.2 64-bit
"{39107B20-EA1C-4974-881C-607300BB3C99}" = MobileMe Control Panel
"{52D530AD-5CCA-48dc-B6F0-6D14652B0291}" = AIO_CDA_ToolboxIni64
"{53480360-C6AA-4E73-A4E3-1C4C915E049F}" = O&O Defrag Professional Edition
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6D70F47D-5E18-E51D-6FE4-0CB5DCE0C542}" = ATI Catalyst Install Manager
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9C7AB2D0-7768-4708-B9DA-6C1F44C9833A}" = mCPlug
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A03758F1-AF81-5AA1-0633-47E9699A0CFF}" = ccc-utility64
"{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver 11.0 03
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{d40af016-506c-43fb-a738-bd54fa8c1e86}" = Python 3.1.2 (64-bit)
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CutePDF Writer Installation" = CutePDF Writer 2.7
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"M-WIN-L 7.0.0 1148351_is1" = Wolfram Mathematica 7 (M-WIN-L 7.0.0 1148351)
"ProInst" = Intel® PROSet/Wireless Software
"SanityCheck_is1" = SanityCheck 2.00
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09527978-C15B-6AF8-5582-C9784F8F3B69}" = Catalyst Control Center Localization Chinese Traditional
"{0A6A6F94-7EFC-2FEA-CC70-FB6A22188F88}" = Catalyst Control Center Localization Swedish
"{0AB16A24-2465-0F1A-C12E-BFAB6F612191}" = Catalyst Control Center Localization Japanese
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0C36CB3D-A859-B0CE-253A-89C27BAB2AA4}" = CCC Help French
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{16E42331-56E6-53BC-428C-6E2020E58025}" = Catalyst Control Center Localization Portuguese
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1D88A6A6-C2C6-3E2F-DDB6-A635090141B0}" = Catalyst Control Center Graphics Full New
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{25F83D04-6D32-5AAD-C057-AEA7B8C746E3}" = Catalyst Control Center Localization Spanish
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java™ SE Development Kit 6 Update 14
"{3573E889-A6BA-DADE-8F70-8B756D0A6573}" = CCC Help German
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{3FD66338-6A62-96FE-BE27-957F1D5A4C1C}" = CCC Help Italian
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{44AB916C-E8AE-3A81-269A-2A55C4802C7A}" = Catalyst Control Center Graphics Full Existing
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{48284361-3F81-8AD3-0630-72AEDB614936}" = Catalyst Control Center Localization Korean
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{507DB37B-FFE7-429E-FF1B-D46F3BB0FE96}" = Catalyst Control Center Graphics Light
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52053836-9B3B-4223-816E-19B257545CCA}" = VOB2MPG v3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54E1A977-FC97-AAAB-A3C2-CA8ED6545951}" = Catalyst Control Center Localization Italian
"{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74D7540C-9E12-A710-00CF-D8F4DC7465F4}" = CCC Help Chinese Traditional
"{77026E35-0C18-4F04-BF9A-C7DDDC34CAFB}" = Bear Access Fall 2008
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80B0B1FC-41C9-D8B9-D183-D31218875F73}" = CCC Help Swedish
"{86BBFA80-9ED0-793A-0A10-6CB37BF6409C}" = CCC Help Portuguese
"{8750318B-6559-BD76-E8C5-1DE2C8CA961A}" = CCC Help Korean
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91B067A5-89C8-3C29-57EE-597034D56D42}" = Catalyst Control Center Core Implementation
"{9317BC0B-8869-8D99-41F3-DE4ECE37A8A4}" = CCC Help Chinese Standard
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9607BEEE-ED89-FE20-C992-AF3DC46EBEB5}" = Catalyst Control Center Localization German
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D32CC0B-4B40-F54A-AAF1-39E9173500AD}" = CCC Help Japanese
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A351224F-533A-4EED-89F4-0BF3417FD31D}" = WD Backup
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A98321B3-98EE-4BB3-B55A-C6DFD3A47933}" = CCC Help English
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{AF8B7B36-0427-22DD-8005-07869A67CE20}" = ccc-core-static
"{B1A88375-BAB9-4081-B58F-A137FC6ED2A4}" = SigmaPlot 11.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE6F412F-C276-4FD8-B3E1-F996CC172776}" = WD Spindown or Stop Utility for External Drive, v1.00
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BFB7485D-A200-33CA-A2E1-E1600CA76484}" = Google Talk Plugin
"{C19D5636-D868-57D1-A36E-EF1056E9813C}" = Catalyst Control Center Localization Chinese Standard
"{C260343B-6282-42A2-939F-1FF7E503F608}" = Wolfram Notebook Indexer 2.0
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB685FA8-9C7A-73F5-3BBF-38B8F63A1C48}" = Catalyst Control Center Graphics Previews Vista
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D580C9A6-3240-721A-19F0-E4C8A1F400DA}" = CCC Help Dutch
"{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}" = Catalyst Control Center - Branding
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DECF4937-8E72-5723-E82E-74A566F73197}" = Catalyst Control Center Localization French
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EFD48405-94CC-71B6-A915-5B0121C6C7E3}" = Catalyst Control Center Localization Dutch
"{F041BEBB-2E74-01BC-7DAB-CF352809FE79}" = CCC Help Spanish
"{F06B8809-3C26-E6A0-3D80-084331666B73}" = Skins
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FE96C49B-DB90-405E-A00E-09E38372F880}" = Camera Control Pro 2
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"ACDLabs in C__Program_Files_(x86)_ACDFREE12_" = ACD/Labs Software in C:\Program Files (x86)\ACDFREE12\
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AIM_6" = AIM 6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"Audacity_is1" = Audacity 1.2.6
"AutoGK" = Auto Gordian Knot 2.55
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"DC++" = DC++ 0.750
"DVD Shrink_is1" = DVD Shrink 3.2
"Enblend_alpha_builds_is1" = Enblend/Enfuse cvs080226 built by Yuv
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"FairUse Wizard 2" = FairUse Wizard 2
"FLV Player" = FLV Player 2.0 (build 25)
"HaaliMkx" = Haali Media Splitter
"InFlac" = InFlac 1.1.1
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"Mozilla Thunderbird (2.0.0.14)" = Mozilla Thunderbird (2.0.0.14)
"Notepad++" = Notepad++
"Opanda IExif_is1" = Opanda IExif 2.3
"Pen Tablet Driver" = Pen Tablet
"PhotomatixPro3_is1" = Photomatix Pro version 3.1.3
"PhotoME Beta-Release_is1" = PhotoME Beta-Release
"PROHYBRIDR" = 2007 Microsoft Office system
"Spyder2PRO" = Spyder2PRO
"Steam App 440" = Team Fortress 2
"TweakNow PowerPack 2010_is1" = TweakNow PowerPack 2010
"Videora iPod Converter" = Videora iPod Converter 5.03
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6i
"VobSub" = VobSub v2.23 (Remove Only)
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1924550830-1380185869-1734337018-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/15/2010 12:55:39 PM | Computer Name = Ken-Laptop | Source = Application Hang | ID = 1002
Description = The program EXCEL.EXE version 12.0.6524.5003 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1ad0 Start Time: 01caf44f0d169d20 Termination Time: 23

Error - 5/15/2010 12:56:52 PM | Computer Name = Ken-Laptop | Source = Application Error | ID = 1000
Description = Faulting application Spw.exe, version 11.0.0.77, time stamp 0x48086bcd,
faulting module SPWzds.dll, version 6.0.6002.18005, time stamp 0x49e03824, exception
code 0xc0000135, fault offset 0x0006f04e, process id 0xc88, application start time
0x01caf44f9bba6c00.

Error - 5/15/2010 1:08:39 PM | Computer Name = Ken-Laptop | Source = Application Hang | ID = 1002
Description = The program Spw.exe version 11.0.0.77 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 217c Start Time: 01caf450441888a0 Termination Time: 29

Error - 5/15/2010 1:10:13 PM | Computer Name = Ken-Laptop | Source = Application Hang | ID = 1002
Description = The program Spw.exe version 11.0.0.77 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 182c Start Time: 01caf45146b78100 Termination Time: 24

Error - 5/15/2010 1:12:01 PM | Computer Name = Ken-Laptop | Source = Application Hang | ID = 1002
Description = The program Spw.exe version 11.0.0.77 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1b84 Start Time: 01caf4517cef8240 Termination Time: 45

Error - 5/15/2010 2:38:51 PM | Computer Name = Ken-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 5/15/2010 2:38:51 PM | Computer Name = Ken-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 5/15/2010 5:38:07 PM | Computer Name = Ken-Laptop | Source = Application Hang | ID = 1002
Description = The program NOTEPAD.EXE version 6.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 16a8 Start Time: 01caf476ccad7b00 Termination Time: 8

Error - 5/15/2010 5:46:02 PM | Computer Name = Ken-Laptop | Source = Application Hang | ID = 1002
Description = The program NOTEPAD.EXE version 6.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: fa8 Start Time: 01caf477fad9e530 Termination Time: 5

Error - 5/15/2010 5:57:35 PM | Computer Name = Ken-Laptop | Source = Application Hang | ID = 1002
Description = The program NOTEPAD.EXE version 6.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 11e8 Start Time: 01caf4799741ea20 Termination Time: 8

[ Media Center Events ]
Error - 1/9/2009 1:00:37 AM | Computer Name = Ken-Laptop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 1/9/2009 1:05:37 AM | Computer Name = Ken-Laptop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 1/9/2009 1:10:37 AM | Computer Name = Ken-Laptop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 1/9/2009 1:15:37 AM | Computer Name = Ken-Laptop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 1/9/2009 1:20:37 AM | Computer Name = Ken-Laptop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 1/9/2009 1:25:37 AM | Computer Name = Ken-Laptop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 1/9/2009 1:30:37 AM | Computer Name = Ken-Laptop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 4/30/2009 12:05:38 AM | Computer Name = Ken-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/3/2009 1:29:49 PM | Computer Name = Ken-Laptop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/9/2009 1:25:56 PM | Computer Name = Ken-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 7/14/2010 3:02:09 AM | Computer Name = Ken-Laptop | Source = DCOM | ID = 10005
Description =

Error - 7/14/2010 3:02:09 AM | Computer Name = Ken-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 7/14/2010 3:02:09 AM | Computer Name = Ken-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 7/14/2010 3:02:09 AM | Computer Name = Ken-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 7/14/2010 3:02:09 AM | Computer Name = Ken-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 7/14/2010 3:03:29 AM | Computer Name = Ken-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 7/14/2010 3:03:29 AM | Computer Name = Ken-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 7/14/2010 8:13:18 PM | Computer Name = Ken-Laptop | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 7/14/2010 8:13:28 PM | Computer Name = Ken-Laptop | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 7/14/2010 8:15:13 PM | Computer Name = Ken-Laptop | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.


< End of report >





#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 17 July 2010 - 12:10 AM

Run OTL Script

We need to run an OTL Fix
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    CODE
    :OTL
    IE - HKU\S-1-5-21-1924550830-1380185869-1734337018-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    O3 - HKLM\..\Toolbar: (no name) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - No CLSID value found.
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 dienophile

dienophile
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 17 July 2010 - 10:11 AM

Hi Gringo,

I tried to run the code that you put in the box. However, OTL doesn't seem to run the last 3 lines when I click "Run Fix." Those last 3 lines are still left so I click "Run Fix" again. After that, I can click OK, and this report comes up after I restart my computer.

All processes killed
Error: Unable to interpret <[EMPTYTEMP]> in the current context!
Error: Unable to interpret <[EMPTYFLASH]> in the current context!
Error: Unable to interpret <[RESETHOSTS]> in the current context!

OTL by OldTimer - Version 3.2.9.0 log created on 07172010_110243

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

EDIT: It looks like I didn't wait for the fix to finish running. I will run it again and be patient this time.

Edited by dienophile, 17 July 2010 - 10:16 AM.


#8 dienophile

dienophile
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 17 July 2010 - 10:29 AM

Hello again, Gringo.

I rebotted and all my problems seem to be solved. Thanks so much!

This is the log produced after rebooting:


All processes killed
========== OTL ==========
HKU\S-1-5-21-1924550830-1380185869-1734337018-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A1FB2F9A-D35E-11DD-8935-E46A56D89593} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ken
->Temp folder emptied: 2323461659 bytes
->Temporary Internet Files folder emptied: 133171580 bytes
->Java cache emptied: 63589533 bytes
->FireFox cache emptied: 42464719 bytes
->Google Chrome cache emptied: 380185572 bytes
->Flash cache emptied: 281199 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52255459 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2706903439 bytes

Total Files Cleaned = 5,438.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Ken
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.0 log created on 07172010_110815

Files\Folders moved on Reboot...
File\Folder C:\Users\Ken\AppData\Local\Temp\etilqs_arAubaIWu2ACdke5ceOc not found!
File\Folder C:\Users\Ken\AppData\Local\Temp\etilqs_arAubaIWu2ACdke5ceOc-journal not found!
File\Folder C:\Users\Ken\AppData\Local\Temp\etilqs_PpaB2tyRuhPRnkfO2C1v not found!
C:\Users\Ken\AppData\Local\Mozilla\Firefox\Profiles\l6vd2bd1.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Ken\AppData\Local\Mozilla\Firefox\Profiles\l6vd2bd1.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Ken\AppData\Local\Mozilla\Firefox\Profiles\l6vd2bd1.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Ken\AppData\Local\Mozilla\Firefox\Profiles\l6vd2bd1.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Ken\AppData\Local\Mozilla\Firefox\Profiles\l6vd2bd1.default\urlclassifier3.sqlite moved successfully.
C:\Users\Ken\AppData\Local\Mozilla\Firefox\Profiles\l6vd2bd1.default\XUL.mfl moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 17 July 2010 - 02:10 PM

Hello

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs
    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following programs

    Java™ 6 Update 3
    Java™ 6 Update 7
    Java™ SE Development Kit 6 Update 14


    and click on remove


Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic


"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. Log From ESET Online Scanner
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 dienophile

dienophile
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 18 July 2010 - 09:09 AM

Hi Gringo,

My computer is working fine, but ESET seems to have found something on my external hard drive.

Here are the logs from MBAM and ESET:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4322

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/18/2010 12:27:01 AM
mbam-log-2010-07-18 (00-27-01).txt

Scan type: Quick scan
Objects scanned: 137297
Time elapsed: 6 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b11f6adfc6e5ad4e870bd58db0e24fd6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-07-18 02:02:30
# local_time=2010-07-18 10:02:30 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 0 53375133 0 0
# compatibility_mode=5892 16776574 100 56 63652906 116027675 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=355188
# found=4
# cleaned=0
# scan_time=32781
G:\KEN-LAPTOP\Backup Set 2009-05-27 105423\Backup Files 2009-08-30 190008\Backup files 8.zip multiple threats 00000000000000000000000000000000 I
G:\KEN-LAPTOP\Backup Set 2009-05-27 105423\Backup Files 2010-03-21 190009\Backup files 11.zip multiple threats 00000000000000000000000000000000 I
G:\KEN-LAPTOP\Backup Set 2009-05-27 105423\Backup Files 2010-07-11 190009\Backup files 1.zip a variant of Win32/Skintrim.CC trojan 00000000000000000000000000000000 I
G:\KEN-LAPTOP\Backup Set 2009-05-27 105423\Backup Files 2010-07-11 190009\Backup files 2.zip a variant of Win32/TrojanDownloader.Unruy.CC trojan 00000000000000000000000000000000 I


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 18 July 2010 - 01:24 PM

Hello

they are in your backups you need to take note of the dates

Very well done!! This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point.

:DeFogger:
    To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • choose your root drive (normally C:)
  • after it calculates how much space you will save it will open up a new window
  • Select the More options tab at the top of the window
  • Choose the option to clean up system restore and OK it.
  • go back to the disk clean up tab
  • put a checkmark in all - except compress old files (leave this unchecked)
  • click Ok then click yes
This will remove all restore points except the new one you just created and clean unneeded files

:Make your Internet Explorer more secure:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

:Make Firefox more secure:

:Turn On Automatic Updates:
    Turn On Automatic Updates
    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

    If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

    or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and useing often.

please read this great article by miekiemoes How to prevent Malware:
and
this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here:

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 dienophile

dienophile
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 19 July 2010 - 06:51 PM

Hi Gringo,

I do not see any more problems on my computer. Thank you so much for your help!

I ran OTC but it did not delete some of the stuff I installed during this fix, like gmer, TFC, and RKUnHook, so I just deleted them manually. I have not experienced any problems since.

I followed the instructions for the system restore points and I already had Malware Bytes and had automatic updates enabled.

Thank you again!

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 19 July 2010 - 06:58 PM

You are very welcome


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 22 July 2010 - 06:17 AM

Since the issue is resolved, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users