Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) Help?!


  • This topic is locked This topic is locked
49 replies to this topic

#1 AnthonyLIA

AnthonyLIA

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 12 September 2011 - 09:05 PM

Hello. I was referred here from "Am I infected? What do I do?." by Boopme. Topic referenced is here: http://www.bleepingcomputer.com/forums/topic418674.html ~ OB

All of my search engine results are redirecting. When usuing google for the first time after a reboot, it usually refreshes the intial search results and returns to a blank google page. When the search query is resubmitted, all of the results redirect. MBAM identifies HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) and removes it, but the issue always returns after a reboot. I have also noticed that even though I delete my search history, when reopening explorer after a reboot, there are always two sites other than the homepage already logged in the history for the current session. I attempted the 8 steps thingy. Combofix stalled and machine locked up. Will not use again unless directed to do so. Issue was not resolved.


I followed the Prep guide, but DDS would freeze up and the entire machine would freeze (keystroke, mouse, clock) about 75% (judging by the has marks)of the way through the initial scan. I was directed to use OTL. Below are the two logs is provided. I also ran gmer and have that log available as well if it is needed.

OTL

OTL logfile created on: 9/12/2011 9:41:15 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.05 Mb Total Physical Memory | 142.94 Mb Available Physical Memory | 28.47% Memory free
1.20 Gb Paging File | 0.61 Gb Available in Paging File | 51.07% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.34 Gb Total Space | 45.69 Gb Free Space | 61.46% Space Free | Partition Type: NTFS

Computer Name: MELODYLOVE | User Name: CLAUDIA GUTIERREZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/12 21:37:37 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\OTL.exe
PRC - [2011/09/10 15:15:14 | 000,084,480 | ---- | M] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\AdobeAUM\AdobeAUMUpdate\AdobeAUMupdt32.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/09/15 21:15:01 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/09 16:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/03/14 19:49:02 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/03/14 19:48:56 | 000,116,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2007/03/14 19:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/03/14 19:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/02/12 17:23:10 | 000,214,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/11/21 17:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/11/21 17:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/11/21 17:38:28 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/09/02 16:36:33 | 000,198,336 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/12/27 21:34:34 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe
PRC - [2005/12/13 20:28:56 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\TouchPad\TPTray.exe
PRC - [2005/12/05 18:50:22 | 000,028,672 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\TCtrlIOHook.exe
PRC - [2005/12/05 15:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/12/01 15:13:42 | 000,671,744 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\E-KEY\CeEKey.exe
PRC - [2005/11/30 16:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2005/11/28 14:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 14:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/10/06 08:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/08/16 15:23:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2005/07/15 14:52:42 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Touch and Launch\PadExe.exe
PRC - [2005/07/12 21:14:42 | 000,040,960 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2005/06/07 02:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2005/06/06 13:58:44 | 000,024,576 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\ZoomingHook.exe
PRC - [2005/05/31 21:16:24 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 20:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 20:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/08/28 04:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003/11/25 12:36:12 | 001,232,946 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2003/11/25 12:35:44 | 000,798,772 | ---- | M] (AHEAD Software) -- C:\Program Files\Ahead\InCD\incdsrv.exe


========== Modules (No Company Name) ==========

MOD - [2005/12/09 18:35:40 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\EBLib.DLL
MOD - [2005/11/28 14:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/28 14:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/11/28 14:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/11/23 15:42:16 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
MOD - [2005/11/03 14:37:58 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005/09/15 18:04:06 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\EKECioCtl.dll
MOD - [2005/07/12 21:14:42 | 000,040,960 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
MOD - [2005/06/06 13:51:24 | 000,024,576 | ---- | M] () -- C:\Program Files\Toshiba\TouchPad\TPECioctl.dll
MOD - [2004/08/04 08:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2002/03/03 08:40:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/21 14:59:06 | 002,151,640 | ---- | M] (Lavasoft Limited) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2011/06/26 02:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/03/14 19:48:56 | 000,116,416 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/03/14 19:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/03/14 19:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/02/12 17:23:10 | 000,214,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/11/21 17:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/11/21 17:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/09/02 16:36:33 | 000,198,336 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/07/12 21:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 20:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 04:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2003/11/25 12:35:44 | 000,798,772 | ---- | M] (AHEAD Software) [Auto | Running] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2011/08/18 04:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110910.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/18 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/08/18 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110910.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2007/08/28 21:33:59 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/02/12 17:22:40 | 000,196,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/02/12 17:22:36 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/10 16:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/09 20:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/05 05:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/01 14:55:24 | 000,011,264 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/11/30 15:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/30 14:12:36 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 15:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/15 13:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/06 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 08:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 15:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 15:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/06/02 07:33:00 | 000,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/11/15 20:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/11/25 12:37:44 | 000,028,624 | ---- | M] (Ahead Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2003/11/25 12:37:32 | 000,088,848 | ---- | M] (Ahead Software) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
DRV - [2003/09/19 18:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/06/11 12:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/01/29 18:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F9 AC 23 03 B1 05 E1 40 8E 3E FE D4 F1 DB 48 AB [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F9 AC 23 03 B1 05 E1 40 8E 3E FE D4 F1 DB 48 AB [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F9 AC 23 03 B1 05 E1 40 8E 3E FE D4 F1 DB 48 AB [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F9 AC 23 03 B1 05 E1 40 8E 3E FE D4 F1 DB 48 AB [binary data]

IE - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F9 AC 23 03 B1 05 E1 40 8E 3E FE D4 F1 DB 48 AB [binary data]
IE - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.1.1.5:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://gmail.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/04 16:58:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/11 21:15:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/05 22:12:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/04 16:58:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Move Networks [2009/11/08 12:11:53 | 000,000,000 | ---D | M]

[2011/07/25 14:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Extensions
[2011/09/12 17:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions
[2011/09/12 11:45:23 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{08127627-a38a-4175-9254-8849d19633ee}
[2011/09/12 14:04:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{25e636ce-3c10-478b-bb75-67c74fcf727a}
[2011/09/12 13:05:39 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{8a8418fa-bb01-4697-bf5c-e3cdda98881f}
[2011/09/10 22:48:04 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{d7b8f8fd-9b71-4fdd-b617-040f31fcdf77}
[2011/09/12 21:36:30 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{e092d555-9a24-4e9d-b74f-8681d47799cd}
[2011/09/11 21:14:02 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{ee22ba3b-b52b-484b-91b5-f0c9dc1abd84}
[2011/09/12 10:55:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{fcf4af82-88bd-42d6-8f55-c29cbf27f736}
[2011/08/22 17:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CLAUDIA GUTIERREZ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GMDDBMBI.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CLAUDIA GUTIERREZ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GMDDBMBI.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI
[2010/08/31 12:18:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/10 20:18:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/17 18:29:27 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/17 18:29:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/08/11 23:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {0323ACF9-05B1-40E1-8E3E-FED4F1DB48Ab} - C:\WINDOWS\system32\wscui32.dll (The Imaging Source Europe GmbH)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3: - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPNF] C:\Program Files\Toshiba\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [ZoomingHook] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA)
O4 - HKU\.DEFAULT..\Run: [AdobeAUMUpdate] C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\AdobeAUM\AdobeAUMUpdate\AdobeAUMupdt32.exe (The Imaging Source Europe GmbH)
O4 - HKU\S-1-5-18..\Run: [AdobeAUMUpdate] C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\AdobeAUM\AdobeAUMUpdate\AdobeAUMupdt32.exe (The Imaging Source Europe GmbH)
O4 - HKU\S-1-5-21-3130513832-2621490306-409380560-1006..\Run: [AdobeAUMUpdate] C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\AdobeAUM\AdobeAUMUpdate\AdobeAUMupdt32.exe (The Imaging Source Europe GmbH)
O4 - HKU\S-1-5-21-3130513832-2621490306-409380560-1006..\Run: [DisplayTrayOnline] C:\Documents and Settings\All Users\Application Data\DisplayTrayOnline.dll (The Imaging Source Europe GmbH)
O4 - Startup: C:\Documents and Settings\CLAUDIA GUTIERREZ\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} http://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab (CanvasX Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://justicecenter.webex.com/client/T27LB/event/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB7C01E2-1820-4FFF-B863-FB0E51B3C5F2}: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\CLAUDIA GUTIERREZ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\CLAUDIA GUTIERREZ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/12 21:37:34 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\OTL.exe
[2011/09/12 19:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\gmer
[2011/09/12 16:16:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\dds.scr
[2011/09/12 13:13:52 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/09/12 11:44:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Recent
[2011/09/11 21:17:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Start Menu\Programs\Administrative Tools
[2011/09/11 16:37:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/11 16:33:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/11 16:33:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/11 16:33:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/11 16:33:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/11 16:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/11 16:32:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/11 16:30:16 | 004,203,777 | R--- | C] (Swearware) -- C:\ComboFix.exe
[2011/09/11 16:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\tdsskiller
[2011/09/10 15:15:26 | 000,279,552 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\wscui32.dll
[2011/09/10 15:15:18 | 000,111,104 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\All Users\Application Data\DisplayTrayOnline.dll
[2011/09/03 06:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/15 15:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\templates
[7 C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\*.tmp files -> C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[19 C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\*.tmp files -> C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\CLAUDIA GUTIERREZ\*.tmp files -> C:\Documents and Settings\CLAUDIA GUTIERREZ\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/12 21:37:57 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\7793d9c5
[2011/09/12 21:37:37 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\OTL.exe
[2011/09/12 21:36:30 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\974e263a
[2011/09/12 20:25:48 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\ffebd6c5
[2011/09/12 19:32:32 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\gmer.zip
[2011/09/12 17:20:59 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/09/12 17:19:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/12 17:12:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/12 17:11:44 | 526,503,936 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/12 16:16:36 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\dds.scr
[2011/09/12 16:15:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\defogger_reenable
[2011/09/12 16:15:04 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\Defogger.exe
[2011/09/12 14:07:19 | 000,003,703 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\80ebae3f
[2011/09/12 10:57:46 | 004,203,777 | R--- | M] (Swearware) -- C:\ComboFix.exe
[2011/09/11 16:37:29 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/09/11 16:23:00 | 001,386,346 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\tdsskiller.zip
[2011/09/11 09:02:09 | 000,000,012 | ---- | M] () -- C:\WINDOWS\dirsaver.ini
[2011/09/10 23:00:13 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\rkill.com
[2011/09/10 20:16:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/10 15:15:26 | 000,279,552 | ---- | M] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\wscui32.dll
[2011/09/10 15:15:15 | 000,111,104 | ---- | M] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\All Users\Application Data\DisplayTrayOnline.dll
[2011/09/09 15:58:36 | 000,001,768 | -H-- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\Default.rdp
[2011/09/03 06:17:37 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/26 00:02:11 | 000,201,862 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\estroven_coupon.pdf
[2011/08/22 19:46:19 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\useragentswitcher.xml
[2011/08/22 17:55:20 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/22 17:55:20 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[7 C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\*.tmp files -> C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[19 C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\*.tmp files -> C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\CLAUDIA GUTIERREZ\*.tmp files -> C:\Documents and Settings\CLAUDIA GUTIERREZ\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/12 19:32:28 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\gmer.zip
[2011/09/12 16:15:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\defogger_reenable
[2011/09/12 16:14:56 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\Defogger.exe
[2011/09/11 21:19:38 | 526,503,936 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/11 16:37:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/09/11 16:37:24 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/11 16:33:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/11 16:33:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/11 16:33:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/11 16:33:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/11 16:33:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/11 16:22:58 | 001,386,346 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\tdsskiller.zip
[2011/09/10 23:00:13 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\rkill.com
[2011/09/10 20:16:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/10 17:03:41 | 000,003,703 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\80ebae3f
[2011/09/10 16:15:33 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\ffebd6c5
[2011/09/10 15:16:02 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\974e263a
[2011/09/10 15:15:33 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\7793d9c5
[2011/08/26 00:02:11 | 000,201,862 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\estroven_coupon.pdf
[2011/08/22 19:45:45 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\useragentswitcher.xml
[2011/08/22 17:55:19 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2010/05/21 21:25:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2010/02/01 15:27:42 | 000,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2010/02/01 15:18:48 | 000,176,353 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2010/02/01 15:18:48 | 000,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2010/01/14 12:33:02 | 000,000,074 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/10/04 16:34:49 | 000,165,429 | ---- | C] () -- C:\WINDOWS\hpoins30.dat
[2008/10/04 16:34:49 | 000,000,844 | ---- | C] () -- C:\WINDOWS\hpomdl30.dat
[2008/03/06 11:23:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/07/28 02:00:41 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/19 12:23:06 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Local Settings\Application Data\fusioncache.dat
[2006/09/27 20:58:16 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2006/09/27 20:58:14 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2006/09/27 20:58:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2006/08/22 17:29:35 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/05 13:16:01 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2006/08/05 12:57:38 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/05 12:41:18 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/07/13 12:25:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/13 12:20:43 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/07/13 12:20:43 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/07/13 12:20:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/07/13 12:20:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/07/13 12:20:43 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/07/13 12:20:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/01/03 03:07:52 | 000,004,528 | R--- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2006/01/03 03:07:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2005/12/29 16:21:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/29 15:49:29 | 000,000,216 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/29 15:46:57 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/12/29 15:09:53 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2005/12/29 15:09:53 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/12/29 15:01:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/12/29 15:01:31 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2005/12/29 14:54:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2005/12/29 14:54:22 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/12/29 14:44:09 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/12/29 14:44:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/12/29 14:44:09 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/12/29 14:44:09 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/12/29 14:35:33 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2005/12/29 14:35:33 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2005/12/29 14:35:19 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/12/29 14:35:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/12/29 13:28:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/29 13:25:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/29 13:20:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/12/29 13:18:58 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/12/29 05:15:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/29 05:14:16 | 000,159,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/29 02:32:20 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/29 02:28:50 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/12/29 02:28:45 | 000,385,164 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/29 02:28:45 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/12/29 02:28:45 | 000,054,682 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/29 02:28:45 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/12/29 02:28:43 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/12/29 02:28:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/12/29 02:28:39 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/12/29 02:28:31 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/12/29 02:28:31 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/12/29 02:28:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/12/29 02:28:07 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/12/09 18:36:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/11/29 00:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/23 17:55:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/11/23 17:41:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/11/23 15:42:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/09/15 18:04:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2004/01/13 21:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

Edited by Orange Blossom, 13 September 2011 - 12:09 AM.


BC AdBot (Login to Remove)

 


#2 AnthonyLIA

AnthonyLIA
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 12 September 2011 - 09:07 PM

Here is the second log file produced by OTL. (Extras.txt)

OTL Extras logfile created on: 9/12/2011 9:41:15 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.05 Mb Total Physical Memory | 142.94 Mb Available Physical Memory | 28.47% Memory free
1.20 Gb Paging File | 0.61 Gb Available in Paging File | 51.07% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.34 Gb Total Space | 45.69 Gb Free Space | 61.46% Space Free | Partition Type: NTFS

Computer Name: MELODYLOVE | User Name: CLAUDIA GUTIERREZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:UDP" = 427:UDP:*:Enabled:SLP_Port(427)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"427:UDP" = 427:UDP:*:Enabled:SLP_Port(427)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\setup\HPZnui01.exe" = D:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe -- ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
"C:\Program Files\Common Files\AOL\1135887705\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1135887705\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe" = C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Network Magic Service
"D:\setup\HPZnui01.exe" = D:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe -- ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\real\realplayer\realplay.exe" = C:\Program Files\real\realplayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{22988B2A-374A-4A7B-B795-A1AFF2046BE9}" = PhotoGallery
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{43C0C354-A185-4D2D-A057-67C9160460E1}" = PS_AIO_04_C4580_Software_Min
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50E125D1-88E5-48CE-80AE-98EC9698E639}" = Symantec AntiVirus
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{7641710F-A4AD-4EAE-889C-4958BE3F169C}" = C4580
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A6A195F5-BCAB-4F38-8459-DF693303CD8D}" = PS_AIO_04_C4580_ProductContext
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB15DB2C-3FD9-4A6E-B99C-C346F116BB9D}" = Print Perfect Fonts Deluxe
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Metamail (Toshiba Registration Utility)
"{BED1705F-7558-40f7-9F52-6C6FBD58EA2E}" = HP Photosmart C4500 All-In-One Driver Software 11.0 Rel .4
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{D23E2520-0EAA-4AC3-A47E-A551C70D4FED}" = C4580_Help
"{D4278897-1541-493E-9D39-59CC6AB0FC09}" = PS_AIO_04_C4580_Software
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.5 SP2
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner (remove only)
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Fn-esse" = TOSHIBA Fn-esse
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photo & Imaging" = HP Image Zone 3.5
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"InstallShield_{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"InstallShield_{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"QuickTime" = QuickTime
"RealPlayer 12.0" = RealPlayer
"sat_screensaver_30mb.scr" = sat_screensaver_30mb
"ScrewDrivers Client v4" = ScrewDrivers Client v4
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3130513832-2621490306-409380560-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 4.8.0.723
"Move Media Player" = Move Media Player
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/11/2011 7:19:49 PM | Computer Name = MELODYLOVE | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
Event
Info: Terminate Process Action Taken: Blocked Actor Process: C:\WINDOWS\system32\taskmgr.exe
(PID 1516) Time: Sunday, September 11, 2011 7:19:49 PM

Error - 9/11/2011 7:20:25 PM | Computer Name = MELODYLOVE | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\DefWatch.exe Event Info: Terminate Process Action Taken: Blocked Actor
Process: C:\WINDOWS\system32\taskmgr.exe (PID 1516) Time: Sunday, September 11,
2011 7:20:25 PM

Error - 9/11/2011 7:20:45 PM | Computer Name = MELODYLOVE | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\SavRoam.exe Event Info: Terminate Process Action Taken: Blocked Actor
Process: C:\WINDOWS\system32\taskmgr.exe (PID 1516) Time: Sunday, September 11,
2011 7:20:45 PM

Error - 9/11/2011 7:20:52 PM | Computer Name = MELODYLOVE | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Process Action Taken: Blocked Actor
Process: C:\WINDOWS\system32\taskmgr.exe (PID 1516) Time: Sunday, September 11,
2011 7:20:52 PM

Error - 9/11/2011 7:20:59 PM | Computer Name = MELODYLOVE | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe Event Info: Terminate Process Action Taken: Blocked Actor
Process: C:\WINDOWS\system32\taskmgr.exe (PID 1516) Time: Sunday, September 11,
2011 7:20:59 PM

Error - 9/11/2011 7:21:34 PM | Computer Name = MELODYLOVE | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccApp.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\WINDOWS\system32\taskmgr.exe (PID 1516) Time: Sunday, September 11, 2011 7:21:34
PM

Error - 9/11/2011 7:23:08 PM | Computer Name = MELODYLOVE | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\DefWatch.exe Event Info: Terminate Process Action Taken: Blocked Actor
Process: C:\WINDOWS\system32\taskmgr.exe (PID 1516) Time: Sunday, September 11,
2011 7:23:08 PM

Error - 9/11/2011 7:23:17 PM | Computer Name = MELODYLOVE | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Process Action Taken: Blocked Actor
Process: C:\WINDOWS\system32\taskmgr.exe (PID 1516) Time: Sunday, September 11,
2011 7:23:17 PM

Error - 9/11/2011 7:23:52 PM | Computer Name = MELODYLOVE | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\pev.3XE (PID 2564) Time: Sunday, September 11, 2011 7:23:52
PM

Error - 9/11/2011 7:23:53 PM | Computer Name = MELODYLOVE | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\License\iexplore.exe (PID 620) Time: Sunday, September 11, 2011
7:23:53 PM

[ System Events ]
Error - 9/12/2011 1:14:57 PM | Computer Name = MELODYLOVE | Source = Service Control Manager | ID = 7034
Description = The Swupdtmr service terminated unexpectedly. It has done this 1
time(s).

Error - 9/12/2011 1:58:24 PM | Computer Name = MELODYLOVE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 9/12/2011 1:58:24 PM | Computer Name = MELODYLOVE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 9/12/2011 2:59:23 PM | Computer Name = MELODYLOVE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gusvc with
arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 9/12/2011 4:34:09 PM | Computer Name = MELODYLOVE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 9/12/2011 4:34:09 PM | Computer Name = MELODYLOVE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 9/12/2011 5:14:07 PM | Computer Name = MELODYLOVE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 9/12/2011 5:14:07 PM | Computer Name = MELODYLOVE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 9/12/2011 7:36:46 PM | Computer Name = MELODYLOVE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 9/12/2011 7:41:56 PM | Computer Name = MELODYLOVE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.


< End of report >

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 PM

Posted 19 September 2011 - 09:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/418741 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 AnthonyLIA

AnthonyLIA
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 20 September 2011 - 08:16 AM

I have not used infected machine since last logs were posted (see above). DDS stalls and freezes machine. Having difficulty trying to manage the A/V. I cannot tell if it is scanning in the background and causing issues with the DDS. MBAM, OTL, Norton are all able to complete scans. All information above is still current.

Thanks,
Anthony

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:46 AM

Posted 21 September 2011 - 03:52 AM

Hello and :welcome: to BleepingComputer. My name is Elise and I'll be assisting you with this problem.

I see you ran combofix but it did not complete most likely (looks like it was blocked by symantec).

Please download a new copy and save it to your desktop. Then reboot in safe mode and run it from there. Post me the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 AnthonyLIA

AnthonyLIA
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 21 September 2011 - 01:01 PM

Hello.

Thanks for coming to my rescue. I did as you instructed. When I went to run combofix from Safemode, it still warned me about a real time scanner from Symantec Antivirus Corporate Edition.

I have turned off every thing I could identify that is related to Symantec. But obviously I am still missing something.

What should I do?

Thanks.

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:46 AM

Posted 21 September 2011 - 01:21 PM

Just ignore it and continue; in safe mode the scanner will not be completely enabled anyway.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 AnthonyLIA

AnthonyLIA
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 21 September 2011 - 01:56 PM

Attempted to run it. Let it run for 30+ minutes. Machine froze. Last text it posted was the comment that the scan should only take about 10 minutes, but might take longer depending on severity of infection.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:46 AM

Posted 22 September 2011 - 01:35 AM

Manually reboot your computer in safe mode, click Start > Run, type combofix /killall and press enter. Run it like that.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 AnthonyLIA

AnthonyLIA
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 22 September 2011 - 01:54 PM

Followed instructions. Same results. Same warnings. System froze (clock stopped, unresponsive) about 14 minutes into scan (I let it sit for an additional 15 minutes after the clocked stopped). No hash marks displayed. :(

Thanks for taking the time to work with me. What is next?

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:46 AM

Posted 22 September 2011 - 03:19 PM

Hi again,

OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 AnthonyLIA

AnthonyLIA
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 22 September 2011 - 04:20 PM

OTL logfile created on: 9/22/2011 5:00:13 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.05 Mb Total Physical Memory | 217.30 Mb Available Physical Memory | 43.28% Memory free
1.20 Gb Paging File | 0.67 Gb Available in Paging File | 55.54% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.34 Gb Total Space | 45.65 Gb Free Space | 61.40% Space Free | Partition Type: NTFS

Computer Name: MELODYLOVE | User Name: CLAUDIA GUTIERREZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/22 16:59:27 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\OTL.exe
PRC - [2011/09/10 20:18:54 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/03/14 19:49:02 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/03/14 19:48:56 | 000,116,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2007/03/14 19:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/03/14 19:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/02/12 17:23:10 | 000,214,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/11/21 17:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/11/21 17:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/11/21 17:38:28 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/12/27 21:34:34 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe
PRC - [2005/12/13 20:28:56 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\TouchPad\TPTray.exe
PRC - [2005/12/05 15:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/12/01 15:13:42 | 000,671,744 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\E-KEY\CeEKey.exe
PRC - [2005/11/30 16:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2005/11/28 14:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 14:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/10/06 08:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/08/16 15:23:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2005/07/12 21:14:42 | 000,040,960 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2005/06/07 02:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2005/05/31 21:16:24 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/01/17 20:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/10 20:18:49 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/07/25 14:43:17 | 006,271,648 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2005/12/09 18:35:40 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\EBLib.DLL
MOD - [2005/11/28 14:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/28 14:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/11/28 14:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/11/23 15:42:16 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
MOD - [2005/11/03 14:37:58 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005/09/15 18:04:06 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\EKECioCtl.dll
MOD - [2005/07/12 21:14:42 | 000,040,960 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
MOD - [2005/06/06 13:51:24 | 000,024,576 | ---- | M] () -- C:\Program Files\Toshiba\TouchPad\TPECioctl.dll
MOD - [2002/03/03 08:40:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/21 14:59:06 | 002,151,640 | ---- | M] (Lavasoft Limited) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2011/06/26 02:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/03/14 19:48:56 | 000,116,416 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/03/14 19:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/03/14 19:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/02/12 17:23:10 | 000,214,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/11/21 17:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/11/21 17:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/09/02 16:36:33 | 000,198,336 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/07/12 21:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 20:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 04:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - [2011/08/18 04:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110910.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/18 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/08/18 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110910.002\NAVENG.SYS -- (NAVENG)
DRV - [2007/08/28 21:33:59 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/02/12 17:22:40 | 000,196,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/02/12 17:22:36 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/10 16:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/09 20:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/05 05:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/01 14:55:24 | 000,011,264 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/11/30 15:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/30 14:12:36 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 15:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/15 13:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/06 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 08:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 15:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 15:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/06/02 07:33:00 | 000,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/11/15 20:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/09/19 18:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/06/11 12:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/01/29 18:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F9 AC 23 03 B1 05 E1 40 8E 3E FE D4 F1 DB 48 AB [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F9 AC 23 03 B1 05 E1 40 8E 3E FE D4 F1 DB 48 AB [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F9 AC 23 03 B1 05 E1 40 8E 3E FE D4 F1 DB 48 AB [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F9 AC 23 03 B1 05 E1 40 8E 3E FE D4 F1 DB 48 AB [binary data]

IE - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F9 AC 23 03 B1 05 E1 40 8E 3E FE D4 F1 DB 48 AB [binary data]
IE - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.1.1.5:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://gmail.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/04 16:58:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/11 21:15:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/05 22:12:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/04 16:58:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Move Networks [2009/11/08 12:11:53 | 000,000,000 | ---D | M]

[2011/07/25 14:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Extensions
[2011/09/22 13:44:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions
[2011/09/12 11:45:23 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{08127627-a38a-4175-9254-8849d19633ee}
[2011/09/12 14:04:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{25e636ce-3c10-478b-bb75-67c74fcf727a}
[2011/09/22 13:44:25 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{38b2a520-4bc8-47dc-87a1-d920bacd6a14}
[2011/09/12 13:05:39 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{8a8418fa-bb01-4697-bf5c-e3cdda98881f}
[2011/09/10 22:48:04 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{d7b8f8fd-9b71-4fdd-b617-040f31fcdf77}
[2011/09/21 16:05:19 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{e092d555-9a24-4e9d-b74f-8681d47799cd}
[2011/09/11 21:14:02 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{ee22ba3b-b52b-484b-91b5-f0c9dc1abd84}
[2011/09/12 10:55:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{fcf4af82-88bd-42d6-8f55-c29cbf27f736}
[2011/08/22 17:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CLAUDIA GUTIERREZ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GMDDBMBI.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CLAUDIA GUTIERREZ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GMDDBMBI.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI
[2010/08/31 12:18:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/10 20:18:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/17 18:29:27 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/17 18:29:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/08/11 23:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPNF] C:\Program Files\Toshiba\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [ZoomingHook] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA)
O4 - HKU\.DEFAULT..\Run: [AdobeAUMUpdate] C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\AdobeAUM\AdobeAUMUpdate\AdobeAUMupdt32.exe (The Imaging Source Europe GmbH)
O4 - HKU\S-1-5-18..\Run: [AdobeAUMUpdate] C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\AdobeAUM\AdobeAUMUpdate\AdobeAUMupdt32.exe (The Imaging Source Europe GmbH)
O4 - HKU\S-1-5-21-3130513832-2621490306-409380560-1006..\Run: [AdobeAUMUpdate] C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\AdobeAUM\AdobeAUMUpdate\AdobeAUMupdt32.exe (The Imaging Source Europe GmbH)
O4 - HKU\S-1-5-21-3130513832-2621490306-409380560-1006..\Run: [DisplayTrayOnline] C:\Documents and Settings\All Users\Application Data\DisplayTrayOnline.dll (The Imaging Source Europe GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3130513832-2621490306-409380560-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} http://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab (CanvasX Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://justicecenter.webex.com/client/T27LB/event/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB7C01E2-1820-4FFF-B863-FB0E51B3C5F2}: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\CLAUDIA GUTIERREZ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\CLAUDIA GUTIERREZ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/22 16:59:05 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\OTL.exe
[2011/09/22 14:10:27 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/09/22 14:04:26 | 004,224,662 | R--- | C] (Swearware) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\ComboFix.exe
[2011/09/12 19:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\gmer
[2011/09/12 16:16:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\dds.scr
[2011/09/12 11:44:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Recent
[2011/09/11 21:17:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Start Menu\Programs\Administrative Tools
[2011/09/11 16:37:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/11 16:33:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/11 16:33:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/11 16:33:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/11 16:33:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/11 16:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/11 16:32:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/11 16:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\tdsskiller
[2011/09/10 15:15:18 | 000,111,104 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\All Users\Application Data\DisplayTrayOnline.dll
[2011/09/03 06:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[7 C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\*.tmp files -> C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[19 C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\*.tmp files -> C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\CLAUDIA GUTIERREZ\*.tmp files -> C:\Documents and Settings\CLAUDIA GUTIERREZ\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/22 16:59:40 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\7793d9c5
[2011/09/22 16:59:27 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\OTL.exe
[2011/09/22 16:53:46 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\974e263a
[2011/09/22 16:32:04 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/09/22 16:28:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/22 16:28:40 | 526,503,936 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/22 14:04:32 | 004,224,662 | R--- | M] (Swearware) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\ComboFix.exe
[2011/09/22 13:48:44 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/22 13:36:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/21 15:05:38 | 000,000,031 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/09/21 12:59:15 | 000,006,234 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\80ebae3f
[2011/09/21 12:43:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/15 14:06:02 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\ffebd6c5
[2011/09/15 11:07:42 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/09/12 19:32:32 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\gmer.zip
[2011/09/12 16:16:36 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\dds.scr
[2011/09/12 16:15:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\defogger_reenable
[2011/09/12 16:15:04 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\Defogger.exe
[2011/09/11 16:37:29 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/09/11 16:23:00 | 001,386,346 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\tdsskiller.zip
[2011/09/11 09:02:09 | 000,000,012 | ---- | M] () -- C:\WINDOWS\dirsaver.ini
[2011/09/10 23:00:13 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\rkill.com
[2011/09/10 20:16:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/10 15:15:15 | 000,111,104 | ---- | M] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\All Users\Application Data\DisplayTrayOnline.dll
[2011/09/09 15:58:36 | 000,001,768 | -H-- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\Default.rdp
[2011/09/09 05:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/26 00:02:11 | 000,201,862 | ---- | M] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\estroven_coupon.pdf
[7 C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\*.tmp files -> C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[19 C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\*.tmp files -> C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\CLAUDIA GUTIERREZ\*.tmp files -> C:\Documents and Settings\CLAUDIA GUTIERREZ\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/22 14:44:55 | 526,503,936 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/15 11:13:30 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/09/15 11:07:42 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/09/15 11:07:42 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/09/12 19:32:28 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\gmer.zip
[2011/09/12 16:15:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\defogger_reenable
[2011/09/12 16:14:56 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\Defogger.exe
[2011/09/11 16:37:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/09/11 16:37:24 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/11 16:33:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/11 16:33:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/11 16:33:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/11 16:33:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/11 16:33:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/11 16:22:58 | 001,386,346 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\tdsskiller.zip
[2011/09/10 23:00:13 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Desktop\rkill.com
[2011/09/10 20:16:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/10 17:03:41 | 000,006,234 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\80ebae3f
[2011/09/10 16:15:33 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\ffebd6c5
[2011/09/10 15:16:02 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\974e263a
[2011/09/10 15:15:33 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\7793d9c5
[2011/08/26 00:02:11 | 000,201,862 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\My Documents\estroven_coupon.pdf
[2010/05/21 21:25:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2010/02/01 15:27:42 | 000,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2010/02/01 15:18:48 | 000,176,353 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2010/02/01 15:18:48 | 000,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2010/01/14 12:33:02 | 000,000,074 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/10/04 16:34:49 | 000,165,429 | ---- | C] () -- C:\WINDOWS\hpoins30.dat
[2008/10/04 16:34:49 | 000,000,844 | ---- | C] () -- C:\WINDOWS\hpomdl30.dat
[2008/03/06 11:23:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/07/28 02:00:41 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/19 12:23:06 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Local Settings\Application Data\fusioncache.dat
[2006/09/27 20:58:16 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2006/09/27 20:58:14 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2006/09/27 20:58:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2006/08/22 17:29:35 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/05 13:16:01 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2006/08/05 12:57:38 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/05 12:41:18 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/07/13 12:25:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/13 12:20:43 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/07/13 12:20:43 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/07/13 12:20:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/07/13 12:20:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/07/13 12:20:43 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/07/13 12:20:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/01/03 03:07:52 | 000,004,528 | R--- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2006/01/03 03:07:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2005/12/29 16:21:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/29 15:49:29 | 000,000,216 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/29 15:46:57 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/12/29 15:09:53 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2005/12/29 15:09:53 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/12/29 15:01:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/12/29 15:01:31 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2005/12/29 14:54:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2005/12/29 14:54:22 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/12/29 14:44:09 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/12/29 14:44:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/12/29 14:44:09 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/12/29 14:44:09 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/12/29 14:35:33 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2005/12/29 14:35:33 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2005/12/29 14:35:19 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/12/29 14:35:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/12/29 13:28:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/29 13:25:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/29 13:20:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/12/29 13:18:58 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/12/29 05:15:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/29 05:14:16 | 000,159,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/29 02:32:20 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/29 02:28:50 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/12/29 02:28:45 | 000,385,164 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/29 02:28:45 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/12/29 02:28:45 | 000,054,682 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/29 02:28:45 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/12/29 02:28:43 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/12/29 02:28:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/12/29 02:28:39 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/12/29 02:28:31 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/12/29 02:28:31 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/12/29 02:28:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/12/29 02:28:07 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/12/09 18:36:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/11/23 17:55:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/11/23 17:41:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/11/23 15:42:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/09/15 18:04:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2004/01/13 21:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >


Only produced one log file. When I ran OTL previously, it produced two as you were expecting (see above)

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:46 AM

Posted 23 September 2011 - 04:09 AM

Hi there, let me know how things are after the following fix.

OTL FIX
------------
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :otl
    [2011/09/12 11:45:23 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{08127627-a38a-4175-9254-8849d19633ee}
    [2011/09/12 14:04:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{25e636ce-3c10-478b-bb75-67c74fcf727a}
    [2011/09/22 13:44:25 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{38b2a520-4bc8-47dc-87a1-d920bacd6a14}
    [2011/09/12 13:05:39 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{8a8418fa-bb01-4697-bf5c-e3cdda98881f}
    [2011/09/10 22:48:04 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{d7b8f8fd-9b71-4fdd-b617-040f31fcdf77}
    [2011/09/21 16:05:19 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{e092d555-9a24-4e9d-b74f-8681d47799cd}
    [2011/09/11 21:14:02 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{ee22ba3b-b52b-484b-91b5-f0c9dc1abd84}
    [2011/09/12 10:55:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{fcf4af82-88bd-42d6-8f55-c29cbf27f736}
    
    :commands
    [emptytemp]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 AnthonyLIA

AnthonyLIA
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 23 September 2011 - 09:07 AM

Here is the log. Rebooted as indicated. Any hope?

All processes killed
========== OTL ==========
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{08127627-a38a-4175-9254-8849d19633ee}\defaults\preferences folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{08127627-a38a-4175-9254-8849d19633ee}\defaults folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{08127627-a38a-4175-9254-8849d19633ee}\chrome folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{08127627-a38a-4175-9254-8849d19633ee} folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{25e636ce-3c10-478b-bb75-67c74fcf727a}\defaults\preferences folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{25e636ce-3c10-478b-bb75-67c74fcf727a}\defaults folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{25e636ce-3c10-478b-bb75-67c74fcf727a}\chrome folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{25e636ce-3c10-478b-bb75-67c74fcf727a} folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{38b2a520-4bc8-47dc-87a1-d920bacd6a14}\defaults\preferences folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{38b2a520-4bc8-47dc-87a1-d920bacd6a14}\defaults folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{38b2a520-4bc8-47dc-87a1-d920bacd6a14}\chrome folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{38b2a520-4bc8-47dc-87a1-d920bacd6a14} folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{8a8418fa-bb01-4697-bf5c-e3cdda98881f}\defaults\preferences folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{8a8418fa-bb01-4697-bf5c-e3cdda98881f}\defaults folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{8a8418fa-bb01-4697-bf5c-e3cdda98881f}\chrome folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{8a8418fa-bb01-4697-bf5c-e3cdda98881f} folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{d7b8f8fd-9b71-4fdd-b617-040f31fcdf77}\defaults\preferences folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{d7b8f8fd-9b71-4fdd-b617-040f31fcdf77}\defaults folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{d7b8f8fd-9b71-4fdd-b617-040f31fcdf77}\chrome folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{d7b8f8fd-9b71-4fdd-b617-040f31fcdf77} folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{e092d555-9a24-4e9d-b74f-8681d47799cd}\defaults\preferences folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{e092d555-9a24-4e9d-b74f-8681d47799cd}\defaults folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{e092d555-9a24-4e9d-b74f-8681d47799cd}\chrome folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{e092d555-9a24-4e9d-b74f-8681d47799cd} folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{ee22ba3b-b52b-484b-91b5-f0c9dc1abd84}\defaults\preferences folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{ee22ba3b-b52b-484b-91b5-f0c9dc1abd84}\defaults folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{ee22ba3b-b52b-484b-91b5-f0c9dc1abd84}\chrome folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{ee22ba3b-b52b-484b-91b5-f0c9dc1abd84} folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{fcf4af82-88bd-42d6-8f55-c29cbf27f736}\defaults\preferences folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{fcf4af82-88bd-42d6-8f55-c29cbf27f736}\defaults folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{fcf4af82-88bd-42d6-8f55-c29cbf27f736}\chrome folder moved successfully.
C:\Documents and Settings\CLAUDIA GUTIERREZ\Application Data\Mozilla\Firefox\Profiles\gmddbmbi.default\extensions\{fcf4af82-88bd-42d6-8f55-c29cbf27f736} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 11474 bytes
->Temporary Internet Files folder emptied: 204952 bytes

User: All Users

User: CLAUDIA GUTIERREZ
->Temp folder emptied: 344963292 bytes
->Temporary Internet Files folder emptied: 595660359 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50229152 bytes
->Flash cache emptied: 4017 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 112470 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2952209 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13202985 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 57480 bytes

Total Files Cleaned = 961.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 09232011_095005

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\CLAUDIA GUTIERREZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\76S4L3HJ\3Fp%3Dfeed%2Bthe%2Bpoor%2BGainesville%26prssweb%3DSearch%26ei%3DUTF-8%26fr%3Dtoshiba-web%26x%3Dwrt&cc=2&u_h=800&u_w=1280&u_ah=770&u_aw=1280&u_cd=32&u_tz=-420&u_his=3&u_java=true not found!
File\Folder C:\Documents and Settings\CLAUDIA GUTIERREZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\5OSZHX05\2J2RIL.com%2Fbrowse%2Fpiety&kw_type=broad&kw=piety&num_radlinks=5&max_radlink_len=27&region=def&cc=100&u_h=800&u_w=1280&u_ah=770&u_aw=1280&u_cd=32&u_tz=-240&u_his=12&u_java=true not found!
File\Folder C:\Documents and Settings\CLAUDIA GUTIERREZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\5OSZHX05\Fbrowse%2Fpretentions&kw_type=broad&kw=pretentions&num_radlinks=5&max_radlink_len=27&region=def&cc=100&u_h=800&u_w=1280&u_ah=770&u_aw=1280&u_cd=32&u_tz=-240&u_his=10&u_java=true not found!
File\Folder C:\Documents and Settings\CLAUDIA GUTIERREZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\5OSZHX05\MND.com%2Fbrowse%2Flexicon&kw_type=broad&kw=lexicon&num_radlinks=5&max_radlink_len=27&region=def&cc=100&u_h=800&u_w=1280&u_ah=770&u_aw=1280&u_cd=32&u_tz=-240&u_his=7&u_java=true not found!
File\Folder C:\Documents and Settings\CLAUDIA GUTIERREZ\Local Settings\Temp\Temporary Internet Files\Content.IE5\477VAKDP\UV1.com%2Fbrowse%2Flexicon&kw_type=broad&kw=lexicon&num_radlinks=5&max_radlink_len=27&region=def&cc=100&u_h=800&u_w=1280&u_ah=770&u_aw=1280&u_cd=32&u_tz=-240&u_his=7&u_java=true not found!

Registry entries deleted on Reboot...

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:46 AM

Posted 23 September 2011 - 09:29 AM

How are things running at this point?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users