Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I am infected


  • This topic is locked This topic is locked
22 replies to this topic

#1 blank.black

blank.black

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 PM

Posted 23 June 2011 - 04:42 AM

Posting my logs here as directed by boopme in this thread - http://www.bleepingcomputer.com/forums/topic405061.html

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by pp1 at 13:26:39 on 2011-06-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1400 [GMT 5.5:30]
.
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\igfxext.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{29D8CC25-08F5-49E3-950B-A5DF17042DD1} : DhcpNameServer = 192.168.1.1
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pp1\appdata\roaming\mozilla\firefox\profiles\5v365dbx.default\
FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2011-6-8 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2011-6-8 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2011-6-8 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110623.001\IDSvix86.sys [2011-6-23 367736]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-11 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2011-6-8 117640]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-12 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-6-7 105592]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2011-6-7 7680]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2011-6-7 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-22 362600]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-27 1011232]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008000.029\symndisv.sys [2011-6-8 48688]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2011-6-7 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-4 111960]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-7 685424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-7 1343400]
.
=============== Created Last 30 ================
.
2011-06-22 17:28:19 -------- d-----w- c:\users\pp1\appdata\roaming\SUPERAntiSpyware.com
2011-06-22 17:28:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-22 17:28:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-22 17:13:27 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-22 17:13:26 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-16 08:35:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-16 08:35:24 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-16 08:35:23 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-16 08:12:18 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 08:12:18 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 08:12:18 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 08:12:08 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 08:12:08 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 08:12:04 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 08:08:17 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 08:08:15 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 08:08:15 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 08:08:15 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-09 08:28:09 -------- d-----w- c:\programdata\Panda Security
2011-06-09 08:28:06 -------- d-----w- c:\program files\Panda USB Vaccine
2011-06-09 01:26:42 -------- d-----w- c:\program files\MSXML 4.0
2011-06-08 06:59:36 -------- d-----w- c:\users\pp1\appdata\roaming\Malwarebytes
2011-06-08 06:59:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-08 06:59:29 -------- d-----w- c:\programdata\Malwarebytes
2011-06-08 06:59:26 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-08 06:59:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-08 06:56:08 -------- d-----w- c:\users\pp1\appdata\local\Apple Computer
2011-06-08 06:55:36 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-06-08 06:55:36 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-06-08 06:55:16 -------- d-----w- c:\program files\iPod
2011-06-08 06:55:15 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-06-08 06:55:15 -------- d-----w- c:\program files\iTunes
2011-06-08 06:53:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-06-08 06:53:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-06-08 06:53:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-06-08 06:53:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-06-08 06:53:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-06-08 06:53:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-06-08 06:53:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-06-08 06:53:23 -------- d-----w- c:\users\pp1\appdata\local\Apple
2011-06-08 06:53:05 -------- d-----w- c:\program files\Bonjour
2011-06-08 03:43:39 -------- d-----r- c:\program files\Skype
2011-06-08 00:51:40 89904 ----a-w- c:\windows\system32\drivers\nis\1008000.029\symfw.sys
2011-06-08 00:51:40 48688 ----a-w- c:\windows\system32\drivers\nis\1008000.029\symndisv.sys
2011-06-08 00:51:40 43696 ----a-w- c:\windows\system32\drivers\nis\1008000.029\srtspx.sys
2011-06-08 00:51:40 36400 ----a-w- c:\windows\system32\drivers\nis\1008000.029\symndis.sys
2011-06-08 00:51:40 33072 ----a-w- c:\windows\system32\drivers\nis\1008000.029\symids.sys
2011-06-08 00:51:40 310320 ----a-w- c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys
2011-06-08 00:51:40 308272 ----a-w- c:\windows\system32\drivers\nis\1008000.029\srtsp.sys
2011-06-08 00:51:40 217136 ----a-w- c:\windows\system32\drivers\nis\1008000.029\symtdi.sys
2011-06-08 00:51:39 259632 ----a-w- c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys
2011-06-08 00:51:31 482432 ----a-w- c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys
2011-06-08 00:51:30 -------- d-----w- c:\windows\system32\drivers\nis\1008000.029
2011-06-07 22:27:37 -------- d-----w- c:\windows\system32\Adobe
2011-06-07 22:27:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-07 20:45:18 -------- d-----w- c:\windows\system32\SPReview
2011-06-07 20:44:18 -------- d-----w- c:\windows\system32\EventProviders
2011-06-07 20:38:59 97280 ----a-w- c:\windows\system32\dwmredir.dll
2011-06-07 20:06:35 -------- d-----w- c:\users\pp1\appdata\local\Diagnostics
2011-06-07 08:17:50 -------- d-----w- c:\windows\system32\Wat
2011-06-07 08:15:52 -------- d-----w- c:\users\pp1\appdata\local\ElevatedDiagnostics
2011-06-07 07:18:45 -------- d-----r- C:\Sandbox
2011-06-07 07:17:22 -------- d-----w- c:\program files\Sandboxie
2011-06-07 07:16:21 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-06-07 07:16:21 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-06-07 07:16:20 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-06-07 07:16:15 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-06-07 07:16:15 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-07 06:40:32 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-06-07 06:35:44 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-06-07 06:35:11 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-06-07 06:35:08 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-06-07 06:35:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-06-07 06:35:08 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-06-07 06:31:29 2616320 ----a-w- c:\windows\explorer.exe
2011-06-07 06:31:22 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-06-07 06:31:11 802304 ----a-w- c:\windows\system32\WFS.exe
2011-06-07 06:31:11 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-06-07 06:30:31 -------- d-----w- c:\users\pp1\appdata\roaming\WildTangent
2011-06-07 06:28:42 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-06-07 06:28:42 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-06-07 06:27:55 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-07 06:25:43 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-06-07 06:16:32 -------- d-----r- c:\program files\Norton Support
2011-06-07 06:16:21 -------- d-----w- c:\users\pp1\appdata\local\Symantec
2011-06-07 05:20:55 -------- d-----w- c:\users\pp1\Tracing
2011-06-07 05:13:42 -------- d-----w- c:\users\pp1\appdata\local\TOSHIBA_Corporation
2011-06-07 03:19:54 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2011-06-07 03:19:52 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-06-07 03:19:52 -------- d-----w- c:\program files\Symantec
2011-06-07 03:19:52 -------- d-----w- c:\program files\common files\Symantec Shared
2011-06-07 02:49:15 -------- d-----w- c:\users\pp1\appdata\local\Adobe
2011-06-07 02:37:06 -------- d-----w- c:\users\pp1\appdata\local\Google
2011-06-07 02:14:11 -------- d-----w- c:\users\pp1\appdata\local\TOSHIBA
2011-06-07 01:53:14 -------- d-----w- c:\program files\common files\Toshiba Shared
2011-06-07 01:53:10 275536 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2011-06-07 01:53:09 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-06-07 01:52:25 -------- d-----w- c:\programdata\Symantec
2011-06-07 01:52:07 -------- d-----w- c:\windows\system32\drivers\NIS
2011-06-07 01:52:06 -------- d-----w- c:\programdata\Norton
2011-06-07 01:52:06 -------- d-----w- c:\program files\Norton Internet Security
2011-06-07 01:52:02 -------- d-----w- c:\programdata\NortonInstaller
2011-06-07 01:52:02 -------- d-----w- c:\program files\NortonInstaller
2011-06-07 01:50:15 24064 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2011-06-07 01:47:51 24576 ----a-w- c:\windows\system32\TSCI.dll
2011-06-07 01:47:51 24576 ----a-w- c:\windows\system32\THCI.dll
2011-06-07 01:47:34 9728 ----a-w- c:\windows\system32\TCMSVR.dll
2011-06-07 01:47:34 152848 ----a-w- c:\windows\system32\Comdlg32.ocx
2011-06-07 01:47:33 7680 ----a-w- c:\windows\system32\drivers\FwLnk.sys
2011-06-07 01:47:33 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-06-07 01:47:33 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-06-07 01:47:33 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-06-07 01:47:33 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-06-07 01:47:32 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-06-07 01:47:32 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-06-07 01:47:32 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-06-07 01:46:51 -------- d-----w- c:\program files\Realtek WLAN Driver
2011-06-07 01:46:08 -------- d-----w- c:\program files\Synaptics
2011-06-07 01:44:39 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-06-07 01:44:39 -------- d-----w- c:\program files\Realtek
2011-06-07 01:42:25 -------- d-----w- c:\windows\system32\Lang
2011-06-07 01:42:24 1002008 ----a-w- c:\windows\system32\igxpun.exe
2011-06-07 01:40:28 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-06-07 01:40:12 -------- d-----w- c:\program files\Microsoft Office Suite Activation Assistant
2011-06-07 01:33:32 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-06-07 01:33:32 32656 ----a-w- c:\windows\system32\msonpmon.dll
.
==================== Find3M ====================
.
2011-06-07 20:49:02 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-07 02:12:49 16 --sh--r- c:\windows\system32\drivers\fbd.sys
2011-04-26 05:58:12 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-04-26 05:58:12 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 13:27:32.83 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:46 AM

Posted 03 July 2011 - 07:23 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 blank.black

blank.black
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 PM

Posted 04 July 2011 - 10:15 AM

Hello m0le,

Thank you for your response.

I have not installed or uninstalled anything after I have started this process. Please send me the required instructions.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:46 AM

Posted 04 July 2011 - 06:35 PM

Please run both MBAM and SAS

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE

#5 blank.black

blank.black
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 PM

Posted 05 July 2011 - 07:34 AM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7026

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

7/5/2011 5:32:11 PM
mbam-log-2011-07-05 (17-32-11).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 272245
Time elapsed: 15 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/05/2011 at 05:54 PM

Application Version : 4.55.1000

Core Rules Database Version : 7370
Trace Rules Database Version: 5182

Scan type : Complete Scan
Total Scan Time : 00:20:07

Memory items scanned : 347
Memory threats detected : 0
Registry items scanned : 9819
Registry threats detected : 0
File items scanned : 23044
File threats detected : 0

Edited by blank.black, 05 July 2011 - 07:37 AM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:46 AM

Posted 05 July 2011 - 06:00 PM

That's the cleanest log you can get for those two programs. Let's look for rootkit activity now.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#7 blank.black

blank.black
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 PM

Posted 06 July 2011 - 01:02 AM

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-06 11:27:57
-----------------------------
11:27:57.441 OS Version: Windows 6.1.7601 Service Pack 1
11:27:57.441 Number of processors: 2 586 0x170A
11:27:57.441 ComputerName: pp1 UserName: pp1
11:27:59.952 Initialize success
11:28:17.405 AVAST engine download error: 0
11:28:58.292 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:28:58.292 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
11:28:58.339 Disk 0 MBR read successfully
11:28:58.339 Disk 0 MBR scan
11:28:58.355 Disk 0 unknown MBR code
11:28:58.355 Disk 0 scanning sectors +625141760
11:28:58.402 Disk 0 scanning C:\windows\system32\drivers
11:29:07.044 Service scanning
11:29:08.027 Disk 0 trace - called modules:
11:29:08.074 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
11:29:08.089 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86bfcac8]
11:29:08.089 3 CLASSPNP.SYS[8b20459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85dec028]
11:29:08.105 Scan finished successfully
11:29:20.460 Disk 0 MBR has been saved successfully to "C:\Users\pp1\Desktop\MBR.dat"
11:29:20.460 The log file has been saved successfully to "C:\Users\pp1\Desktop\aswMBR.txt"

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:46 AM

Posted 06 July 2011 - 02:20 PM

It doesn't recognise the master boot record so we just need to confirm that. Run MBRCheck

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#9 blank.black

blank.black
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 PM

Posted 07 July 2011 - 11:43 AM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite L505
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 176):
0x82C05000 \SystemRoot\system32\ntkrnlpa.exe
0x83017000 \SystemRoot\system32\halmacpi.dll
0x80BAF000 \SystemRoot\system32\kdcom.dll
0x83229000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x832AE000 \SystemRoot\system32\PSHED.dll
0x832BF000 \SystemRoot\system32\BOOTVID.dll
0x832C7000 \SystemRoot\system32\CLFS.SYS
0x83309000 \SystemRoot\system32\CI.dll
0x8AC29000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8AC9A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8ACA8000 \SystemRoot\system32\drivers\ACPI.sys
0x8ACF0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8ACF9000 \SystemRoot\system32\drivers\msisadrv.sys
0x8AD01000 \SystemRoot\system32\drivers\pci.sys
0x8AD2B000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8AD36000 \SystemRoot\System32\drivers\partmgr.sys
0x8AD47000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8AD4F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8AD5A000 \SystemRoot\system32\drivers\volmgr.sys
0x8AD6A000 \SystemRoot\System32\drivers\volmgrx.sys
0x8ADB5000 \SystemRoot\System32\drivers\mountmgr.sys
0x8ADCB000 \SystemRoot\system32\drivers\pciide.sys
0x8ADD2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8AE12000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8AEEC000 \SystemRoot\system32\drivers\atapi.sys
0x8AEF5000 \SystemRoot\system32\drivers\ataport.SYS
0x8AF18000 \SystemRoot\system32\drivers\msahci.sys
0x8AF22000 \SystemRoot\system32\drivers\amdxata.sys
0x8AF2B000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AF5F000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AF70000 \SystemRoot\system32\drivers\NIS\1008000.029\SYMEFA.SYS
0x8B001000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B130000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B15B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B16E000 \SystemRoot\System32\Drivers\cng.sys
0x8B1CB000 \SystemRoot\System32\drivers\pcw.sys
0x8B1D9000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B233000 \SystemRoot\system32\drivers\ndis.sys
0x8B2EA000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B328000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B426000 \SystemRoot\System32\drivers\tcpip.sys
0x8B570000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B5A1000 \SystemRoot\system32\drivers\volsnap.sys
0x8B5E0000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x8B34D000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x8B5E5000 \SystemRoot\System32\Drivers\spldr.sys
0x8B394000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B5ED000 \SystemRoot\System32\Drivers\mup.sys
0x8B400000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B3C1000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B408000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8FD28000 \SystemRoot\system32\drivers\cdrom.sys
0x8FD47000 \SystemRoot\System32\Drivers\NIS\1008000.029\SRTSP.SYS
0x90B9F000 \??\C:\windows\system32\Drivers\SYMEVENT.SYS
0x90BD8000 \SystemRoot\system32\drivers\NIS\1008000.029\SRTSPX.SYS
0x90BE2000 \SystemRoot\System32\Drivers\Null.SYS
0x90BE9000 \SystemRoot\System32\Drivers\Beep.SYS
0x90BF0000 \SystemRoot\System32\drivers\vga.sys
0x90A00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FD9A000 \SystemRoot\System32\drivers\watchdog.sys
0x8FDA7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FDAF000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FDB7000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8FDBF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FDCA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FDD8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FDEF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FC00000 \SystemRoot\System32\Drivers\NIS\1008000.029\SYMTDI.SYS
0x8B225000 \SystemRoot\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS
0x8B1E2000 \SystemRoot\System32\Drivers\NIS\1008000.029\SYMFW.SYS
0x97A2B000 \SystemRoot\system32\drivers\afd.sys
0x97A85000 \SystemRoot\System32\DRIVERS\netbt.sys
0x97AB7000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x97ABE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x97ADD000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x97AEE000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x97AF7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x97B05000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x97B18000 \SystemRoot\system32\drivers\termdd.sys
0x97B29000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x97B4B000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x97B51000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x97B92000 \SystemRoot\system32\drivers\nsiproxy.sys
0x97B9C000 \SystemRoot\system32\drivers\mssmbios.sys
0x98A15000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110704.032\IDSvix86.sys
0x98A72000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x98AD0000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x98AEE000 \SystemRoot\System32\drivers\discache.sys
0x98AFA000 \SystemRoot\System32\Drivers\dfsc.sys
0x98B12000 \SystemRoot\System32\Drivers\NIS\1008000.029\ccHPx86.sys
0x98B8D000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x98B9B000 \SystemRoot\System32\Drivers\NIS\1008000.029\BHDrvx86.sys
0x98BDD000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x98A00000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
0x98A07000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x97BA6000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x98A0F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x99C39000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x9A260000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9A317000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9A350000 \SystemRoot\system32\drivers\usbuhci.sys
0x9A35B000 \SystemRoot\system32\drivers\USBPORT.SYS
0x9A3A6000 \SystemRoot\system32\drivers\usbehci.sys
0x9A3B5000 \SystemRoot\system32\drivers\HDAudBus.sys
0x9943B000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x99495000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x995A9000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x995B3000 \SystemRoot\system32\drivers\i8042prt.sys
0x995CB000 \SystemRoot\system32\drivers\kbdclass.sys
0x99400000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x99433000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x995D8000 \SystemRoot\system32\drivers\mouclass.sys
0x995E5000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x995EF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x9A3D4000 \SystemRoot\system32\drivers\CompositeBus.sys
0x9A3E1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x99C00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x995F5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x97BB8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x99C18000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x97BDA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x97A00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x99435000 \SystemRoot\system32\drivers\swenum.sys
0x8AFBF000 \SystemRoot\system32\drivers\ks.sys
0x97A17000 \SystemRoot\system32\DRIVERS\umbus.sys
0x833B4000 \SystemRoot\system32\drivers\usbhub.sys
0x8AE00000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9B630000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9B8CC000 \SystemRoot\system32\drivers\portcls.sys
0x9B8FB000 \SystemRoot\system32\drivers\drmk.sys
0x9B914000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9B92A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FC34000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9B937000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9C660000 \SystemRoot\System32\win32k.sys
0x9B948000 \SystemRoot\System32\drivers\Dxapi.sys
0x9B970000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x9B982000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9B98D000 \SystemRoot\system32\drivers\usbccgp.sys
0x9B9A4000 \SystemRoot\System32\Drivers\usbvideo.sys
0x9B9C8000 \SystemRoot\system32\DRIVERS\pgeffect.sys
0x9C8C0000 \SystemRoot\System32\TSDDD.dll
0x9B9CE000 \SystemRoot\system32\drivers\luafv.sys
0x9B600000 \SystemRoot\system32\drivers\WudfPf.sys
0x8AC00000 \??\C:\Program Files\Sandboxie\SbieDrv.sys
0x9B61A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x94A21000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x94A67000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x94A77000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x94A8A000 \SystemRoot\system32\drivers\HTTP.sys
0x94B0F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x94B28000 \SystemRoot\System32\drivers\mpsdrv.sys
0x94B3A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x94B5D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x94B98000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9EE20000 \SystemRoot\system32\drivers\peauth.sys
0x9EEB7000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9EEC1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9EEE2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9EEEF000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9EF3F000 \SystemRoot\System32\DRIVERS\srv.sys
0x9EFA5000 \??\C:\Users\pp1\AppData\Local\Temp\aswMBR.sys
0x90A21000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110705.033\NAVEX15.SYS
0x9EFB0000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110705.033\NAVENG.SYS
0x9EFC4000 \SystemRoot\system32\drivers\hidusb.sys
0x9EFCF000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x9EFE2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9C8F0000 \SystemRoot\System32\cdd.dll
0x77A80000 \Windows\System32\ntdll.dll
0x47920000 \Windows\System32\smss.exe
0x77CC0000 \Windows\System32\apisetschema.dll
0x007C0000 \Windows\System32\autochk.exe
0x77C60000 \Windows\System32\Wldap32.dll
0x77C30000 \Windows\System32\imagehlp.dll
0x77C20000 \Windows\System32\normaliz.dll

Processes (total 66):
0 System Idle Process
4 System
308 C:\Windows\System32\smss.exe
448 csrss.exe
512 csrss.exe
528 C:\Windows\System32\wininit.exe
568 C:\Windows\System32\winlogon.exe
616 C:\Windows\System32\services.exe
624 C:\Windows\System32\lsass.exe
656 C:\Windows\System32\lsm.exe
728 C:\Windows\System32\svchost.exe
808 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1168 C:\Program Files\Sandboxie\SbieSvc.exe
1280 C:\Windows\System32\svchost.exe
1484 C:\Windows\System32\spoolsv.exe
1512 C:\Windows\System32\svchost.exe
1592 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1616 C:\Program Files\Bonjour\mDNSResponder.exe
1676 C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
1852 C:\Windows\System32\TODDSrv.exe
1892 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
1968 C:\Program Files\TOSHIBA\TECO\TecoService.exe
464 C:\Windows\System32\SearchIndexer.exe
2392 C:\Windows\System32\svchost.exe
2588 C:\Windows\System32\taskhost.exe
2604 C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
2656 C:\Windows\System32\dwm.exe
2768 C:\Windows\explorer.exe
2884 C:\Program Files\Panda USB Vaccine\USBVaccine.exe
3100 C:\Windows\System32\igfxtray.exe
3108 C:\Windows\System32\hkcmd.exe
3124 C:\Windows\System32\igfxpers.exe
3184 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3192 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3200 C:\Windows\System32\igfxsrvc.exe
3228 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
3332 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
3376 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
3420 C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
3428 C:\Program Files\TOSHIBA\TECO\TEco.exe
3768 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3796 C:\Program Files\Sandboxie\SbieCtrl.exe
3868 C:\Windows\System32\svchost.exe
4024 C:\Program Files\iPod\bin\iPodService.exe
2384 C:\Windows\System32\igfxext.exe
3704 C:\Windows\System32\taskeng.exe
3532 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
3296 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
3640 C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
2564 C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
2628 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
4016 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
2732 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
1156 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
816 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
4208 C:\Windows\System32\audiodg.exe
5816 C:\Windows\System32\svchost.exe
4368 taskhost.exe
4408 dllhost.exe
4124 dllhost.exe
4224 C:\Users\pp1\Desktop\MBRCheck.exe
4524 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-26ZCT0, Rev: 12.01A12

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!

#10 blank.black

blank.black
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 PM

Posted 07 July 2011 - 11:45 AM

Also, my Norton Antivirus has expired. Can I uninstall it and install another antivirus program at this time or should I wait?

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:46 AM

Posted 07 July 2011 - 06:33 PM

Yes, install a new antivirus now.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#12 blank.black

blank.black
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 PM

Posted 08 July 2011 - 01:09 PM

OTL logfile created on: 7/8/2011 11:20:07 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\pp1\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 72.92% Memory free
5.74 Gb Paging File | 4.90 Gb Available in Paging File | 85.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.62 Gb Total Space | 239.72 Gb Free Space | 83.06% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: PC-TECH | User Name: pp1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\pp1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TECO\TEco.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Users\pp1\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
SRV - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (epfwwfpr) -- C:\Windows\System32\drivers\epfwwfpr.sys (ESET)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tos_sps32) -- C:\windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (TVALZ) -- C:\windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (Serial) -- C:\windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (atikmdag) -- C:\windows\system32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (TVALZFL) -- C:\Windows\System32\drivers\TVALZFL.sys (TOSHIBA Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 22:43:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/07/08 20:13:24 | 000,000,000 | ---D | M]

[2011/06/07 13:57:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pp1\AppData\Roaming\Mozilla\Extensions
[2011/07/04 21:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pp1\AppData\Roaming\Mozilla\Firefox\Profiles\5v365dbx.default\extensions
[2011/07/08 20:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/22 22:43:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
() (No name found) -- C:\USERS\pp1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5V365DBX.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\pp1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5V365DBX.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\pp1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5V365DBX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/06/22 22:43:26 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 13:30:00 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2010/01/01 13:30:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 13:30:00 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2010/01/01 13:30:00 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/01/01 13:30:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2010/01/01 13:30:00 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/06/11 03:09:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/08 22:48:24 | 002,322,184 | ---- | C] (ESET) -- C:\Users\pp1\Desktop\esetsmartinstaller_enu.exe
[2011/07/08 21:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/08 21:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/08 21:40:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/08 21:15:36 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2011/07/08 21:15:00 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\pp1\Desktop\OTL.exe
[2011/07/08 20:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/07/08 20:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/07/08 20:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/07 22:16:29 | 000,000,000 | ---D | C] -- C:\Users\pp1\Desktop\New folder
[2011/06/29 13:38:16 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tquery.dll
[2011/06/29 13:38:16 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssrch.dll
[2011/06/29 13:38:16 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssph.dll
[2011/06/29 13:38:15 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssvp.dll
[2011/06/29 13:38:15 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssphtb.dll
[2011/06/29 13:38:15 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msscntrs.dll
[2011/06/26 02:27:36 | 000,000,000 | ---D | C] -- C:\Users\pp1\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/06/26 02:26:53 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2011/06/26 02:26:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/06/25 15:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2011/06/24 20:18:50 | 000,000,000 | ---D | C] -- C:\Users\pp1\Desktop\sane photos
[2011/06/23 15:32:03 | 000,000,000 | ---D | C] -- C:\Users\pp1\Desktop\New Folder1
[2011/06/22 22:58:19 | 000,000,000 | ---D | C] -- C:\Users\pp1\AppData\Roaming\SUPERAntiSpyware.com
[2011/06/22 22:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/06/22 22:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/22 22:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/16 14:05:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/06/16 14:05:23 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2011/06/16 14:05:23 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll
[2011/06/16 14:05:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/06/14 23:28:47 | 000,000,000 | ---D | C] -- C:\Users\pp1\Documents\pp1
[2011/06/11 01:00:41 | 000,000,000 | ---D | C] -- C:\Users\pp1\AppData\Roaming\WinRAR
[2011/06/11 00:59:58 | 000,000,000 | ---D | C] -- C:\Users\pp1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/11 00:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/11 00:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/06/10 07:21:16 | 000,000,000 | ---D | C] -- C:\Users\pp1\Documents\My Games
[2011/06/09 13:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/06/09 13:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2011/06/09 13:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011/06/09 06:59:55 | 000,000,000 | ---D | C] -- C:\Users\pp1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/06/09 06:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011/06/09 06:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/08 22:50:12 | 002,322,184 | ---- | M] (ESET) -- C:\Users\pp1\Desktop\esetsmartinstaller_enu.exe
[2011/07/08 22:02:47 | 000,015,568 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/08 22:02:47 | 000,015,568 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/08 22:00:12 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/07/08 22:00:12 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/07/08 21:55:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/07/08 21:55:25 | 2312,097,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/08 21:16:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\pp1\Desktop\OTL.exe
[2011/07/08 21:13:06 | 000,002,964 | ---- | M] () -- C:\windows\Sandboxie.ini
[2011/06/29 17:11:02 | 000,340,792 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/06/24 12:29:40 | 000,007,609 | ---- | M] () -- C:\Users\pp1\AppData\Local\Resmon.ResmonCfg
[2011/06/23 15:39:20 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/06/23 13:24:23 | 000,000,000 | ---- | M] () -- C:\Users\pp1\defogger_reenable
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/04 20:35:51 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/26 02:26:53 | 000,001,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/06/24 12:29:40 | 000,007,609 | ---- | C] () -- C:\Users\pp1\AppData\Local\Resmon.ResmonCfg
[2011/06/23 13:24:23 | 000,000,000 | ---- | C] () -- C:\Users\pp1\defogger_reenable
[2011/06/07 12:47:57 | 000,002,964 | ---- | C] () -- C:\windows\Sandboxie.ini
[2011/06/07 07:42:49 | 000,000,016 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2011/06/07 07:32:20 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011/06/07 07:15:25 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2011/06/07 07:15:25 | 000,000,176 | ---- | C] () -- C:\windows\System32\drivers\RTHDAEQ0.dat
[2011/03/22 01:52:06 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/09/04 06:27:33 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/09/04 06:27:33 | 000,000,000 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/08/27 20:27:38 | 000,982,220 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/08/27 20:27:38 | 000,439,300 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/08/27 20:27:38 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/08/27 20:27:38 | 000,092,216 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/07/14 10:27:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 10:03:53 | 000,340,792 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 07:35:48 | 000,624,178 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 07:35:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 07:35:48 | 000,106,522 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 07:35:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 07:35:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 07:34:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 05:25:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 05:21:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 05:12:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/11 02:56:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

========== LOP Check ==========

[2011/06/26 02:27:36 | 000,000,000 | ---D | M] -- C:\Users\pp1\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/06/07 12:00:31 | 000,000,000 | ---D | M] -- C:\Users\pp1\AppData\Roaming\WildTangent
[2011/06/07 07:42:31 | 000,000,000 | ---D | M] -- C:\Users\pp1\AppData\Roaming\WinBatch
[2009/07/14 10:23:46 | 000,012,326 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

#13 blank.black

blank.black
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 PM

Posted 08 July 2011 - 01:11 PM

OTL Extras logfile created on: 7/8/2011 11:20:07 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\pp1\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 72.92% Memory free
5.74 Gb Paging File | 4.90 Gb Available in Paging File | 85.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.62 Gb Total Space | 239.72 Gb Free Space | 83.06% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: PC-TECH | User Name: pp1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
"{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}" = NetZero Launcher
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
"{A66242A1-9101-425D-9BE5-D19A50E1D0D8}" = ESET NOD32 Antivirus
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Halo Trial" = Microsoft Halo Trial
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Sandboxie" = Sandboxie 3.56 (32-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/17/2011 6:36:17 AM | Computer Name = PC-tech | Source = Application Error | ID = 1000
Description = Faulting application name: halo.exe, version: 1.0.0.578, time stamp:
0x3f79fea2 Faulting module name: keystone.dll, version: 1.1.2.7, time stamp: 0x3f7ca313
Exception
code: 0xc0000005 Fault offset: 0x000f12f9 Faulting process id: 0x1488 Faulting application
start time: 0x01cc2cd9625e6fdf Faulting application path: C:\Program Files\Microsoft
Games\Halo Trial\halo.exe Faulting module path: C:\Program Files\Microsoft Games\Halo
Trial\keystone.dll Report Id: a1650a77-98cd-11e0-8cd3-001e33f27d18

Error - 6/22/2011 4:47:32 AM | Computer Name = PC-tech | Source = Application Error | ID = 1000
Description = Faulting application name: halo.exe, version: 1.0.0.578, time stamp:
0x3f79fea2 Faulting module name: halo.exe, version: 1.0.0.578, time stamp: 0x3f79fea2
Exception
code: 0xc0000005 Fault offset: 0x000bf3e3 Faulting process id: 0x948 Faulting application
start time: 0x01cc30a721752986 Faulting application path: C:\Program Files\Microsoft
Games\Halo Trial\halo.exe Faulting module path: C:\Program Files\Microsoft Games\Halo
Trial\halo.exe Report Id: 4410dd20-9cac-11e0-b22e-001e33f27d18

Error - 6/22/2011 7:02:20 AM | Computer Name = PC-tech | Source = Application Error | ID = 1000
Description = Faulting application name: halo.exe, version: 1.0.0.578, time stamp:
0x3f79fea2 Faulting module name: halo.exe, version: 1.0.0.578, time stamp: 0x3f79fea2
Exception
code: 0xc0000005 Fault offset: 0x000f0a29 Faulting process id: 0xc1c Faulting application
start time: 0x01cc30cb244f4280 Faulting application path: C:\Program Files\Microsoft
Games\Halo Trial\halo.exe Faulting module path: C:\Program Files\Microsoft Games\Halo
Trial\halo.exe Report Id: 1944be47-9cbf-11e0-b22e-001e33f27d18

Error - 6/22/2011 7:26:11 AM | Computer Name = PC-tech | Source = Application Error | ID = 1000
Description = Faulting application name: SUPERAntiSpyware.exe, version: 4.53.0.1000,
time stamp: 0x4dda7673 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x69206e61 Faulting process id:
0x5b4 Faulting application start time: 0x01cc30ce86e8cf19 Faulting application path:
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Faulting module path: unknown
Report
Id: 6decbef7-9cc2-11e0-b22e-001e33f27d18

Error - 6/22/2011 7:31:49 AM | Computer Name = PC-tech | Source = Application Error | ID = 1000
Description = Faulting application name: SUPERAntiSpyware.exe, version: 4.53.0.1000,
time stamp: 0x4dda7673 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x69206e61 Faulting process id:
0x13bc Faulting application start time: 0x01cc30cf547c09a4 Faulting application path:
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Faulting module path: unknown
Report
Id: 376177e9-9cc3-11e0-b22e-001e33f27d18

Error - 6/22/2011 3:21:01 PM | Computer Name = PC-tech | Source = Software Protection Platform Service | ID = 8200
Description = License acquisition failure details. hr=0x80072EE7

Error - 6/22/2011 3:21:01 PM | Computer Name = PC-tech | Source = Software Protection Platform Service | ID = 8208
Description = Acquisition of genuine ticket failed (hr=0x80072EE7) for template
Id 66c92734-d682-4d71-983e-d6ec3f16059f

Error - 6/24/2011 10:46:51 AM | Computer Name = PC-tech | Source = Application Hang | ID = 1002
Description = The program USBVaccine.exe version 1.0.1.4 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 384 Start
Time: 01cc323cf6a6d617 Termination Time: 6 Application Path: C:\Program Files\Panda
USB Vaccine\USBVaccine.exe Report Id: ca7db3b4-9e70-11e0-90e3-001e33f27d18

Error - 6/24/2011 10:50:11 AM | Computer Name = PC-tech | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d6727a7 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b96e Exception code: 0xc00000fd Fault offset: 0x00052ffb Faulting
process id: 0xd34 Faulting application start time: 0x01cc323cf4462ed4 Faulting application
path: C:\windows\Explorer.EXE Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: 425ca78c-9e71-11e0-90e3-001e33f27d18

Error - 7/4/2011 10:55:21 AM | Computer Name = PC-tech | Source = Application Error | ID = 1000
Description = Faulting application name: SUPERAntiSpyware.exe, version: 4.54.0.1000,
time stamp: 0x4df24594 Faulting module name: SUPERAntiSpyware.exe, version: 4.54.0.1000,
time stamp: 0x4df24594 Exception code: 0xc0000005 Fault offset: 0x000d8bf5 Faulting
process id: 0xa58 Faulting application start time: 0x01cc3a599df7486d Faulting application
path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Faulting module path:
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Report Id: a38c17e4-a64d-11e0-8ae6-001e33f27d18

[ System Events ]
Error - 6/24/2011 12:36:54 PM | Computer Name = PC-tech | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.1
with the system having network hardware address 00-18-02-FA-1E-27. Network operations
on this system may be disrupted as a result.

Error - 6/25/2011 5:13:05 PM | Computer Name = PC-tech | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/25/2011 5:13:05 PM | Computer Name = PC-tech | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/29/2011 10:41:35 AM | Computer Name = PC-tech | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/29/2011 10:41:36 AM | Computer Name = PC-tech | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/29/2011 10:41:37 AM | Computer Name = PC-tech | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/30/2011 12:29:18 PM | Computer Name = PC-tech | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 7/1/2011 11:21:36 AM | Computer Name = PC-tech | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 7/1/2011 11:21:36 AM | Computer Name = PC-tech | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 7/1/2011 11:21:37 AM | Computer Name = PC-tech | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.


< End of report >

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:46 AM

Posted 08 July 2011 - 06:43 PM

Nope, no malware there. Just a quick clean up to do


Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Run ESET, this will dig out any sign of any past or present infection

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#15 blank.black

blank.black
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 PM

Posted 09 July 2011 - 02:58 AM

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.26.1 log created on 07092011_111622



-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Also, the ESET online scanner was unable to detect any infections.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users