Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Redirects


  • This topic is locked This topic is locked
18 replies to this topic

#1 linknc

linknc

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 06 November 2010 - 10:10 PM

Hello all,

I would greatly appreciate any help. Anytime I use google, etc on firefox or ie when I click on a search result it can redirect to other web sites like scour.com, etc. I have used Malwarebytes, Hitman Pro, superantispyware, ccleaner, etc trying to fix...but absolutely no luck.

I followed the directions of the other thread to gather info and post. Below is the result of the dds and the attach.txt is included. However, I used the gmer.exe but it had a lot of the options greyed out and I could not select them for the scan...it only allowed scans of registry, files, services, and ADS...and after that scan it did not find anything.

Also this is on a Windows 7 x64 system.



DDS (Ver_10-11-05.01) - NTFS_AMD64
Run by Charis at 22:25:23.92 on Sat 11/06/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4059.1325 [GMT -4:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\ATService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\SysWOW64\WebUpdateSvc4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhost.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\windows\Explorer.EXE
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe
C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE
C:\windows\splwow64.exe
C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\taskhost.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe
C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Eye-Fi\Eye-Fi Manager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng_D.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\Charis\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: TFPUPWDBankBHO Class: {030ac7b6-e7ec-40f1-8fb2-c0fd344de0b9} - C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [MyTOSHIBA] "C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Charis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/66.12/uploader2.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {E355C2FC-7EB5-4BBB-B6D3-EAFC6B2ED579} = 208.67.222.222,208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe /SETUP
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [(Default)]
mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [ThpSrv] C:\windows\system32\thpsrv /logon
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /start
mRun-x64: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /start
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Charis\AppData\Roaming\Mozilla\Firefox\Profiles\dpvrxs6j.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
FF - component: C:\Users\Charis\AppData\Roaming\Mozilla\Firefox\Profiles\dpvrxs6j.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Charis\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Charis\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Users\Charis\AppData\Roaming\Mozilla\Firefox\Profiles\dpvrxs6j.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Users\Charis\AppData\Roaming\Mozilla\Firefox\Profiles\dpvrxs6j.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: C:\Users\Charis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Charis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2009-11-5 482384]
R1 PMCF;PMCF;C:\Windows\System32\drivers\PMCF.sys [2009-11-5 16448]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2009-8-4 2688248]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-7-29 168544]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-8-12 810144]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-7-29 126320]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2009-11-5 60416]
R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2009-11-5 81408]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2009-11-5 55808]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-27 251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 WebUpdate4;Web Update Wizard Service V4;C:\Windows\SysWOW64\WebUpdateSvc4.exe [2007-10-10 237784]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-8-4 734720]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-7-10 139264]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2009-11-5 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-4 346144]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-2-24 1093152]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-11-5 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-9-17 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-15 135664]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-2 1255736]
S4 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2009-11-24 78104]

=============== Created Last 30 ================

2010-11-05 12:27:53 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{BACAD8F4-CBCA-409F-A0EC-118413E421D6}\mpengine.dll
2010-11-03 17:40:48 -------- d-----w- C:\Users\Charis\AppData\Roaming\QuickScan
2010-11-03 13:54:00 -------- d-----w- C:\Users\Charis\AppData\Roaming\SUPERAntiSpyware.com
2010-11-03 13:54:00 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2010-11-03 13:53:55 -------- d-----w- C:\PROGRA~3\!SASCORE
2010-11-03 13:53:50 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-11-03 04:45:27 -------- d-----w- C:\Program Files\CCleaner
2010-11-03 04:27:56 12872 ----a-w- C:\windows\System32\bootdelete.exe
2010-11-03 03:48:18 19528 ----a-w- C:\windows\System32\drivers\hitmanpro35.sys
2010-11-03 03:48:17 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2010-11-03 03:47:51 -------- d-----w- C:\PROGRA~3\Hitman Pro
2010-11-03 03:39:02 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-10-31 12:51:15 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2010-10-28 20:41:37 716800 ----atw- C:\windows\System32\PSRF0CA8.DLL
2010-10-28 20:41:36 82432 ----a-w- C:\windows\SysWow64\msxml4r.dll
2010-10-28 20:41:34 -------- d-----w- C:\Program Files (x86)\PharosSystems
2010-10-28 20:41:31 -------- d-----w- C:\Program Files (x86)\Pharos
2010-10-27 08:37:39 961024 ----a-w- C:\windows\System32\CPFilters.dll
2010-10-27 08:37:39 641536 ----a-w- C:\windows\SysWow64\CPFilters.dll
2010-10-27 08:37:39 552960 ----a-w- C:\windows\System32\msdri.dll
2010-10-27 08:37:38 288256 ----a-w- C:\windows\System32\MSNP.ax
2010-10-27 08:37:38 258560 ----a-w- C:\windows\System32\mpg2splt.ax
2010-10-27 08:37:38 204288 ----a-w- C:\windows\SysWow64\MSNP.ax
2010-10-27 08:37:38 199680 ----a-w- C:\windows\SysWow64\mpg2splt.ax
2010-10-27 08:37:26 27008 ----a-w- C:\windows\System32\drivers\Diskdump.sys
2010-10-27 02:17:12 -------- d-----w- C:\Users\Charis\AppData\Roaming\Malwarebytes
2010-10-27 02:17:03 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-27 02:17:00 24664 ----a-w- C:\windows\System32\drivers\mbam.sys
2010-10-26 01:52:44 -------- d-----w- C:\Program Files (x86)\LexisNexis
2010-10-26 01:52:25 -------- d-----w- C:\Program Files (x86)\Common Files\Lexis for Microsoft Office
2010-10-26 01:49:41 -------- d-----w- C:\Users\Charis\AppData\Local\Downloaded Installations
2010-10-24 23:55:01 53248 ----a-r- C:\Users\Charis\AppData\Roaming\Microsoft\Installer\{23C12370-3A82-4558-B727-F345B473AD87}\ARPPRODUCTICON.exe
2010-10-24 17:14:46 -------- d-----w- C:\windows\en
2010-10-24 17:12:04 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll
2010-10-24 17:12:04 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll
2010-10-24 17:12:03 523088 ----a-w- C:\windows\System32\d3dx10_42.dll
2010-10-24 17:12:03 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll
2010-10-24 16:47:20 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1dca5af71cb739b2e\InstallManager_WLE_WLE.exe
2010-10-24 16:46:46 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bc842461cb739b22\MeshBetaRemover.exe
2010-10-24 16:46:18 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\fa75a6081cb739a1a\DSETUP.dll
2010-10-24 16:46:18 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\fa75a6081cb739a1a\DXSETUP.exe
2010-10-24 16:46:18 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\fa75a6081cb739a1a\dsetup32.dll
2010-10-24 16:46:16 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f91155e01cb739a19\DSETUP.dll
2010-10-24 16:46:16 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f91155e01cb739a19\DXSETUP.exe
2010-10-24 16:46:16 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f91155e01cb739a19\dsetup32.dll
2010-10-24 16:45:12 -------- d-----w- C:\Users\Charis\AppData\Local\Windows Live
2010-10-24 16:44:23 257024 ----a-w- C:\windows\System32\mfreadwrite.dll
2010-10-24 16:44:23 206848 ----a-w- C:\windows\System32\mfps.dll
2010-10-24 16:44:21 196608 ----a-w- C:\windows\SysWow64\mfreadwrite.dll
2010-10-24 16:44:21 1888256 ----a-w- C:\windows\System32\WMVDECOD.DLL
2010-10-24 16:44:21 1619456 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2010-10-24 16:44:20 4068864 ----a-w- C:\windows\System32\mf.dll
2010-10-24 16:44:19 3181568 ----a-w- C:\windows\SysWow64\mf.dll
2010-10-13 22:34:14 9728 ----a-w- C:\windows\SysWow64\sscore.dll
2010-10-13 22:34:14 463360 ----a-w- C:\windows\System32\drivers\srv.sys
2010-10-13 22:34:14 402944 ----a-w- C:\windows\System32\drivers\srv2.sys
2010-10-13 22:34:14 236032 ----a-w- C:\windows\System32\srvsvc.dll
2010-10-13 22:34:14 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys
2010-10-13 22:34:13 3123712 ----a-w- C:\windows\System32\win32k.sys

==================== Find3M ====================

2010-10-19 15:41:44 270720 ------w- C:\windows\System32\MpSigStub.exe
2010-09-23 04:32:56 301936 ----a-w- C:\windows\WLXPGSS.SCR
2010-09-21 18:49:02 252800 ----a-w- C:\windows\System32\LIVESSP.DLL
2010-09-21 18:03:14 208768 ----a-w- C:\windows\SysWow64\LIVESSP.DLL
2010-09-10 05:35:44 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL
2010-08-31 04:32:30 954752 ----a-w- C:\windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\windows\SysWow64\mfc40u.dll
2010-08-26 05:27:28 148992 ----a-w- C:\windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\windows\SysWow64\comctl32.dll

============= FINISH: 22:26:43.21 ===============

Hello all, still having trouble, even uninstalled firefox and re-installed. Ran Ccleaner again to clear any temp files. Seems to be ok for about a day, then it returns to redirecting.

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 09 November 2010 - 04:17 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:34 AM

Posted 14 November 2010 - 07:10 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 linknc

linknc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 14 November 2010 - 02:09 PM

Elise, thank you so much for your help!

Below are the logs...

Results from OTL.txt

OTL logfile created on: 11/14/2010 1:07:24 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Charis\Documents\Downloads
64bit-Windows XP Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.61 Gb Total Space | 394.74 Gb Free Space | 87.02% Space Free | Partition Type: NTFS
Drive E: | 975.63 Mb Total Space | 5.61 Mb Free Space | 0.57% Space Free | Partition Type: FAT

Computer Name: COOLTOSH | User Name: Charis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 13:04:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Charis\My Documents\Downloads\OTL.exe
PRC - [2010/10/27 01:10:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/27 01:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/21 10:33:36 | 000,083,440 | ---- | M] (Google) -- C:\Users\Charis\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/08/12 13:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/26 10:06:44 | 000,096,112 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2009/12/08 13:23:18 | 000,345,600 | ---- | M] (Pharos Systems International) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
PRC - [2009/12/08 13:22:30 | 000,042,496 | ---- | M] (Pharos Systems International) -- C:\Program Files (x86)\Pharos\bin\popnet.exe
PRC - [2009/08/24 22:02:18 | 002,684,256 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009/07/14 22:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/06/08 17:34:58 | 000,660,808 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2009/06/03 18:33:14 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/02/20 12:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/07/24 14:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/10/10 03:33:54 | 000,237,784 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe


========== Modules (SafeList) ==========

MOD - [2010/11/14 13:04:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Charis\My Documents\Downloads\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 20:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/13 20:16:14 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SortServer2003Compat.dll
MOD - [2009/07/13 20:16:14 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shunimpl.dll
MOD - [2009/07/13 20:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll
MOD - [2009/07/13 20:14:52 | 000,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcXtrnal.dll
MOD - [2009/07/13 20:14:51 | 002,175,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcGenral.dll
MOD - [2009/07/13 20:14:51 | 000,559,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcLayers.dll
MOD - [2009/07/13 20:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2009/07/13 20:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/12 13:18:40 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010/08/12 13:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/09/17 15:41:36 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/08/27 16:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/21 12:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 17:50:56 | 002,688,248 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)
SRV:64bit: - [2009/08/04 14:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/08 12:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/08 15:32:52 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/12/08 13:23:18 | 000,345,600 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2009/08/17 13:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 22:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/31 00:20:36 | 000,192,368 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/07/14 22:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/02/20 12:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/10/10 03:33:54 | 000,237,784 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\Windows\SysWOW64\WebUpdateSvc4.exe -- (WebUpdate4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/10 00:06:57 | 000,019,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV:64bit: - [2010/07/29 12:31:26 | 000,168,544 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/07/29 12:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/07/29 12:31:26 | 000,126,320 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/26 17:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/10/09 21:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/08/27 11:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/05 17:45:28 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2009/08/05 15:56:04 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009/08/04 18:33:54 | 000,734,720 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/28 23:02:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/28 21:24:12 | 000,081,408 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/07/28 13:10:44 | 000,016,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PMCF.sys -- (PMCF)
DRV:64bit: - [2009/07/24 18:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/24 14:33:14 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 01:12:36 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:36:22 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 16:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/10 09:45:12 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/07/08 00:39:08 | 000,211,432 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2009/07/04 22:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 11:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/06/29 19:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 13:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 13:00:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/19 12:59:32 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/17 15:01:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 19:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2169320968-599245421-172382840-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-2169320968-599245421-172382840-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-2169320968-599245421-172382840-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: {7613BE21-7BFF-42D7-B5A0-40C656C797E4}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}: C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2009/11/05 14:00:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/07 00:33:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/07 00:40:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/09/25 22:27:32 | 000,000,000 | ---D | M]

[2010/11/07 00:33:07 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\Mozilla\Extensions
[2010/11/07 00:33:07 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\Mozilla\Firefox\Profiles\4f3xs95m.default\extensions
[2010/11/14 10:11:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/07 00:40:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll (TODO: <Company name>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2169320968-599245421-172382840-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2169320968-599245421-172382840-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA)
O4:64bit: - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2169320968-599245421-172382840-1003..\Run: [MyTOSHIBA] C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
O4 - HKU\S-1-5-21-2169320968-599245421-172382840-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/66.12/uploader2.cab (UploadListView Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/12 15:57:49 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2010/11/10 05:48:20 | 000,000,000 | ---D | C] -- C:\Users\Charis\AppData\Local\Adobe
[2010/11/10 01:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/11/10 01:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/10 01:44:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2010/11/10 00:24:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/11/08 10:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment
[2010/11/08 10:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient
[2010/11/07 01:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2010/11/07 00:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/11/07 00:41:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/11/07 00:37:47 | 000,000,000 | ---D | C] -- C:\Users\Charis\AppData\Roaming\Sun
[2010/11/07 00:34:53 | 000,000,000 | ---D | C] -- C:\Users\Charis\Documents\Downloads
[2010/11/07 00:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/11/06 23:43:48 | 000,000,000 | ---D | C] -- C:\windows\SysNative\appmgmt
[2010/11/04 09:30:02 | 000,000,000 | ---D | C] -- C:\Users\Charis\AppData\Roaming\WinRAR
[2010/11/03 12:40:48 | 000,000,000 | ---D | C] -- C:\Users\Charis\AppData\Roaming\QuickScan
[2010/11/03 08:54:00 | 000,000,000 | ---D | C] -- C:\Users\Charis\AppData\Roaming\SUPERAntiSpyware.com
[2010/11/03 08:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/11/03 08:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/11/03 08:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/02 23:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/02 23:27:56 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2010/11/02 23:02:48 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/02 22:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/11/02 22:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/11/02 22:39:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/10/31 07:51:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/10/28 15:41:37 | 000,716,800 | ---- | C] (Pharos Systems International) -- C:\windows\SysNative\PSRF0CA8.DLL
[2010/10/28 15:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PharosSystems
[2010/10/28 15:41:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pharos
[2010/10/26 21:17:12 | 000,000,000 | ---D | C] -- C:\Users\Charis\AppData\Roaming\Malwarebytes
[2010/10/26 21:17:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/26 21:17:00 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2010/10/25 20:52:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LexisNexis
[2010/10/25 20:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lexis for Microsoft Office
[2010/10/25 20:49:41 | 000,000,000 | ---D | C] -- C:\Users\Charis\AppData\Local\Downloaded Installations
[2010/10/24 12:14:46 | 000,000,000 | ---D | C] -- C:\windows\en
[2010/10/24 12:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/10/24 11:45:12 | 000,000,000 | ---D | C] -- C:\Users\Charis\AppData\Local\Windows Live
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Charis\Documents\*.tmp files -> C:\Users\Charis\Documents\*.tmp -> ]
[1 C:\Users\Charis\Desktop\*.tmp files -> C:\Users\Charis\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/14 13:00:59 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2169320968-599245421-172382840-1003UA.job
[2010/11/14 13:00:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/11/14 12:28:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2169320968-599245421-172382840-1004UA.job
[2010/11/14 12:27:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/14 09:27:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/14 06:45:27 | 000,199,958 | ---- | M] () -- C:\Users\Charis\Desktop\13_Cal_3d_162.rtf
[2010/11/14 06:41:57 | 000,196,465 | ---- | M] () -- C:\Users\Charis\Desktop\3_N_Y_2d_224.rtf
[2010/11/14 06:39:03 | 000,014,397 | ---- | M] () -- C:\Users\Charis\Desktop\Basics of FLC.docx
[2010/11/14 06:36:21 | 000,529,536 | ---- | M] () -- C:\Users\Charis\Desktop\514_us_549.rtf
[2010/11/14 06:36:21 | 000,000,162 | -H-- | M] () -- C:\Users\Charis\Desktop\~$4_us_549.rtf
[2010/11/14 06:35:04 | 000,000,162 | -H-- | M] () -- C:\Users\Charis\Desktop\~$5_us_144.rtf
[2010/11/14 06:35:03 | 000,503,862 | ---- | M] () -- C:\Users\Charis\Desktop\505_us_144.rtf
[2010/11/14 06:31:43 | 000,522,168 | ---- | M] () -- C:\Users\Charis\Desktop\name_printz_and_united_state.rtf
[2010/11/14 06:31:43 | 000,000,162 | -H-- | M] () -- C:\Users\Charis\Desktop\~$me_printz_and_united_state.rtf
[2010/11/14 05:56:01 | 000,000,162 | -H-- | M] () -- C:\Users\Charis\Desktop\~$sics of FLC.docx
[2010/11/14 02:23:31 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2169320968-599245421-172382840-1003Core.job
[2010/11/14 02:20:39 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2169320968-599245421-172382840-1004Core.job
[2010/11/13 21:11:38 | 000,008,608 | ---- | M] () -- C:\Users\Charis\Desktop\Timeline for Sunday.xlsx
[2010/11/13 08:58:02 | 000,054,323 | ---- | M] () -- C:\Users\Charis\Desktop\101113_aungsansuukyufree.grid-8x2.jpg
[2010/11/12 13:35:36 | 000,259,916 | ---- | M] () -- C:\Users\Charis\Desktop\Best Buy Consumer - Importa..pdf
[2010/11/12 13:34:32 | 000,079,275 | ---- | M] () -- C:\Users\Charis\Desktop\Best Buy Consumer - eSignature.pdf
[2010/11/12 09:54:07 | 000,012,081 | ---- | M] () -- C:\Users\Charis\Desktop\DQ 1.docx
[2010/11/12 09:26:31 | 000,019,776 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/12 09:26:31 | 000,019,776 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/11 11:58:16 | 000,003,297 | ---- | M] () -- C:\Users\Charis\Desktop\013 - Shortcut.lnk
[2010/11/11 11:57:54 | 000,003,492 | ---- | M] () -- C:\Users\Charis\Desktop\1145 - Shortcut.lnk
[2010/11/10 15:08:37 | 000,375,808 | ---- | M] () -- C:\Users\Charis\Desktop\International Issues Report (final).doc
[2010/11/10 08:21:09 | 000,301,135 | ---- | M] () -- C:\Users\Charis\Desktop\flc.pdf
[2010/11/10 06:04:58 | 000,306,709 | ---- | M] () -- C:\Users\Charis\Desktop\21_Fordham_Int_l_L_J__1126.rtf
[2010/11/10 06:04:12 | 000,096,203 | ---- | M] () -- C:\Users\Charis\Desktop\flc_dc.pdf
[2010/11/10 01:53:31 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/10 01:36:22 | 3192,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/10 00:06:57 | 000,019,528 | ---- | M] () -- C:\windows\SysNative\drivers\hitmanpro35.sys
[2010/11/09 23:22:42 | 000,893,034 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2010/11/09 23:22:42 | 000,743,140 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2010/11/09 23:22:42 | 000,150,254 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2010/11/09 22:39:11 | 002,118,922 | ---- | M] () -- C:\Users\Charis\Desktop\BFAds-Macys-2010.pdf
[2010/11/09 22:38:44 | 010,274,508 | ---- | M] () -- C:\Users\Charis\Desktop\BFAds-Walgreens-2010.pdf
[2010/11/09 22:37:51 | 011,521,809 | ---- | M] () -- C:\Users\Charis\Desktop\BFAds-Target-2010.pdf
[2010/11/08 10:34:11 | 000,001,950 | ---- | M] () -- C:\Users\Charis\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/11/07 14:52:08 | 000,026,073 | ---- | M] () -- C:\Users\Charis\Desktop\FLC - ABA Rule.pdf
[2010/11/07 06:44:50 | 000,001,448 | ---- | M] () -- C:\Users\Charis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/07 00:33:02 | 000,000,000 | ---- | M] () -- C:\windows\nsreg.dat
[2010/11/07 00:32:07 | 000,001,974 | ---- | M] () -- C:\Users\Charis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/07 00:32:07 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/06 21:17:05 | 000,000,000 | ---- | M] () -- C:\Users\Charis\defogger_reenable
[2010/11/04 19:20:51 | 001,527,936 | ---- | M] () -- C:\Users\Charis\Desktop\HOLSearchablePDF.pdf
[2010/11/04 06:20:47 | 000,016,231 | ---- | M] () -- C:\Users\Charis\Documents\Budget for 2010-11.xlsx
[2010/11/03 08:53:55 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/02 23:45:28 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/02 23:27:56 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2010/11/02 22:48:17 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/11/02 11:36:01 | 000,012,266 | ---- | M] () -- C:\Users\Charis\Desktop\Bar Exam Application Questions.docx
[2010/11/02 08:48:47 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/31 07:49:25 | 000,887,250 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/10/28 15:42:04 | 000,000,158 | ---- | M] () -- C:\windows\SysNative\ricdb.ini
[2010/10/27 04:50:51 | 000,011,874 | ---- | M] () -- C:\Users\Charis\Documents\Transcript 10-10b.docx
[2010/10/27 04:32:50 | 000,266,187 | ---- | M] () -- C:\Users\Charis\Documents\Transcript 10-10.docx
[2010/10/27 04:27:42 | 000,270,190 | ---- | M] () -- C:\Users\Charis\Documents\Transcript 9-10.docx
[2010/10/27 04:06:20 | 000,016,805 | ---- | M] () -- C:\Users\Charis\Documents\Charis Chit Khin Link Reference List.docx
[2010/10/27 04:00:02 | 000,060,928 | ---- | M] () -- C:\Users\Charis\Documents\Charis_Link_Resume_October_2010.doc
[2010/10/27 03:48:18 | 000,357,815 | ---- | M] () -- C:\Users\Charis\Documents\lawfellowapplication2011.pdf
[2010/10/27 03:46:04 | 000,030,720 | ---- | M] () -- C:\Users\Charis\Documents\FTI Cover Letter.doc
[2010/10/25 23:27:01 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/24 18:20:21 | 019,918,052 | ---- | M] () -- C:\Users\Charis\Documents\Backup-(2010-10-24).ipd
[2010/10/19 10:27:59 | 000,002,114 | -H-- | M] () -- C:\Users\Charis\Documents\Default.rdp
[2010/10/18 05:41:23 | 000,030,720 | ---- | M] () -- C:\Users\Charis\Documents\e99437763e40b51911a6adb37589271d.doc
[2010/10/18 05:39:10 | 000,060,928 | ---- | M] () -- C:\Users\Charis\Documents\Writing Sample.doc
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Charis\Documents\*.tmp files -> C:\Users\Charis\Documents\*.tmp -> ]
[1 C:\Users\Charis\Desktop\*.tmp files -> C:\Users\Charis\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/14 06:45:26 | 000,199,958 | ---- | C] () -- C:\Users\Charis\Desktop\13_Cal_3d_162.rtf
[2010/11/14 06:36:21 | 000,000,162 | -H-- | C] () -- C:\Users\Charis\Desktop\~$4_us_549.rtf
[2010/11/14 06:36:20 | 000,529,536 | ---- | C] () -- C:\Users\Charis\Desktop\514_us_549.rtf
[2010/11/14 06:35:04 | 000,000,162 | -H-- | C] () -- C:\Users\Charis\Desktop\~$5_us_144.rtf
[2010/11/14 06:35:03 | 000,503,862 | ---- | C] () -- C:\Users\Charis\Desktop\505_us_144.rtf
[2010/11/14 06:31:43 | 000,000,162 | -H-- | C] () -- C:\Users\Charis\Desktop\~$me_printz_and_united_state.rtf
[2010/11/14 06:31:42 | 000,522,168 | ---- | C] () -- C:\Users\Charis\Desktop\name_printz_and_united_state.rtf
[2010/11/14 05:56:01 | 000,000,162 | -H-- | C] () -- C:\Users\Charis\Desktop\~$sics of FLC.docx
[2010/11/13 23:07:50 | 000,196,465 | ---- | C] () -- C:\Users\Charis\Desktop\3_N_Y_2d_224.rtf
[2010/11/13 21:10:20 | 000,008,608 | ---- | C] () -- C:\Users\Charis\Desktop\Timeline for Sunday.xlsx
[2010/11/13 08:58:01 | 000,054,323 | ---- | C] () -- C:\Users\Charis\Desktop\101113_aungsansuukyufree.grid-8x2.jpg
[2010/11/12 13:35:44 | 000,259,916 | ---- | C] () -- C:\Users\Charis\Desktop\Best Buy Consumer - Importa..pdf
[2010/11/12 13:34:54 | 000,079,275 | ---- | C] () -- C:\Users\Charis\Desktop\Best Buy Consumer - eSignature.pdf
[2010/11/12 09:54:07 | 000,012,081 | ---- | C] () -- C:\Users\Charis\Desktop\DQ 1.docx
[2010/11/12 09:09:21 | 000,014,397 | ---- | C] () -- C:\Users\Charis\Desktop\Basics of FLC.docx
[2010/11/11 11:58:16 | 000,003,297 | ---- | C] () -- C:\Users\Charis\Desktop\013 - Shortcut.lnk
[2010/11/11 11:57:54 | 000,003,492 | ---- | C] () -- C:\Users\Charis\Desktop\1145 - Shortcut.lnk
[2010/11/10 08:21:09 | 000,301,135 | ---- | C] () -- C:\Users\Charis\Desktop\flc.pdf
[2010/11/10 06:23:05 | 000,375,808 | ---- | C] () -- C:\Users\Charis\Desktop\International Issues Report (final).doc
[2010/11/10 06:04:57 | 000,306,709 | ---- | C] () -- C:\Users\Charis\Desktop\21_Fordham_Int_l_L_J__1126.rtf
[2010/11/10 06:04:12 | 000,096,203 | ---- | C] () -- C:\Users\Charis\Desktop\flc_dc.pdf
[2010/11/10 01:53:31 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/09 22:39:11 | 002,118,922 | ---- | C] () -- C:\Users\Charis\Desktop\BFAds-Macys-2010.pdf
[2010/11/09 22:38:21 | 010,274,508 | ---- | C] () -- C:\Users\Charis\Desktop\BFAds-Walgreens-2010.pdf
[2010/11/09 22:37:19 | 011,521,809 | ---- | C] () -- C:\Users\Charis\Desktop\BFAds-Target-2010.pdf
[2010/11/08 10:34:11 | 000,001,950 | ---- | C] () -- C:\Users\Charis\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/11/07 14:52:07 | 000,026,073 | ---- | C] () -- C:\Users\Charis\Desktop\FLC - ABA Rule.pdf
[2010/11/07 01:08:53 | 000,072,533 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2010/11/07 01:08:53 | 000,072,533 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2010/11/07 00:33:02 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2010/11/07 00:32:07 | 000,001,974 | ---- | C] () -- C:\Users\Charis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/07 00:32:07 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/06 21:17:05 | 000,000,000 | ---- | C] () -- C:\Users\Charis\defogger_reenable
[2010/11/04 19:20:51 | 001,527,936 | ---- | C] () -- C:\Users\Charis\Desktop\HOLSearchablePDF.pdf
[2010/11/03 08:53:55 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/02 23:45:28 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/02 22:48:18 | 000,019,528 | ---- | C] () -- C:\windows\SysNative\drivers\hitmanpro35.sys
[2010/11/02 22:48:17 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/11/02 10:56:52 | 000,012,266 | ---- | C] () -- C:\Users\Charis\Desktop\Bar Exam Application Questions.docx
[2010/10/28 15:42:04 | 000,000,158 | ---- | C] () -- C:\windows\SysNative\ricdb.ini
[2010/10/27 04:40:32 | 000,011,874 | ---- | C] () -- C:\Users\Charis\Documents\Transcript 10-10b.docx
[2010/10/27 04:32:48 | 000,266,187 | ---- | C] () -- C:\Users\Charis\Documents\Transcript 10-10.docx
[2010/10/27 04:00:00 | 000,060,928 | ---- | C] () -- C:\Users\Charis\Documents\Charis_Link_Resume_October_2010.doc
[2010/10/27 03:48:18 | 000,357,815 | ---- | C] () -- C:\Users\Charis\Documents\lawfellowapplication2011.pdf
[2010/10/27 03:46:02 | 000,030,720 | ---- | C] () -- C:\Users\Charis\Documents\FTI Cover Letter.doc
[2010/10/26 21:17:06 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/25 23:27:01 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/24 18:20:20 | 019,918,052 | ---- | C] () -- C:\Users\Charis\Documents\Backup-(2010-10-24).ipd
[2010/10/18 05:41:22 | 000,030,720 | ---- | C] () -- C:\Users\Charis\Documents\e99437763e40b51911a6adb37589271d.doc
[2010/10/18 05:29:58 | 000,270,190 | ---- | C] () -- C:\Users\Charis\Documents\Transcript 9-10.docx
[2010/09/19 07:31:54 | 000,000,000 | ---- | C] () -- C:\Users\Charis\AppData\Local\Wyuyapevafiy.bin
[2010/09/19 07:31:53 | 000,000,120 | ---- | C] () -- C:\Users\Charis\AppData\Local\Fyezamecusur.dat
[2010/05/02 11:36:42 | 000,000,221 | ---- | C] () -- C:\windows\{42175DF7-9726-4C71-9FA6-3E9CEA482D12}_WiseFW.ini
[2010/01/24 16:15:50 | 000,030,752 | ---- | C] () -- C:\windows\cfgall.ini
[2010/01/23 22:39:23 | 000,000,442 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/12 22:02:14 | 000,000,014 | RHS- | C] () -- C:\windows\SysWow64\drivers\fbd.sys
[2009/11/05 15:00:27 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/11/05 13:39:50 | 000,887,250 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/01/04 09:10:02 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\Amazon
[2009/11/18 06:50:36 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\Blackberry Desktop
[2009/11/14 09:12:19 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\ESET
[2010/05/24 20:45:48 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\Fingerfox (SE)
[2010/03/15 18:08:23 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\MysteryStudio
[2009/11/12 22:55:23 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\OPHA
[2009/12/20 20:47:21 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\PlayFirst
[2010/11/06 23:38:41 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\QuickScan
[2009/11/18 06:00:28 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\Research In Motion
[2009/11/12 22:26:01 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\TFPU
[2010/08/12 11:10:23 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\toshiba
[2009/12/22 08:19:41 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\TuneUp Software
[2009/11/18 23:13:59 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\WildTangent
[2009/11/12 22:01:50 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\WinBatch
[2009/11/14 09:12:19 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\ESET
[2010/10/25 23:20:52 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Eye-Fi
[2010/09/04 14:35:48 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\GlarySoft
[2009/11/14 20:36:11 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\OPHA
[2009/11/26 11:01:05 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Research In Motion
[2009/11/12 23:04:07 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\TFPU
[2010/07/17 13:50:27 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\TightVNC
[2009/12/02 20:45:58 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Toshiba
[2009/12/22 00:25:39 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\TuneUp Software
[2009/12/02 20:56:24 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Ulead Systems
[2009/11/26 13:55:28 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\WildTangent
[2010/01/31 01:18:58 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\WinBatch
[2010/10/13 11:09:11 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:887EAE14
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:9A647C37
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DA23AD9A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:3B4DA230
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DB258930
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:891DBAFE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:32A82570
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:40464012

< End of report >



--------------------------------------------Extra.txt Report-----------------------------------------------------

OTL Extras logfile created on: 11/14/2010 1:07:24 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Charis\Documents\Downloads
64bit-Windows XP Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.61 Gb Total Space | 394.74 Gb Free Space | 87.02% Space Free | Partition Type: NTFS
Drive E: | 975.63 Mb Total Space | 5.61 Mb Free Space | 0.57% Space Free | Partition Type: FAT

Computer Name: COOLTOSH | User Name: Charis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2169320968-599245421-172382840-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6B99AF03-2668-4572-BD3D-8C7A5D103065}" = AuthenTec Fingerprint Software
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A7760E07-4C23-4766-A99E-F715F298E99C}" = TFPU
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C5F268F1-0856-43E2-B6F1-2470EEE48D2A}" = ESET NOD32 Antivirus
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Essentials" = Microsoft Security Essentials
"TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}" = TOSHIBA Fingerprint Utility

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{23C12370-3A82-4558-B727-F345B473AD87}" = BlackBerry Device Software Updater
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 22
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2C52D6EB-EE7E-45C4-AFB8-1242164A4A44}" = C5150n - C5200n Series GDI Driver from OKI® Printing Solutions for Windows
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{42175DF7-9726-4C71-9FA6-3E9CEA482D12}" = Electronic Bluebook
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application Installer
"{9B176338-9060-441E-8EDB-A4D73D19F7C7}_is1" = Eye-Fi Manager 2.5
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE10246-A876-4979-B345-CADE6863BD8E}" = TOSHIBA Supervisor Password
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5D8637D-FA1C-4CAD-91FC-4ADB1C284A21}" = TOSHIBA Hardware Setup
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"BFGC" = Big Fish Games: Game Manager
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Pharos" = Pharos
"PROHYBRIDR" = 2007 Microsoft Office system
"TightVNC" = TightVNC 2.0.2
"ULTIMATER" = Microsoft Office Ultimate 2007
"VLC media player" = VLC media player 1.0.1
"Web Update Wizard (Redistributable)" = Web Update Wizard (Redistributable) 4.0
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/28/2010 10:02:41 AM | Computer Name = CoolTosh | Source = Bonjour Service | ID = 100
Description =

Error - 7/28/2010 10:02:41 AM | Computer Name = CoolTosh | Source = Bonjour Service | ID = 100
Description =

Error - 7/28/2010 10:40:59 AM | Computer Name = CoolTosh | Source = Google Update | ID = 20
Description =

Error - 7/28/2010 10:41:01 AM | Computer Name = CoolTosh | Source = Google Update | ID = 20
Description =

Error - 7/28/2010 10:47:08 AM | Computer Name = CoolTosh | Source = Bonjour Service | ID = 100
Description =

Error - 7/28/2010 10:47:08 AM | Computer Name = CoolTosh | Source = Bonjour Service | ID = 100
Description =

Error - 7/28/2010 10:47:08 AM | Computer Name = CoolTosh | Source = Bonjour Service | ID = 100
Description =

Error - 7/28/2010 10:55:04 AM | Computer Name = CoolTosh | Source = Bonjour Service | ID = 100
Description =

Error - 7/28/2010 10:55:04 AM | Computer Name = CoolTosh | Source = Bonjour Service | ID = 100
Description =

Error - 7/28/2010 10:55:04 AM | Computer Name = CoolTosh | Source = Bonjour Service | ID = 100
Description =

[ OSession Events ]
Error - 1/27/2010 1:15:24 PM | Computer Name = CoolTosh | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1680
seconds with 600 seconds of active time. This session ended with a crash.

Error - 1/27/2010 1:20:58 PM | Computer Name = CoolTosh | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 204
seconds with 60 seconds of active time. This session ended with a crash.

Error - 3/15/2010 4:48:25 AM | Computer Name = CoolTosh | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 697
seconds with 300 seconds of active time. This session ended with a crash.

Error - 4/2/2010 5:14:55 PM | Computer Name = CoolTosh | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 20006
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 7/15/2010 1:20:08 AM | Computer Name = CoolTosh | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/27/2010 7:05:41 AM | Computer Name = CoolTosh | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 608
seconds with 600 seconds of active time. This session ended with a crash.

Error - 8/12/2010 8:47:23 AM | Computer Name = CoolTosh | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/11/2010 9:20:26 PM | Computer Name = CoolTosh | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 7/11/2010 10:36:06 PM | Computer Name = CoolTosh | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 7/12/2010 12:13:32 AM | Computer Name = CoolTosh | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SysMain service.

Error - 7/13/2010 2:55:25 AM | Computer Name = CoolTosh | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Schedule service.

Error - 7/13/2010 7:04:24 AM | Computer Name = CoolTosh | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 7/13/2010 2:33:20 PM | Computer Name = CoolTosh | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 7/13/2010 2:33:28 PM | Computer Name = CoolTosh | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{E355C2FC-7EB5-4BBB-B6D3-EAFC6B2ED579}
because another computer on the network has the same name. The server could not
start.

Error - 7/13/2010 4:34:08 PM | Computer Name = CoolTosh | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 7/13/2010 5:53:29 PM | Computer Name = CoolTosh | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 7/13/2010 10:05:39 PM | Computer Name = CoolTosh | Source = Service Control Manager | ID = 7034
Description = The AuthenTec Fingerprint Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >


---------------------

Unfortunately the Root Kit Unhooker installed, but when I try to run it, it gives an error. I tried to run it in Safemode as well and it gives the same error. "Error loading driver, NTSTATUS code: 0xc000036B"

Thank you!

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:34 AM

Posted 14 November 2010 - 02:53 PM

Hi there, I think we are facing an infected router.

Router Reset
  • Please read this: Malware Silently Alters Wireless Router Settings

  • Consult this link to find out what is the default username and password of your router and note down them: Route Passwords

  • Then rest your router to it's factory default settings:

    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

  • Please make sure of the following settings:
    • Go to start => Control panel => Double-click Network and Sharing Center.
    • In the left window select Manage network Connection.
    • In the right window right-click Local Area connection and select Properties .
    • Internet Protocol Version 6 (IP6v) should be checked. Double-click on it: Make sure of the following settings:
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
    • Click OK.
    • Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.[list]
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
  • Click OK twice.
  • If you should change any setting reboot the computer.

==========

Please run the following command on both the computers and post the logs.

Go to start > Run copy/paste the following line in the run box and click OK.

cmd /c (ipconfig /all&nslookup mbam-cdn.malwarebytes.org&ping -n 2 mbam-cdn.malwarebytes.org&route print) >log.txt&start log.txt

A command window opens. Wait until a log.txt file opens. Please post the content to your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 linknc

linknc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 21 November 2010 - 09:57 PM

hello Elise, sorry for the long wait....finally was able to reset my router. below is the log...and as I use the computer the next couple days, I'll be able to see if any changes occur.


Windows IP Configuration

Host Name . . . . . . . . . . . . : CoolTosh
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : nc.rr.com

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-26-B6-66-2B-EC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : nc.rr.com
Description . . . . . . . . . . . : Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 00-26-B6-66-2B-EC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8579:7c9e:85e3:3f2a%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.105(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, November 21, 2010 9:49:41 PM
Lease Expires . . . . . . . . . . : Monday, November 22, 2010 9:49:41 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 301999798
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-84-CF-21-90-E6-BA-7E-C7-BF
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 90-E6-BA-7E-C7-BF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:387a:8e:b449:88ad(Preferred)
Link-local IPv6 Address . . . . . : fe80::387a:8e:b449:88ad%1042(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.nc.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : nc.rr.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F635E2E1-BC1E-40B9-8774-0DAC4C7C8E62}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{76CBB8C7-EBD4-4045-AF5F-A2434494409B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: DD-WRT
Address: 192.168.1.1

Name: mwbyte.vo.llnwd.net
Addresses: 68.142.118.254
68.142.118.4
Aliases: mbam-cdn.malwarebytes.org


Pinging mwbyte.vo.llnwd.net [68.142.118.4] with 32 bytes of data:
Reply from 68.142.118.4: bytes=32 time=20ms TTL=56
Reply from 68.142.118.4: bytes=32 time=25ms TTL=56

Ping statistics for 68.142.118.4:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 20ms, Maximum = 25ms, Average = 22ms
===========================================================================
Interface List
1040...00 26 b6 66 2b ec ......Microsoft Virtual WiFi Miniport Adapter
12...00 26 b6 66 2b ec ......Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
11...90 e6 ba 7e c7 bf ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
1042...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
1043...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
1044...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
1045...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.105 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.105 281
192.168.1.105 255.255.255.255 On-link 192.168.1.105 281
192.168.1.255 255.255.255.255 On-link 192.168.1.105 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.105 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.105 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1042 58 ::/0 On-link
1 306 ::1/128 On-link
1042 58 2001::/32 On-link
1042 306 2001:0:4137:9e76:387a:8e:b449:88ad/128
On-link
12 281 fe80::/64 On-link
1042 306 fe80::/64 On-link
1042 306 fe80::387a:8e:b449:88ad/128
On-link
12 281 fe80::8579:7c9e:85e3:3f2a/128
On-link
1 306 ff00::/8 On-link
1042 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:34 AM

Posted 22 November 2010 - 05:05 AM

Okay, please keep me posted.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:34 AM

Posted 25 November 2010 - 06:42 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:34 AM

Posted 02 December 2010 - 07:03 AM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:34 AM

Posted 02 December 2010 - 09:04 AM

Topic reopened as requested.

Can you please post me a new OTL log?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 linknc

linknc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 03 December 2010 - 09:18 PM

OTL logfile created on: 12/3/2010 9:11:56 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Charis\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 38.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.61 Gb Total Space | 392.38 Gb Free Space | 86.50% Space Free | Partition Type: NTFS
Drive E: | 975.63 Mb Total Space | 5.61 Mb Free Space | 0.57% Space Free | Partition Type: FAT

Computer Name: COOLTOSH | User Name: Charis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/03 21:11:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Charis\Desktop\OTL.exe
PRC - [2010/10/27 01:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/26 17:13:16 | 003,760,320 | ---- | M] (Eye-Fi, Inc.) -- C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/12 13:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/12/08 14:23:18 | 000,345,600 | ---- | M] (Pharos Systems International) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
PRC - [2009/09/03 18:06:32 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/08/24 22:02:18 | 002,684,256 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009/07/28 23:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 22:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/06/20 19:33:26 | 000,116,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng_D.exe
PRC - [2009/06/08 17:34:58 | 000,660,808 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2009/06/03 18:33:14 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/02/20 12:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/07/24 14:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/10/10 03:33:54 | 000,237,784 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe


========== Modules (SafeList) ==========

MOD - [2010/12/03 21:11:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Charis\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/12 13:18:40 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010/08/12 13:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/09/17 15:41:36 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/08/27 16:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/21 12:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 17:50:56 | 002,688,248 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)
SRV:64bit: - [2009/08/04 14:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/08 12:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/08 15:32:52 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/12/08 14:23:18 | 000,345,600 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2009/08/17 13:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 22:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/31 00:20:36 | 000,192,368 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/07/14 22:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/02/20 12:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/10/10 03:33:54 | 000,237,784 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\Windows\SysWOW64\WebUpdateSvc4.exe -- (WebUpdate4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/10 00:06:57 | 000,019,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV:64bit: - [2010/07/29 12:31:26 | 000,168,544 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/07/29 12:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/07/29 12:31:26 | 000,126,320 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/26 17:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/10/09 21:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/08/27 11:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/05 17:45:28 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2009/08/05 15:56:04 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009/08/04 18:33:54 | 000,734,720 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/28 23:02:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/28 21:24:12 | 000,081,408 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/07/28 13:10:44 | 000,016,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PMCF.sys -- (PMCF)
DRV:64bit: - [2009/07/24 18:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/24 14:33:14 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 01:12:36 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:36:22 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 16:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/10 09:45:12 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/07/08 00:39:08 | 000,211,432 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2009/07/04 22:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 11:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/06/29 19:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 13:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 13:00:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/19 12:59:32 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/17 15:01:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 19:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2010/11/14 14:05:57 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\windows\SysWow64\drivers\Normandy.sys -- (Normandy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2169320968-599245421-172382840-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-2169320968-599245421-172382840-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-2169320968-599245421-172382840-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2169320968-599245421-172382840-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2169320968-599245421-172382840-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-2169320968-599245421-172382840-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-2169320968-599245421-172382840-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: {7613BE21-7BFF-42D7-B5A0-40C656C797E4}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}: C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2009/11/05 14:00:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/30 09:34:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/30 09:34:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/09/25 22:27:32 | 000,000,000 | ---D | M]

[2010/11/07 00:33:07 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\Mozilla\Extensions
[2010/11/24 05:33:52 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\Mozilla\Firefox\Profiles\4f3xs95m.default\extensions
[2010/12/03 04:27:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/07 00:40:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll (TODO: <Company name>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2169320968-599245421-172382840-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2169320968-599245421-172382840-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-2169320968-599245421-172382840-1004\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA)
O4:64bit: - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2169320968-599245421-172382840-1003..\Run: [MyTOSHIBA] C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
O4 - HKU\S-1-5-21-2169320968-599245421-172382840-1003..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKU\S-1-5-21-2169320968-599245421-172382840-1004..\Run: [Eye-Fi] C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe (Eye-Fi, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/66.12/uploader2.cab (UploadListView Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/03 21:11:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Charis\Desktop\OTL.exe
[2010/12/03 05:46:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/30 09:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/30 09:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/30 09:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/11/30 09:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/11/30 09:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/11/30 09:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/11/19 00:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/11/18 23:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eye-Fi
[2010/11/18 20:39:56 | 000,000,000 | ---D | C] -- C:\Users\Charis\AppData\Roaming\Playrix Entertainment
[2010/11/18 20:37:40 | 000,000,000 | ---D | C] -- C:\GameHouse Games
[2010/11/18 13:36:04 | 000,000,000 | ---D | C] -- C:\Users\Charis\AppData\Local\Apple Computer
[2010/11/16 09:26:01 | 000,000,000 | ---D | C] -- C:\Users\Charis\AppData\Local\Apple
[2010/11/14 13:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/11/12 15:57:49 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2010/11/10 05:48:20 | 000,000,000 | ---D | C] -- C:\Users\Charis\AppData\Local\Adobe
[2010/11/10 01:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/11/10 01:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/10 01:44:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2010/11/10 00:24:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/11/08 10:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment
[2010/11/07 01:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2010/11/07 00:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/11/07 00:41:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/11/07 00:37:47 | 000,000,000 | ---D | C] -- C:\Users\Charis\AppData\Roaming\Sun
[2010/11/07 00:34:53 | 000,000,000 | ---D | C] -- C:\Users\Charis\Documents\Downloads
[2010/11/07 00:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/11/06 23:43:48 | 000,000,000 | ---D | C] -- C:\windows\SysNative\appmgmt
[2010/11/04 09:30:02 | 000,000,000 | ---D | C] -- C:\Users\Charis\AppData\Roaming\WinRAR
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Charis\Documents\*.tmp files -> C:\Users\Charis\Documents\*.tmp -> ]
[1 C:\Users\Charis\Desktop\*.tmp files -> C:\Users\Charis\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/03 21:11:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Charis\Desktop\OTL.exe
[2010/12/03 21:04:22 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/03 21:04:20 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2169320968-599245421-172382840-1003UA.job
[2010/12/03 21:04:14 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2169320968-599245421-172382840-1004UA.job
[2010/12/03 21:04:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/12/03 13:27:21 | 000,041,277 | ---- | M] () -- C:\Users\Charis\Documents\Sum and Substance Lectures.docx
[2010/12/03 10:09:27 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/03 05:52:00 | 000,079,360 | ---- | M] () -- C:\Users\Charis\Desktop\Copy of Spring 2011 Course Listings.xls
[2010/12/03 05:43:22 | 000,030,720 | ---- | M] () -- C:\Users\Charis\Desktop\Fall 2010 Exam Locations.doc
[2010/12/03 04:15:56 | 000,047,624 | ---- | M] () -- C:\windows\SysWow64\wuwuninst.exe
[2010/12/03 04:15:46 | 000,000,301 | ---- | M] () -- C:\windows\{7E4E05C1-3914-4130-9F4E-A5EC84FEAA7E}_WiseFW.ini
[2010/12/03 04:15:27 | 000,002,899 | ---- | M] () -- C:\Users\Charis\Desktop\Electronic Bluebook.lnk
[2010/12/03 04:11:58 | 011,009,672 | ---- | M] () -- C:\Users\Charis\Desktop\ElectronicBluebookSetup.exe
[2010/12/03 01:49:59 | 000,010,704 | ---- | M] () -- C:\Users\Charis\Documents\Sum and Substance.xlsx
[2010/12/03 01:00:11 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2169320968-599245421-172382840-1004Core.job
[2010/12/03 00:55:48 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2169320968-599245421-172382840-1003Core.job
[2010/12/01 21:46:52 | 000,019,776 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/01 21:46:52 | 000,019,776 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/01 21:37:56 | 000,000,442 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/12/01 21:37:17 | 3192,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/01 20:17:47 | 000,018,485 | ---- | M] () -- C:\Users\Charis\Documents\Budget for 2010-11.xlsx
[2010/12/01 13:47:56 | 000,008,749 | ---- | M] () -- C:\Users\Charis\Desktop\December payments.xlsx
[2010/11/30 20:53:38 | 000,041,938 | ---- | M] () -- C:\Users\Charis\Desktop\Possible Jobs.docx
[2010/11/30 17:46:21 | 000,288,337 | ---- | M] () -- C:\Users\Charis\Desktop\CLIP Case Review.pdf
[2010/11/30 09:43:27 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/30 09:34:28 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/11/30 03:25:58 | 000,743,140 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2010/11/30 03:25:58 | 000,150,254 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2010/11/30 03:25:57 | 000,893,034 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2010/11/29 12:39:17 | 000,047,616 | ---- | M] () -- C:\Users\Charis\Desktop\Copy of Spring 2011 schedule draft Nov 19-1.xls
[2010/11/29 09:07:07 | 000,029,184 | ---- | M] () -- C:\Users\Charis\Desktop\Track Form advocacy.doc
[2010/11/23 22:10:40 | 000,238,557 | ---- | M] () -- C:\Users\Charis\Desktop\Crossroads Discussion.pdf
[2010/11/23 22:09:01 | 000,456,234 | ---- | M] () -- C:\Users\Charis\Desktop\Campbell Crossroads.pdf
[2010/11/23 22:05:15 | 000,270,110 | ---- | M] () -- C:\Users\Charis\Desktop\OKAC.pdf
[2010/11/23 22:04:35 | 000,742,889 | ---- | M] () -- C:\Users\Charis\Desktop\Receipts Student Groups.pdf
[2010/11/23 21:56:41 | 000,755,482 | ---- | M] () -- C:\Users\Charis\Desktop\20101123211338624.pdf
[2010/11/23 21:54:57 | 000,880,033 | ---- | M] () -- C:\Users\Charis\Documents\OKAC Receipt.docx
[2010/11/23 21:48:44 | 000,755,482 | ---- | M] () -- C:\Users\Charis\Desktop\OKAC Receipt.pdf
[2010/11/23 20:58:32 | 000,000,158 | ---- | M] () -- C:\windows\SysNative\ricdb.ini
[2010/11/23 20:54:33 | 024,625,918 | ---- | M] () -- C:\Users\Charis\Desktop\win64_install.exe
[2010/11/23 20:04:19 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2010/11/23 20:01:39 | 000,039,424 | ---- | M] () -- C:\Users\Charis\Desktop\Check Request Form.doc
[2010/11/23 19:56:09 | 000,039,424 | ---- | M] () -- C:\Users\Charis\Desktop\Check Request Form- CC DG.doc
[2010/11/23 19:54:45 | 000,039,424 | ---- | M] () -- C:\Users\Charis\Desktop\Check Request Form- CC IM.doc
[2010/11/22 19:44:10 | 001,008,936 | ---- | M] () -- C:\Users\Charis\Desktop\AmazonMP3Installer.exe
[2010/11/14 14:05:57 | 000,034,560 | ---- | M] () -- C:\windows\SysWow64\drivers\Normandy.sys
[2010/11/14 06:36:21 | 000,000,162 | -H-- | M] () -- C:\Users\Charis\Desktop\~$4_us_549.rtf
[2010/11/14 06:35:04 | 000,000,162 | -H-- | M] () -- C:\Users\Charis\Desktop\~$5_us_144.rtf
[2010/11/14 06:31:43 | 000,000,162 | -H-- | M] () -- C:\Users\Charis\Desktop\~$me_printz_and_united_state.rtf
[2010/11/14 05:56:01 | 000,000,162 | -H-- | M] () -- C:\Users\Charis\Desktop\~$sics of FLC.docx
[2010/11/13 21:11:38 | 000,008,608 | ---- | M] () -- C:\Users\Charis\Desktop\Timeline for Sunday.xlsx
[2010/11/13 08:58:02 | 000,054,323 | ---- | M] () -- C:\Users\Charis\Desktop\101113_aungsansuukyufree.grid-8x2.jpg
[2010/11/12 13:35:36 | 000,259,916 | ---- | M] () -- C:\Users\Charis\Desktop\Best Buy Consumer - Importa..pdf
[2010/11/12 13:34:32 | 000,079,275 | ---- | M] () -- C:\Users\Charis\Desktop\Best Buy Consumer - eSignature.pdf
[2010/11/12 09:54:07 | 000,012,081 | ---- | M] () -- C:\Users\Charis\Desktop\DQ 1.docx
[2010/11/11 11:58:16 | 000,003,297 | ---- | M] () -- C:\Users\Charis\Desktop\013 - Shortcut.lnk
[2010/11/11 11:57:54 | 000,003,492 | ---- | M] () -- C:\Users\Charis\Desktop\1145 - Shortcut.lnk
[2010/11/10 01:53:31 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/10 00:06:57 | 000,019,528 | ---- | M] () -- C:\windows\SysNative\drivers\hitmanpro35.sys
[2010/11/07 06:44:50 | 000,001,448 | ---- | M] () -- C:\Users\Charis\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/07 00:33:02 | 000,000,000 | ---- | M] () -- C:\windows\nsreg.dat
[2010/11/07 00:32:07 | 000,001,974 | ---- | M] () -- C:\Users\Charis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/07 00:32:07 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/06 21:17:05 | 000,000,000 | ---- | M] () -- C:\Users\Charis\defogger_reenable
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Charis\Documents\*.tmp files -> C:\Users\Charis\Documents\*.tmp -> ]
[1 C:\Users\Charis\Desktop\*.tmp files -> C:\Users\Charis\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/03 05:52:00 | 000,079,360 | ---- | C] () -- C:\Users\Charis\Desktop\Copy of Spring 2011 Course Listings.xls
[2010/12/03 05:43:21 | 000,030,720 | ---- | C] () -- C:\Users\Charis\Desktop\Fall 2010 Exam Locations.doc
[2010/12/03 04:15:27 | 000,002,899 | ---- | C] () -- C:\Users\Charis\Desktop\Electronic Bluebook.lnk
[2010/12/03 04:15:13 | 000,000,301 | ---- | C] () -- C:\windows\{7E4E05C1-3914-4130-9F4E-A5EC84FEAA7E}_WiseFW.ini
[2010/12/03 04:11:52 | 011,009,672 | ---- | C] () -- C:\Users\Charis\Desktop\ElectronicBluebookSetup.exe
[2010/12/01 13:47:56 | 000,008,749 | ---- | C] () -- C:\Users\Charis\Desktop\December payments.xlsx
[2010/11/30 20:53:37 | 000,041,938 | ---- | C] () -- C:\Users\Charis\Desktop\Possible Jobs.docx
[2010/11/30 18:09:19 | 000,041,277 | ---- | C] () -- C:\Users\Charis\Documents\Sum and Substance Lectures.docx
[2010/11/30 17:59:13 | 000,010,704 | ---- | C] () -- C:\Users\Charis\Documents\Sum and Substance.xlsx
[2010/11/30 17:46:33 | 000,288,337 | ---- | C] () -- C:\Users\Charis\Desktop\CLIP Case Review.pdf
[2010/11/30 09:43:27 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/30 09:34:28 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/11/23 22:10:54 | 000,238,557 | ---- | C] () -- C:\Users\Charis\Desktop\Crossroads Discussion.pdf
[2010/11/23 22:09:14 | 000,456,234 | ---- | C] () -- C:\Users\Charis\Desktop\Campbell Crossroads.pdf
[2010/11/23 22:05:25 | 000,270,110 | ---- | C] () -- C:\Users\Charis\Desktop\OKAC.pdf
[2010/11/23 22:04:52 | 000,742,889 | ---- | C] () -- C:\Users\Charis\Desktop\Receipts Student Groups.pdf
[2010/11/23 21:56:41 | 000,755,482 | ---- | C] () -- C:\Users\Charis\Desktop\20101123211338624.pdf
[2010/11/23 21:54:54 | 000,880,033 | ---- | C] () -- C:\Users\Charis\Documents\OKAC Receipt.docx
[2010/11/23 21:48:44 | 000,755,482 | ---- | C] () -- C:\Users\Charis\Desktop\OKAC Receipt.pdf
[2010/11/23 20:54:26 | 024,625,918 | ---- | C] () -- C:\Users\Charis\Desktop\win64_install.exe
[2010/11/23 20:04:19 | 000,000,000 | ---- | C] () -- C:\install.rdf
[2010/11/23 19:51:00 | 000,039,424 | ---- | C] () -- C:\Users\Charis\Desktop\Check Request Form- CC DG.doc
[2010/11/23 19:50:09 | 000,039,424 | ---- | C] () -- C:\Users\Charis\Desktop\Check Request Form- CC IM.doc
[2010/11/22 19:44:05 | 001,008,936 | ---- | C] () -- C:\Users\Charis\Desktop\AmazonMP3Installer.exe
[2010/11/22 07:28:11 | 000,039,424 | ---- | C] () -- C:\Users\Charis\Desktop\Check Request Form.doc
[2010/11/19 22:28:58 | 000,047,616 | ---- | C] () -- C:\Users\Charis\Desktop\Copy of Spring 2011 schedule draft Nov 19-1.xls
[2010/11/19 22:17:36 | 000,029,184 | ---- | C] () -- C:\Users\Charis\Desktop\Track Form advocacy.doc
[2010/11/14 13:24:45 | 000,034,560 | ---- | C] () -- C:\windows\SysWow64\drivers\Normandy.sys
[2010/11/14 06:36:21 | 000,000,162 | -H-- | C] () -- C:\Users\Charis\Desktop\~$4_us_549.rtf
[2010/11/14 06:35:04 | 000,000,162 | -H-- | C] () -- C:\Users\Charis\Desktop\~$5_us_144.rtf
[2010/11/14 06:31:43 | 000,000,162 | -H-- | C] () -- C:\Users\Charis\Desktop\~$me_printz_and_united_state.rtf
[2010/11/14 05:56:01 | 000,000,162 | -H-- | C] () -- C:\Users\Charis\Desktop\~$sics of FLC.docx
[2010/11/13 21:10:20 | 000,008,608 | ---- | C] () -- C:\Users\Charis\Desktop\Timeline for Sunday.xlsx
[2010/11/13 08:58:01 | 000,054,323 | ---- | C] () -- C:\Users\Charis\Desktop\101113_aungsansuukyufree.grid-8x2.jpg
[2010/11/12 13:35:44 | 000,259,916 | ---- | C] () -- C:\Users\Charis\Desktop\Best Buy Consumer - Importa..pdf
[2010/11/12 13:34:54 | 000,079,275 | ---- | C] () -- C:\Users\Charis\Desktop\Best Buy Consumer - eSignature.pdf
[2010/11/12 09:54:07 | 000,012,081 | ---- | C] () -- C:\Users\Charis\Desktop\DQ 1.docx
[2010/11/11 11:58:16 | 000,003,297 | ---- | C] () -- C:\Users\Charis\Desktop\013 - Shortcut.lnk
[2010/11/11 11:57:54 | 000,003,492 | ---- | C] () -- C:\Users\Charis\Desktop\1145 - Shortcut.lnk
[2010/11/10 01:53:31 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/07 01:08:53 | 000,072,533 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2010/11/07 01:08:53 | 000,072,533 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2010/11/07 00:33:02 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2010/11/07 00:32:07 | 000,001,974 | ---- | C] () -- C:\Users\Charis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/07 00:32:07 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/06 21:17:05 | 000,000,000 | ---- | C] () -- C:\Users\Charis\defogger_reenable
[2010/09/19 07:31:54 | 000,000,000 | ---- | C] () -- C:\Users\Charis\AppData\Local\Wyuyapevafiy.bin
[2010/09/19 07:31:53 | 000,000,120 | ---- | C] () -- C:\Users\Charis\AppData\Local\Fyezamecusur.dat
[2010/01/24 16:15:50 | 000,030,752 | ---- | C] () -- C:\windows\cfgall.ini
[2010/01/23 22:39:23 | 000,000,442 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/12 22:02:14 | 000,000,014 | RHS- | C] () -- C:\windows\SysWow64\drivers\fbd.sys
[2009/11/05 15:00:27 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/11/05 13:39:50 | 000,887,250 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/01/04 09:10:02 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\Amazon
[2009/11/18 06:50:36 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\Blackberry Desktop
[2009/11/14 09:12:19 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\ESET
[2010/05/24 20:45:48 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\Fingerfox (SE)
[2010/03/15 18:08:23 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\MysteryStudio
[2009/11/12 22:55:23 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\OPHA
[2009/12/20 20:47:21 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\PlayFirst
[2010/11/21 14:24:42 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\Playrix Entertainment
[2010/11/06 23:38:41 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\QuickScan
[2009/11/18 06:00:28 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\Research In Motion
[2009/11/12 22:26:01 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\TFPU
[2010/08/12 11:10:23 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\toshiba
[2009/12/22 08:19:41 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\TuneUp Software
[2009/11/18 23:13:59 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\WildTangent
[2009/11/12 22:01:50 | 000,000,000 | ---D | M] -- C:\Users\Charis\AppData\Roaming\WinBatch
[2009/11/14 09:12:19 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\ESET
[2010/11/19 00:06:10 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Eye-Fi
[2010/09/04 14:35:48 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\GlarySoft
[2009/11/14 20:36:11 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\OPHA
[2009/11/26 11:01:05 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Research In Motion
[2009/11/12 23:04:07 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\TFPU
[2010/07/17 13:50:27 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\TightVNC
[2009/12/02 20:45:58 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Toshiba
[2009/12/22 00:25:39 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\TuneUp Software
[2009/12/02 20:56:24 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Ulead Systems
[2009/11/26 13:55:28 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\WildTangent
[2010/01/31 01:18:58 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\WinBatch
[2010/10/13 11:09:11 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:887EAE14
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:9A647C37
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DA23AD9A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:3B4DA230
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DB258930
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:891DBAFE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:32A82570
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:40464012

< End of report >

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:34 AM

Posted 04 December 2010 - 07:45 AM

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • You will be presented with a beta-disclaimer, you can click OK to allow combofix to run.
  • Follow the prompts
When finished, it shall produce a log for you. Please include the C:\Log.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 linknc

linknc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 04 December 2010 - 12:24 PM

ComboFix 10-12-03.03 - Charis 12/04/2010 12:14:06.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4059.2154 [GMT -5:00]
Running from: c:\users\Charis\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Charis\AppData\Local\{7613BE21-7BFF-42D7-B5A0-40C656C797E4}
c:\users\Charis\AppData\Local\{7613BE21-7BFF-42D7-B5A0-40C656C797E4}\chrome.manifest
c:\users\Charis\AppData\Local\{7613BE21-7BFF-42D7-B5A0-40C656C797E4}\chrome\content\_cfg.js
c:\users\Charis\AppData\Local\{7613BE21-7BFF-42D7-B5A0-40C656C797E4}\chrome\content\overlay.xul
c:\users\Charis\AppData\Local\{7613BE21-7BFF-42D7-B5A0-40C656C797E4}\install.rdf

.
((((((((((((((((((((((((( Files Created from 2010-11-04 to 2010-12-04 )))))))))))))))))))))))))))))))
.

2010-12-04 17:19 . 2010-12-04 17:19 -------- d-----w- c:\users\Marty\AppData\Local\temp
2010-12-04 17:19 . 2010-12-04 17:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-04 17:11 . 2010-12-04 17:11 -------- d-----w- C:\32788R22FWJFW
2010-12-04 12:21 . 2010-12-04 12:21 -------- d-----w- c:\programdata\The Game Equation
2010-12-04 12:18 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{229291D4-A11B-44AB-AF39-D5E123EC970E}\mpengine.dll
2010-12-03 09:15 . 2010-12-03 09:15 36864 ----a-r- c:\users\Charis\AppData\Roaming\Microsoft\Installer\{7E4E05C1-3914-4130-9F4E-A5EC84FEAA7E}\Icon90E003EA.exe
2010-12-03 09:15 . 2010-12-03 09:15 20480 ----a-r- c:\users\Charis\AppData\Roaming\Microsoft\Installer\{7E4E05C1-3914-4130-9F4E-A5EC84FEAA7E}\Icon90E003EA1.exe
2010-11-30 14:42 . 2010-11-30 14:42 -------- d-----w- c:\program files\iPod
2010-11-30 14:42 . 2010-11-30 14:43 -------- d-----w- c:\program files\iTunes
2010-11-30 14:42 . 2010-11-30 14:43 -------- d-----w- c:\program files (x86)\iTunes
2010-11-30 14:38 . 2010-11-30 14:38 -------- d-----w- c:\program files\Bonjour
2010-11-30 14:38 . 2010-11-30 14:38 -------- d-----w- c:\program files (x86)\Bonjour
2010-11-30 14:34 . 2010-11-30 14:34 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2010-11-30 14:34 . 2010-11-30 14:34 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2010-11-30 14:34 . 2010-11-30 14:34 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2010-11-30 14:34 . 2010-11-30 14:34 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2010-11-30 14:34 . 2010-11-30 14:34 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2010-11-30 14:34 . 2010-11-30 14:34 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2010-11-30 14:34 . 2010-11-30 14:34 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2010-11-30 14:34 . 2010-11-30 14:34 -------- d-----w- c:\program files (x86)\QuickTime
2010-11-25 19:00 . 2010-11-01 22:59 2381824 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-25 19:00 . 2010-11-09 03:52 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-25 19:00 . 2010-11-09 03:55 1502208 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-25 19:00 . 2010-11-01 23:03 1448448 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2010-11-19 05:05 . 2010-11-19 05:05 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2010-11-19 04:57 . 2010-12-02 05:23 -------- d-----w- c:\users\Marty\AppData\Local\Adobe
2010-11-19 04:56 . 2010-11-19 04:56 -------- d-----w- c:\program files (x86)\Eye-Fi
2010-11-19 01:39 . 2010-11-21 19:24 -------- d-----w- c:\users\Charis\AppData\Roaming\Playrix Entertainment
2010-11-19 01:37 . 2010-12-04 12:19 -------- d-----w- C:\GameHouse Games
2010-11-18 18:36 . 2010-11-23 00:48 -------- d-----w- c:\users\Charis\AppData\Local\Apple Computer
2010-11-16 14:26 . 2010-11-16 14:26 -------- d-----w- c:\users\Charis\AppData\Local\Apple
2010-11-14 18:24 . 2010-11-14 19:05 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2010-11-14 18:21 . 2010-11-14 18:21 -------- d-----w- c:\program files\7-Zip
2010-11-12 20:57 . 2010-11-12 20:57 -------- d-----w- c:\windows\Sun
2010-11-11 12:24 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-10 10:48 . 2010-11-10 10:48 -------- d-----w- c:\users\Charis\AppData\Local\Adobe
2010-11-10 06:53 . 2010-11-10 06:53 -------- d-----w- c:\program files (x86)\Microsoft Antimalware
2010-11-10 06:53 . 2010-11-10 06:53 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-10 06:44 . 2010-11-10 06:44 -------- d-----w- c:\program files (x86)\Windows Live Safety Center
2010-11-10 05:24 . 2010-11-10 05:24 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2010-11-09 08:57 . 2010-10-08 00:12 8006480 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97660E8B-CA4B-4C67-99EC-923C45683249}\mpengine.dll
2010-11-08 15:40 . 2010-11-23 17:27 -------- d-----w- c:\programdata\Playrix Entertainment
2010-11-07 06:07 . 2010-05-09 09:46 466432 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-11-07 06:07 . 2010-05-09 09:46 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-11-07 06:07 . 2010-05-09 09:15 279552 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2010-11-07 06:07 . 2010-05-09 09:15 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2010-11-07 06:06 . 2010-06-26 05:31 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2010-11-07 06:06 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2010-11-07 06:06 . 2010-11-25 19:00 -------- d-----w- c:\program files (x86)\Feedback Tool
2010-11-07 05:41 . 2010-11-07 05:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-11-07 05:40 . 2010-09-15 08:50 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-11-07 04:43 . 2010-12-03 09:14 -------- d-----w- c:\windows\system32\appmgmt
2010-11-06 17:29 . 2010-11-06 17:29 -------- d-----w- c:\users\Marty\AppData\Roaming\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-03 09:15 . 2009-12-09 20:10 47624 ----a-w- c:\windows\SysWow64\wuwuninst.exe
2010-11-10 05:06 . 2010-11-03 03:48 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-03 04:27 . 2010-11-03 04:27 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-11-03 03:39 . 2010-11-03 03:39 388096 ----a-r- c:\users\Marty\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-24 23:55 . 2010-10-24 23:55 53248 ----a-r- c:\users\Charis\AppData\Roaming\Microsoft\Installer\{23C12370-3A82-4558-B727-F345B473AD87}\ARPPRODUCTICON.exe
2010-10-19 20:51 . 2009-11-13 03:21 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 17:36 . 2010-10-07 17:36 96544 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:36 . 2010-10-07 17:36 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 17:36 . 2010-10-07 17:36 237856 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 17:36 . 2010-10-07 17:36 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2010-10-07 17:23 . 2010-10-07 17:23 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2010-10-07 17:23 . 2010-10-07 17:23 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2010-09-23 11:13 . 2010-09-19 12:31 0 ----a-w- c:\users\Charis\AppData\Local\Wyuyapevafiy.bin
2010-09-23 04:32 . 2010-09-23 04:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 18:49 . 2010-09-21 18:49 252800 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-21 18:03 . 2010-09-21 18:03 208768 ----a-w- c:\windows\SysWow64\LIVESSP.DLL
2010-09-10 05:35 . 2010-10-27 08:37 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35 . 2010-10-27 08:37 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 16:17 . 2010-09-08 16:17 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-09-08 16:17 . 2010-09-08 16:17 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Google Update"="c:\users\Charis\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-09-25 136176]
"NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-8-24 2684256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-15 135664]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-11-10 19528]
R3 Normandy;Normandy SR2; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-02 1255736]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
S1 PMCF;PMCF;c:\windows\system32\drivers\PMCF.sys [2009-07-28 16448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2009-08-04 2688248]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-29 81408]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe [2007-10-10 237784]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-08-04 734720]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 40832]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-15 23:09]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-15 23:09]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2169320968-599245421-172382840-1003Core.job
- c:\users\Charis\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-25 01:20]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2169320968-599245421-172382840-1003UA.job
- c:\users\Charis\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-25 01:20]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2169320968-599245421-172382840-1004Core.job
- c:\users\Marty\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-23 21:15]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2169320968-599245421-172382840-1004UA.job
- c:\users\Marty\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-23 21:15]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ATFPUOverlayIcon]
@="{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}"
[HKEY_CLASSES_ROOT\CLSID\{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}]
2009-08-21 05:17 153520 ----a-w- c:\program files\TOSHIBA\TFPU\TFPUOverlayIcon.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-24 8081952]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-07-22 312832]
"TFPUPWDBankService"="c:\program files\TOSHIBA\TFPU\TFPUPWDBank.exe" [2009-08-21 924080]
"TFPUService"="c:\program files\TOSHIBA\TFPU\TFPUTaskMonitor.exe" [2009-08-21 792496]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 709976]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2916584]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1448568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Charis\AppData\Roaming\Mozilla\Firefox\Profiles\4f3xs95m.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Charis\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\Charis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Charis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
AddRemove-Web Update Wizard (Redistributable) - c:\windows\system32\wuwuninst.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-04 12:22:50
ComboFix-quarantined-files.txt 2010-12-04 17:22

Pre-Run: 421,129,437,184 bytes free
Post-Run: 421,029,724,160 bytes free

- - End Of File - - 13B8F3D2F62D9D7FD8CEC77DC977E21C

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:34 AM

Posted 04 December 2010 - 12:47 PM

How are things running now?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 linknc

linknc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 04 December 2010 - 04:44 PM

Hello Elise,

So far so good, it has always been random, so right now it seems to be fixed.

Thanks so much for your help!!

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:34 AM

Posted 04 December 2010 - 05:04 PM

Hi again, please keep me posted on that.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  • Push the Posted Image button.
  • Push Posted Image

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users