Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer crashes


  • This topic is locked This topic is locked
60 replies to this topic

#1 sunnysideup

sunnysideup

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 08 December 2012 - 01:50 AM

Hi.

First, my apologies as I have gone and run Combofix without any advice - I only realized I wasn't supposed to after having done so - careless I know. Basically, the problem I am facing is that my computer crashes (everything freezes except mouse still moves) forcing me to turn off the computer using the off switch. This happens without fail each time I watch a youtube video after about 20 minutes or so. After running Combofix luckily nothing has gotten worse however the situation remains the same, therefore I have decided to post the log here and I have not run any other programs since.

I would really appreciate it if you could take a look at log and identify what the problem is or offer me some advice as I'm not that computer savvy.

Thank you.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 AM

Posted 13 December 2012 - 01:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/477775 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 sunnysideup

sunnysideup
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 16 December 2012 - 10:36 AM

Just to update, contrary to my previous post, my computer crashes not necessarily when youtube is playing. I can't seem to identify the cause.

As per the instructions, my system information is as follows:

Microsoft Windows Vista Home Premium (64 bit)
Version 6.0.6002 Service Pack 2 Build 6002

I have attached my DDS file too.

I hope someone can help.

Attached Files

  • Attached File  dds.txt   23.66KB   5 downloads

Edited by sunnysideup, 16 December 2012 - 10:37 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:08 PM

Posted 17 December 2012 - 01:01 PM

Greetings sunnysideup and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:08 PM

Posted 17 December 2012 - 01:02 PM

Logs posted by Oh My!


ComboFix 12-12-01.01 - Ed 2012/12/01 23:38:04.1.2 - x64
Running from: c:\users\Ed\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: セキュリティ対策ツール *Disabled/Outdated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: セキュリティ対策ツール *Disabled/Outdated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Codecv
c:\programdata\Codecv\background.html
c:\programdata\Codecv\bhoclass.dll
c:\programdata\Codecv\content.js
c:\programdata\Codecv\data\content.js
c:\programdata\Codecv\data\jsondb.js
c:\programdata\Codecv\pdccknbpfgeakafgnploggookclaahip.crx
c:\programdata\Codecv\settings.ini
c:\programdata\Codecv\uninstall.exe
c:\users\Ed\AppData\Roaming\3383130714d37bd0a5e1c67.49796809
.
.
((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))
.
.
2012-12-01 15:35 . 2012-12-01 15:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-01 13:48 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A7D854E-0767-4D04-BF96-1C35847AAF06}\mpengine.dll
2012-12-01 09:06 . 2012-12-01 09:06 -------- d-----w- C:\found.000
2012-11-29 09:50 . 2012-11-29 09:49 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B7AB1DC-DCDC-4C9B-BC6F-4C0961C4B19B}\gapaengine.dll
2012-11-25 02:10 . 2012-11-25 02:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-19 01:44 . 2012-11-19 01:44 -------- d-----w- c:\users\Ed\AppData\Local\Macromedia
2012-11-04 13:37 . 2012-11-14 12:54 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-04 13:37 . 2012-11-14 12:54 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-04 13:37 . 2012-11-04 13:37 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-08 17:24 . 2012-02-06 09:23 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-02 07:35 . 2012-10-28 12:42 37704 ----a-w- c:\windows\system32\VNCpm.dll
2012-10-02 07:35 . 2012-10-28 12:39 4608 ----a-w- c:\windows\system32\drivers\vncmirror.sys
2012-10-02 07:35 . 2012-10-28 12:39 26112 ----a-w- c:\windows\system32\vncmirror.dll
2012-09-27 15:18 . 2006-11-02 12:35 65309168 ----a-w- c:\windows\system32\mrt.exe
2012-09-13 13:45 . 2012-10-10 12:12 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-13 13:28 . 2012-10-10 12:12 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a999000f-9e59-4d90-8abd-885f49774fca}]
2009-11-08 01:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 07:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-12-10 438584]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-12 1353080]
"World Clocks Wallpaper"="c:\program files (x86)\WorldClocksWallpaper\WorldClocksWallpaper.exe" [2006-09-18 843264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KazaNavi"="c:\program files (x86)\JustSystems\KazaNavi\kazanavi.exe" [2008-12-10 701736]
"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2008-11-26 701752]
"NDSTray.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [2009-03-17 304496]
"cfFncEnabler.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"IME JPN 2007 Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2011-09-19 63856]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-11 215360]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-6 271808]
MonsterTV HD.lnk - c:\program files (x86)\Sknet\MonsterTVHD\MonsterTVD.exe [2010-12-16 2688512]
スタートアップツール.lnk - c:\windows\Installer\{E8691A05-68C9-4D3A-AA86-4F784711370F}\_DC76B6ABD5695212A9A737.exe [2012-4-19 2238]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ imjp12.ime
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 12:54]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 01:08]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 01:08]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3303524322-3365780025-869472404-1001Core1cd96b59cf1c630.job
- c:\users\Ed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 12:45]
.
2012-11-19 c:\windows\Tasks\Norton Security Scan for Ed.job
- c:\progra~2\NORTON~2\Engine\372~1.5\Nss.exe [2012-06-16 09:45]
.
2011-12-11 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2011-12-11 02:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-24 8081952]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 237056]
"TiltMouse"="c:\program files\Toshiba\Tilt Mouse\MulMouse.exe" [2009-02-16 393216]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2007-04-16 422400]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2007-09-19 438272]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"FlipViewer Library"="c:\program files (x86)\E-Book Systems\FlipViewer\FlipViewerLibrary.exe" [2008-12-02 413896]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"IME JPN 2007 Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2011-05-26 119664]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-13 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-13 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-13 200216]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-08-24 16557832]
"Trend Micro Client Framework"="c:\program files\NTTW\Security\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-11-18 213824]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.co.jp/
mStart Page = hxxp://dynabook.fresheye.com/cgi-bin/login.cgi
mDefault_Page_URL = hxxp://dynabook.fresheye.com/cgi-bin/login.cgi
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Microsoft Excel にエクスポート(&X) - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
LSP: c:\windows\SysWOW64\ifp5lsp.dll
Trusted Zone: fresheye.com\dynabook
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\yl0upilj.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
FF - Ext: Perapera-kun: Popup Japanese and Chinese Translator: chineseperakun@gmail.com - %profile%\extensions\chineseperakun@gmail.com
FF - Ext: Chinese-English Dictionary for Perapera-kun: peraperakun-chinese@gmail.com - %profile%\extensions\peraperakun-chinese@gmail.com
FF - Ext: Rikaichan Japanese-English Dictionary File: rikaichan-jpen@polarcloud.com - %profile%\extensions\rikaichan-jpen@polarcloud.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: FaviconizeTab: faviconizetab@espion.just-size.jp - %profile%\extensions\faviconizetab@espion.just-size.jp
FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com
FF - Ext: Codecv: 4feecdbd4588c@4feecdbd458c5.info - %profile%\extensions\4feecdbd4588c@4feecdbd458c5.info
FF - Ext: DealBulldogToolbar Toolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Codecv: 4feecdbd4588c@4feecdbd458c5.info - c:\users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\yl0upilj.default\extensions\4feecdbd4588c@4feecdbd458c5.info
FF - user.js: extensions.BabylonToolbar_i.id - cc293cce0000000000000022fade223a
FF - user.js: extensions.BabylonToolbar_i.hardId - cc293cce0000000000000022fade223a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15521
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:01
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112459&tt=280612_8_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FEF701AE-ADAA-AF7D-E1D6-F3682ED1172B} - c:\programdata\Codecv\bhoclass.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\Codecv\uninstall.exe
AddRemove-Build an Atom - c:\windows\system32\javaws.exe
AddRemove-GFI CreditMatch on nytsapp01 (7.3.1.284677) - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3303524322-3365780025-869472404-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\0O00O0!qレ}ケ0ソ00ネ0E*X*]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,00,29,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3303524322-3365780025-869472404-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\0O00O0!qレ}ケ0ソ00ネ0E*X*]
"Order"=hex:08,00,00,00,02,00,00,00,ba,01,00,00,01,00,00,00,03,00,00,00,86,00,
00,00,00,00,00,00,78,00,00,00,41,75,67,4d,04,00,00,00,01,00,00,00,00,00,01,\
.
[HKEY_USERS\S-1-5-21-3303524322-3365780025-869472404-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\「0ッ0サ0オ00\キ0ケ0ニ00 *ト000]
"Order"=hex:08,00,00,00,02,00,00,00,d0,08,00,00,01,00,00,00,0b,00,00,00,fc,00,
00,00,00,00,00,00,ee,00,00,00,41,75,67,4d,04,00,00,00,01,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\0O00O0!qレ}ケ0ソ00ネ0E*X*]
"DisplayName"="らくらく無線スタートEX"
"UninstallString"="c:\\Program Files\\NEC\\AtermWREX\\WRUninst.exe /delete"
"DisplayIcon"="c:\\Program Files\\NEC\\AtermWREX\\WRSTEXV.exe"
"Publisher"="NEC AccessTechnica, Ltd."
"InstallLocation"="c:\\Program Files\\NEC\\AtermWREX"
"VersionMajor"=dword:00000001
"VersionMinor"=dword:0000001f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TOSHIBA\q00a000V*2*.*3*\{2BF395B8-CFC7-B9D6-7458-5B37EF5A3154}]
"_BEED7CC20C4945B5BDA88A0ECEEAF790"="c:\\Users\\Administrator\\AppData\\Roaming\\Toshiba\\Palachan\\"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TOSHIBA\q00a000V*2*.*3*\{A7BF0CBE-C164-2BD1-2156-F82B3B163831}]
"_50E6CF6239FF4208954FD48989B896E6"="c:\\Users\\Administrator\\AppData\\Roaming\\Toshiba\\Palachan\\Graphics\\"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TOSHIBA\q00a000V*2*.*3*\{FCD56C95-9083-C412-39C4-42D1A4B1530D}]
"_F4623A61FC5A4DEF8B01A0AED7BA2CCC"="c:\\Users\\Administrator\\AppData\\Roaming\\Toshiba\\"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\SoftDMA\Kernel\DMP\CLHNService.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\TOSHIBA\TKRTL\TPCHKarteSVC.exe
c:\program files (x86)\JustSystems\PersonalShelter\TxVDrvSvc.exe
c:\progra~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
c:\progra~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
c:\program files (x86)\NTTW\StartUpTool\StartUpTool.exe
c:\program files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
c:\program files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files (x86)\McAfee\Common Framework\McTray.exe
c:\program files\Motorola\Bluetooth\btplayerctrl.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2012-12-02 01:06:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-01 16:06
.
Pre-Run: 173,700,370,432 バイトの空き領域
Post-Run: 173,692,477,440 バイトの空き領域
.
- - End Of File - - 13C3952F4220383DEDFCBE9B82BA26E7



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_35
Run by Ed at 0:19:28 on 2012-12-17
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: セキュリティ対策ツール *Disabled/Outdated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: セキュリティ対策ツール *Disabled/Outdated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files (x86)\WorldClocksWallpaper\WorldClocksWallpaper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.jp/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://dynabook.fresheye.com/cgi-bin/login.cgi
mDefault_Page_URL = hxxp://dynabook.fresheye.com/cgi-bin/login.cgi
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: かんたん登録2: {0DD41AE7-6196-42E7-BDE5-4F393997449E} - C:\Program Files (x86)\JustSystems\SimpleAutoInput\AtInBnd.dll
BHO: i-フィルター 5.0 ブラウザヘルパー: {0FAF6F52-1AD4-4282-9EA1-3EC884DA7AA3} - C:\Program Files (x86)\Digital Arts\IFP5\app\bin\ifp5toolbar.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: FlpLauncher Class: {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files (x86)\E-Book Systems\FlipViewer\fvbho140.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111204150241.dll
BHO: Windows Live ID サインイン ヘルパー: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ThcBho.ThcBhoClass: {a999000f-9e59-4d90-8abd-885f49774fca} -
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FeliCaブラウザエクステンション: {EC5D2125-D8AB-4a18-A599-D97D2731DE19} - C:\Program Files (x86)\Sony\FeliCaBrowserExtension\fbe.dll
BHO: Codecv Class: {FEF701AE-ADAA-AF7D-E1D6-F3682ED1172B} -
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: かんたん登録2 ツールバー: {833CFE4E-05BD-43A3-97A7-A4E80D742F0F} - C:\Program Files (x86)\JustSystems\SimpleAutoInput\AtInBnd.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
uRun: [World Clocks Wallpaper] C:\Program Files (x86)\WorldClocksWallpaper\WorldClocksWallpaper.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Microsoft Excel にエクスポート(&X) - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
LSP: C:\Windows\SysWOW64\ifp5lsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{E661EAE5-864C-43E8-AEDD-F898533F38C3} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{FADD863A-25D7-430C-908C-A92EC8EBC9CC} : DHCPNameServer = 192.168.24.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - <orphaned>
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://dynabook.fresheye.com/cgi-bin/login.cgi
x64-BHO: i-フィルター 5.0 ブラウザヘルパー: {0FAF6F52-1AD4-4282-9EA1-3EC884DA7AA3} - C:\Program Files (x86)\Digital Arts\IFP5\app\bin\ifp5toolbar64.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111204150241.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [Trend Micro Client Framework] "C:\Program Files\NTTW\Security\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - <orphaned>
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\yl0upilj.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - component: C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\yl0upilj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\yl0upilj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_35.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Users\Ed\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
FF - Ext: Perapera-kun: Popup Japanese and Chinese Translator: chineseperakun@gmail.com - %profile%\extensions\chineseperakun@gmail.com
FF - Ext: Chinese-English Dictionary for Perapera-kun: peraperakun-chinese@gmail.com - %profile%\extensions\peraperakun-chinese@gmail.com
FF - Ext: Rikaichan Japanese-English Dictionary File: rikaichan-jpen@polarcloud.com - %profile%\extensions\rikaichan-jpen@polarcloud.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: FaviconizeTab: faviconizetab@espion.just-size.jp - %profile%\extensions\faviconizetab@espion.just-size.jp
FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com
FF - Ext: Codecv: 4feecdbd4588c@4feecdbd458c5.info - %profile%\extensions\4feecdbd4588c@4feecdbd458c5.info
FF - Ext: DealBulldogToolbar Toolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Codecv: 4feecdbd4588c@4feecdbd458c5.info - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\yl0upilj.default\extensions\4feecdbd4588c@4feecdbd458c5.info
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - cc293cce0000000000000022fade223a
FF - user.js: extensions.BabylonToolbar_i.hardId - cc293cce0000000000000022fade223a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15521
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:01:37
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112459&tt=280612_8_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-12-4 607152]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2009-6-23 504912]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-12-4 281544]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440]
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-4-19 70928]
R1 TxVDrv;TxVDrv;C:\Windows\System32\drivers\TxVDrv.sys [2009-6-23 36640]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2009-5-16 103472]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-12-4 190256]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2011-1-12 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-12-4 156248]
R2 NTIPPKernel;NTIPPKernel;C:\Program Files (x86)\CyberLink\SoftDMA\Kernel\DMP\NTIPPKernel_64.sys [2009-6-23 82416]
R2 tmeevw;tmeevw;C:\Windows\System32\drivers\tmeevw.sys [2012-4-19 67344]
R2 tmnciesc;tmnciesc;C:\Windows\System32\drivers\tmnciesc.sys [2012-4-19 210704]
R3 BTMHID;BTMHID;C:\Windows\System32\drivers\btmhid.sys [2012-2-27 34176]
R3 BTMUSB;Motorola Bluetooth Radio Service;C:\Windows\System32\drivers\btmusb.sys [2012-2-27 479616]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-5-16 64000]
R3 enecirhid;ENE CIR HID Receiver;C:\Windows\System32\drivers\enecirhid.sys [2009-5-16 14336]
R3 enecirhidma;ENE CIR HIDmini Filter;C:\Windows\System32\drivers\enecirhidma.sys [2009-5-16 6656]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-5-16 126464]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-5-16 144272]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-12-4 217696]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-5-16 4745216]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 Sonyddpu;FeliCa Port/PaSoRi;C:\Windows\System32\drivers\Sonyddpu.sys [2009-6-23 110368]
R3 sonyfelicaportm;FeliCa Port/PaSoRi Manager;C:\Windows\System32\drivers\sonyfelicaportm.sys [2009-6-23 27424]
R3 vrvd5;vrvd5;C:\Windows\System32\drivers\vrvd5.sys [2009-5-16 12832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AS11Loader;SKNET AS11 USB DTV firmware download driver;C:\Windows\System32\drivers\Sknet_AS11Loader.sys [2009-9-24 58880]
S3 btmaudio;Motorola Bluetooth Audio Service;C:\Windows\System32\drivers\btmaud.sys [2012-2-27 43008]
S3 BTMCOM;Bluetooth Serial Port;C:\Windows\System32\drivers\btmcom.sys [2012-2-27 52736]
S3 EraserUtilDrv11220;EraserUtilDrv11220;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [2012-12-9 138912]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-12-4 97960]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 SKNET_ISDB_UBS3_HidIRKbd.Dev;SKNET HDTV-UBS3 ISDB USB Remote Control driver;C:\Windows\System32\drivers\SKNET_HDTV_BSCS_IR.sys [2008-5-21 28032]
S3 SKNET_UBS3_ISDB_BDA;SKNET HDTV-UBS3 ISDB service for BDA;C:\Windows\System32\drivers\SKNET_HDTV_UBS3_BDA.sys [2010-10-29 302720]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 Amsp;Security Solution Platform;C:\Program Files\NTTW\Security\AMSP\coreServiceShell.exe [2012-4-19 275912]
S4 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2012-2-27 4150536]
S4 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2012-2-27 1188616]
S4 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2012-2-27 679176]
S4 CLHNService;CLHNService;C:\Program Files (x86)\CyberLink\SoftDMA\Kernel\DMP\CLHNService.exe [2009-6-23 85024]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S4 ConfigFree Gadget Service;ConfigFree ガジェットサービス;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-3-6 36864]
S4 ConfigFree Service;ConfigFree プロファイルサービス;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-2-27 1028096]
S4 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-6 234776]
S4 NCOMMSVC;Network application communication service;C:\Program Files\TOSHIBA\TWLan5ghz\Ncommsvc.exe [2009-3-6 77312]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-11 632792]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2009-5-16 62776]
S4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-7-17 139776]
S4 TPCHKarteSVC;TPCHKarteSVC;C:\Program Files (x86)\Toshiba\TKRTL\TPCHKarteSVC.exe [2009-3-23 221184]
S4 TxVDrvSvc;TXVDrv Service;C:\Program Files (x86)\JustSystems\PersonalShelter\TxVDrvSvc.exe [2009-6-23 55832]
S4 vncserver;VNC Server;C:\Program Files\RealVNC\VNC Server\vncserver.exe [2012-10-28 4773768]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-11-14 12:54:17 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 12:54:17 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-02 07:35:50 4608 ----a-w- C:\Windows\System32\drivers\vncmirror.sys
2012-10-02 07:35:50 37704 ----a-w- C:\Windows\System32\VNCpm.dll
2012-10-02 07:35:50 26112 ----a-w- C:\Windows\System32\vncmirror.dll
2012-09-28 01:32:56 5989776 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-09-28 01:32:56 53760 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-09-27 15:18:28 65309168 ----a-w- C:\Windows\System32\mrt.exe
.
============= FINISH: 0:20:34.41 ===============
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:08 PM

Posted 17 December 2012 - 01:51 PM

Hi sunnysideup,

Thank you for allowing me some time to review the information you provided. Here are the first things I would like you to consider and do for me please.


===================================================


Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove all but one of the following:

McAfee
Microsoft Security Essential
Trend Micro
===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Search
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================


BlueScreenView

----------

  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
More information about the program can be found here


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Were you able to delete 2 antivirus programs?
  • AdwCleaner log
  • BSOD log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 sunnysideup

sunnysideup
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 19 December 2012 - 08:17 AM

Hi Gary

Thanks for advice.

I have uninstalled all McAfee software however I couldn't find any Trend Micro software on my computer. I did notice that Norton Security Scan is on my computer. Should I uninstall this too?

I ran BSOD however nothing appeared in the viewer.

However, below is the adwcleaner log.

Thanks again

Ed



# AdwCleaner v2.101 - Logfile created 12/19/2012 at 21:31:07
# Updated 16/12/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Ed - ED-PC
# Boot Mode : Normal
# Running from : C:\Users\Ed\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\.autoreg
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
Folder Found : C:\ProgramData\Premium
Folder Found : C:\Users\Ed\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Ed\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Ed\AppData\LocalLow\Codecv
Folder Found : C:\Users\Ed\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Ed\AppData\Roaming\Babylon
Folder Found : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\yl0upilj.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
Folder Found : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\yl0upilj.default\extensions\ffxtlbr@babylon.com
Folder Found : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\yl0upilj.default\extensions\toolbar@ask.com
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-3303524322-3365780025-869472404-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-3303524322-3365780025-869472404-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16450

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6 (ja)

Profile name : default
File : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\yl0upilj.default\prefs.js

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112459&tt=280612_8_&babsrc=NT_ss&m[...]
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("extensions.4feecdbd45939.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=112459&tt=280612_8_");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 18);
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Found : user_pref("extensions.BabylonToolbar.hmpg", true);
Found : user_pref("extensions.BabylonToolbar.id", "cc293cce0000000000000022fade223a");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15521");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=112459&tt=280612[...]
Found : user_pref("extensions.BabylonToolbar.lastDP", 18);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1719:01:37");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Found : user_pref("extensions.BabylonToolbar.newTab", true);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.propectorlck", 89046730);
Found : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1719:01:37");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112459&tt=280612_8_");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "cc293cce0000000000000022fade223a");
Found : user_pref("extensions.BabylonToolbar_i.id", "cc293cce0000000000000022fade223a");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15521");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:01:37");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.19] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112459&tt=280612_8_&babsrc=HP_ss&mntrId=cc293cce0000000000000022fade223a" ]
Found [l.2628] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112459&tt=280612_8_&babsrc=HP_ss&mntrId=cc293cce0000000000000022fade223a" ]

*************************

AdwCleaner[R1].txt - [10833 octets] - [19/12/2012 21:31:07]

########## EOF - C:\AdwCleaner[R1].txt - [10894 octets] ##########

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:08 PM

Posted 19 December 2012 - 09:41 AM

Hi Ed,

I did notice that Norton Security Scan is on my computer. Should I uninstall this too?

This appears to be related to an online scanner which is different than the other antivirus programs of concern. It is the real time component of AV software that causes a concern. Online Scanners do not provide real time protections, they only run when you launch them and then they stop once the scan is completed.

There are some strange entries related to Trend Micro so we will get rid of them, along with a few registry entries.

Thank you for the BSOD (lack of) information. We will run another program to take a look at some error information.

Please do this.


===================================================


AdwCleaner by Xplode - Delete Adware

-------------------

  • Close all open programs and internet browser
  • Double click on adwcleaner.exe
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt

===================================================


Running Combofix Script

-------------------

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text below into the Notepad document

    SecCenter::
    AV: ƒZƒLƒ…ƒŠƒeƒB‘Îôƒc[ƒ‹ *Disabled/Outdated* {7193B549-236F-55EE-9AEC-F65279E59A92}
    SP: ƒZƒLƒ…ƒŠƒeƒB‘Îôƒc[ƒ‹ *Disabled/Outdated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
    
    RegLockDel::
    [-HKEY_USERS\S-1-5-21-3303524322-3365780025-869472404-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\‰0O0‰0O0!qÚ}¹0¿0ü0È0E*X*]
    [-HKEY_USERS\S-1-5-21-3303524322-3365780025-869472404-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\‰0O0‰0O0!qÚ}¹0¿0ü0È0E*X*]
    [-HKEY_USERS\S-1-5-21-3303524322-3365780025-869472404-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\¢0¯0»0µ0ê0\·0¹0Æ0à0 *Ä0ü0ë0]
    

  • Save this on your desktop as CFScript.txt.


    Posted Image

  • Referring to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.

===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the Posted Image icon to launch the program
  • Make sure the following options are checked:

    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • AdwCleaner log
  • Combofix log
  • Result log
  • How is your computer running?

Edited by Oh My, 19 December 2012 - 09:44 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 sunnysideup

sunnysideup
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 20 December 2012 - 08:55 AM

Hi Gary, Thanks for the prompt response.

I have posted all requested logs below. Only problem is that since my OS is in Japanese the log results for MiniToolBox contain Japanese. Please let me know if you need something translated.

As for the status of computer, it seems to be running fine right now but it may be too early to say as I haven't used it much today.


# AdwCleaner v2.101 - Logfile created 12/20/2012 at 21:51:20
# Updated 16/12/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Ed - ED-PC
# Boot Mode : Normal
# Running from : C:\Users\Ed\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Ask.com
Deleted on reboot : C:\ProgramData\Babylon
Deleted on reboot : C:\ProgramData\InstallMate
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
Deleted on reboot : C:\ProgramData\Premium
Deleted on reboot : C:\Users\Ed\AppData\LocalLow\AskToolbar
Deleted on reboot : C:\Users\Ed\AppData\LocalLow\boost_interprocess
Deleted on reboot : C:\Users\Ed\AppData\LocalLow\Codecv
Deleted on reboot : C:\Users\Ed\AppData\LocalLow\Toolbar4
Deleted on reboot : C:\Users\Ed\AppData\Roaming\Babylon
Deleted on reboot : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\yl0upilj.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
Deleted on reboot : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\yl0upilj.default\extensions\ffxtlbr@babylon.com
Deleted on reboot : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\yl0upilj.default\extensions\toolbar@ask.com
Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16450

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6 (ja)

Profile name : default
File : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\yl0upilj.default\prefs.js

C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\yl0upilj.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112459&tt=280612_8_&babsrc=NT_ss&m[...]
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.4feecdbd45939.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=112459&tt=280612_8_");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 18);
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Deleted : user_pref("extensions.BabylonToolbar.id", "cc293cce0000000000000022fade223a");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15521");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=112459&tt=280612[...]
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 18);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1719:01:37");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 89046730);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1719:01:37");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112459&tt=280612_8_");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "cc293cce0000000000000022fade223a");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "cc293cce0000000000000022fade223a");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15521");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:01:37");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.19] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112459&tt=280612_8_&babsr[...]
Deleted [l.2567] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112459&tt=280612_8_&babsrc=H[...]

*************************

AdwCleaner[R1].txt - [10944 octets] - [19/12/2012 21:31:07]
AdwCleaner[S1].txt - [10392 octets] - [20/12/2012 21:51:20]

########## EOF - C:\AdwCleaner[S1].txt - [10453 octets] ##########








ComboFix 12-12-20.02 - Ed 2012/12/20 22:11:33.2.2 - x64
Running from: c:\users\Ed\Desktop\ComboFix.exe
Command switches used :: c:\users\Ed\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\すぅぱぁみみ.scr
c:\windows\SysWow64\ぱらちゃん.scr
.
.
((((((((((((((((((((((((( Files Created from 2012-11-20 to 2012-12-20 )))))))))))))))))))))))))))))))
.
.
2012-12-20 13:18 . 2012-12-20 13:18 -------- d-----w- c:\users\Ed\AppData\Local\temp
2012-12-20 13:18 . 2012-12-20 13:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-20 13:08 . 2012-12-20 13:09 -------- d-----w- C:\32788R22FWJFW
2012-12-20 12:44 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FF0518F-C9F8-4FD1-B431-E028457952CA}\mpengine.dll
2012-12-19 12:33 . 2012-12-19 12:33 -------- d-----w- c:\program files (x86)\NirSoft
2012-12-16 13:16 . 2012-12-16 13:16 -------- d-----w- c:\program files\iPod
2012-12-16 13:16 . 2012-12-16 13:17 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-16 13:16 . 2012-12-16 13:17 -------- d-----w- c:\program files\iTunes
2012-12-16 13:16 . 2012-12-16 13:17 -------- d-----w- c:\program files (x86)\iTunes
2012-12-15 02:10 . 2012-12-15 02:10 -------- d-----w- C:\found.001
2012-12-01 09:06 . 2012-12-01 09:06 -------- d-----w- C:\found.000
2012-11-29 09:50 . 2012-11-29 09:49 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B7AB1DC-DCDC-4C9B-BC6F-4C0961C4B19B}\gapaengine.dll
2012-11-25 02:10 . 2012-11-25 02:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 12:54 . 2012-11-04 13:37 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 12:54 . 2012-11-04 13:37 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-08 17:24 . 2012-02-06 09:23 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-02 07:35 . 2012-10-28 12:42 37704 ----a-w- c:\windows\system32\VNCpm.dll
2012-10-02 07:35 . 2012-10-28 12:39 4608 ----a-w- c:\windows\system32\drivers\vncmirror.sys
2012-10-02 07:35 . 2012-10-28 12:39 26112 ----a-w- c:\windows\system32\vncmirror.dll
2012-09-28 01:32 . 2012-09-28 01:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-09-28 01:32 . 2012-09-28 01:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-09-27 15:18 . 2006-11-02 12:35 65309168 ----a-w- c:\windows\system32\mrt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a999000f-9e59-4d90-8abd-885f49774fca}]
2009-11-08 01:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FEF701AE-ADAA-AF7D-E1D6-F3682ED1172B}]
c:\programdata\Codecv\bhoclass.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-12-10 438584]
"World Clocks Wallpaper"="c:\program files (x86)\WorldClocksWallpaper\WorldClocksWallpaper.exe" [2006-09-18 843264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ imjp12.ime
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 12:54]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 01:08]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 01:08]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3303524322-3365780025-869472404-1001Core1cd96b59cf1c630.job
- c:\users\Ed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 12:45]
.
2012-12-09 c:\windows\Tasks\Norton Security Scan for Ed.job
- c:\progra~2\NORTON~2\Engine\372~1.5\Nss.exe [2012-06-16 09:45]
.
2011-12-11 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2011-12-11 02:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Client Framework"="c:\program files\NTTW\Security\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-11-18 213824]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.co.jp/
mStart Page = hxxp://dynabook.fresheye.com/cgi-bin/login.cgi
mDefault_Page_URL = hxxp://dynabook.fresheye.com/cgi-bin/login.cgi
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Microsoft Excel にエクスポート(&X) - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
LSP: c:\windows\SysWOW64\ifp5lsp.dll
Trusted Zone: fresheye.com\dynabook
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\yl0upilj.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
FF - Ext: Perapera-kun: Popup Japanese and Chinese Translator: chineseperakun@gmail.com - %profile%\extensions\chineseperakun@gmail.com
FF - Ext: Chinese-English Dictionary for Perapera-kun: peraperakun-chinese@gmail.com - %profile%\extensions\peraperakun-chinese@gmail.com
FF - Ext: Rikaichan Japanese-English Dictionary File: rikaichan-jpen@polarcloud.com - %profile%\extensions\rikaichan-jpen@polarcloud.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: FaviconizeTab: faviconizetab@espion.just-size.jp - %profile%\extensions\faviconizetab@espion.just-size.jp
FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com
FF - Ext: Codecv: 4feecdbd4588c@4feecdbd458c5.info - %profile%\extensions\4feecdbd4588c@4feecdbd458c5.info
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Codecv: 4feecdbd4588c@4feecdbd458c5.info - c:\users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\yl0upilj.default\extensions\4feecdbd4588c@4feecdbd458c5.info
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3303524322-3365780025-869472404-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\・O0・O0!qレ}ケ0ソ0・ネ0E*X*]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,00,29,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3303524322-3365780025-869472404-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\・O0・O0!qレ}ケ0ソ0・ネ0E*X*]
"Order"=hex:08,00,00,00,02,00,00,00,ba,01,00,00,01,00,00,00,03,00,00,00,86,00,
00,00,00,00,00,00,78,00,00,00,41,75,67,4d,04,00,00,00,01,00,00,00,00,00,01,\
.
[HKEY_USERS\S-1-5-21-3303524322-3365780025-869472404-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\「0ッ0サ0オ0・\キ0ケ0ニ0・ *ト0・・]
"Order"=hex:08,00,00,00,02,00,00,00,d0,08,00,00,01,00,00,00,0b,00,00,00,fc,00,
00,00,00,00,00,00,ee,00,00,00,41,75,67,4d,04,00,00,00,01,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\・O0・O0!qレ}ケ0ソ0・ネ0E*X*]
"DisplayName"="らくらく無線スタートEX"
"UninstallString"="c:\\Program Files\\NEC\\AtermWREX\\WRUninst.exe /delete"
"DisplayIcon"="c:\\Program Files\\NEC\\AtermWREX\\WRSTEXV.exe"
"Publisher"="NEC AccessTechnica, Ltd."
"InstallLocation"="c:\\Program Files\\NEC\\AtermWREX"
"VersionMajor"=dword:00000001
"VersionMinor"=dword:0000001f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TOSHIBA\q0・a0・・V*2*.*3*\{2BF395B8-CFC7-B9D6-7458-5B37EF5A3154}]
"_BEED7CC20C4945B5BDA88A0ECEEAF790"="c:\\Users\\Administrator\\AppData\\Roaming\\Toshiba\\Palachan\\"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TOSHIBA\q0・a0・・V*2*.*3*\{A7BF0CBE-C164-2BD1-2156-F82B3B163831}]
"_50E6CF6239FF4208954FD48989B896E6"="c:\\Users\\Administrator\\AppData\\Roaming\\Toshiba\\Palachan\\Graphics\\"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TOSHIBA\q0・a0・・V*2*.*3*\{FCD56C95-9083-C412-39C4-42D1A4B1530D}]
"_F4623A61FC5A4DEF8B01A0AED7BA2CCC"="c:\\Users\\Administrator\\AppData\\Roaming\\Toshiba\\"
.
Completion time: 2012-12-20 22:21:43
ComboFix-quarantined-files.txt 2012-12-20 13:21
ComboFix2.txt 2012-12-01 16:06
.
Pre-Run: 174,057,873,408 バイトの空き領域
Post-Run: 174,383,992,832 バイトの空き領域
.
- - End Of File - - FD918046CE4109FF37FD176891B8895C






MiniToolBox by Farbar Version: 25-11-2012
Ran by Ed (administrator) on 20-12-2012 at 22:35:13
Running from "C:\Users\Ed\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/20/2012 10:01:30 PM) (Source: Application Error) (User: )
Description: 障害が発生しているアプリケーション firefox.exe、バージョン 1.9.2.3667、タイム スタンプ 0x4b5102f0、障害が発生しているモジュール NPSWF32_11_5_502_110.dll_unloaded、バージョン 0.0.0.0、タイム スタンプ 0x508de2a0、例外コード 0xc0000005、障害オフセット 0x6e13b536、
プロセス ID 0xc34、アプリケーションの開始時刻 0xfirefox.exe0。

Error: (12/20/2012 09:55:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2012 07:56:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/19/2012 11:41:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/19/2012 10:07:45 PM) (Source: Windows Search Service) (User: )
Description: ハッシュ割り当てでエントリ <C:\USERS\ED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\SAFE BROWSING DOWNLOAD WHITELIST_NEW> を更新できませんでした。

コンテキスト: アプリケーション、 SystemIndex カタログ

詳細:
システムに接続されたデバイスが機能していません。 (0x8007001f)

Error: (12/19/2012 10:07:45 PM) (Source: Windows Search Service) (User: )
Description: ハッシュ割り当てでエントリ <C:\USERS\ED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\SAFE BROWSING CSD WHITELIST_NEW> を更新できませんでした。

コンテキスト: アプリケーション、 SystemIndex カタログ

詳細:
システムに接続されたデバイスが機能していません。 (0x8007001f)

Error: (12/19/2012 10:07:44 PM) (Source: Windows Search Service) (User: )
Description: ハッシュ割り当てでエントリ <C:\USERS\ED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\SAFE BROWSING BLOOM_NEW> を更新できませんでした。

コンテキスト: アプリケーション、 SystemIndex カタログ

詳細:
システムに接続されたデバイスが機能していません。 (0x8007001f)

Error: (12/19/2012 10:04:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/19/2012 08:57:05 PM) (Source: Windows Search Service) (User: )
Description: ハッシュ割り当てでエントリ <C:\USERS\ED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\INDEX> を更新できませんでした。

コンテキスト: アプリケーション、 SystemIndex カタログ

詳細:
システムに接続されたデバイスが機能していません。 (0x8007001f)

Error: (12/19/2012 08:57:05 PM) (Source: Windows Search Service) (User: )
Description: ハッシュ割り当てでエントリ <C:\USERS\ED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\INDEX> を更新できませんでした。

コンテキスト: アプリケーション、 SystemIndex カタログ

詳細:
システムに接続されたデバイスが機能していません。 (0x8007001f)


System errors:
=============
Error: (12/20/2012 10:18:41 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (12/20/2012 10:18:02 PM) (Source: Application Popup) (User: )
Description: このシステムとの互換性がないため、\??\C:\ComboFix\catchme.sys の読み込みはブロックされています。ドライバの互換性のあるバージョンについては、ソフトウェア ベンダに問い合わせてください。

Error: (12/20/2012 10:18:02 PM) (Source: Application Popup) (User: )
Description: このシステムとの互換性がないため、\??\C:\ComboFix\catchme.sys の読み込みはブロックされています。ドライバの互換性のあるバージョンについては、ソフトウェア ベンダに問い合わせてください。

Error: (12/20/2012 10:15:08 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (12/20/2012 09:55:45 PM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (12/20/2012 07:56:51 AM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (12/19/2012 11:41:04 PM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (12/19/2012 11:41:04 PM) (Source: Service Control Manager) (User: )
Description: Windows Live ID Sign-in Assistant%%1053

Error: (12/19/2012 11:41:04 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Live ID Sign-in Assistant

Error: (12/19/2012 10:04:22 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: エラーを特定できません

Reason: %%842


Microsoft Office Sessions:
=========================
Error: (12/02/2012 11:13:12 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/02/2012 11:12:51 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/10/2012 05:08:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 76 seconds with 60 seconds of active time. This session ended with a crash.

Error: (11/07/2012 09:02:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/07/2012 09:02:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 22 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/07/2012 09:01:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 33 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/05/2012 10:45:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 54 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/03/2012 03:32:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 33 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/03/2012 03:32:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2218 seconds with 120 seconds of active time. This session ended with a crash.

Error: (10/27/2012 03:20:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 323 seconds with 300 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2012-12-20 22:18:02.450
Description: ファイル ハッシュをシステム上で検出できなかったため、Windows ではファイル \Device\HarddiskVolume2\ComboFix\catchme.sys のイメージの整合性を検証できません。最近のハードウェアまたはソフトウェアの更新によって、正しく署名されていないファイルや壊れているファイル、または不明なソースからの悪意のあるソフトウェアであるファイルがインストールされた可能性があります。

Date: 2012-12-20 22:18:02.326
Description: ファイル ハッシュをシステム上で検出できなかったため、Windows ではファイル \Device\HarddiskVolume2\ComboFix\catchme.sys のイメージの整合性を検証できません。最近のハードウェアまたはソフトウェアの更新によって、正しく署名されていないファイルや壊れているファイル、または不明なソースからの悪意のあるソフトウェアであるファイルがインストールされた可能性があります。

Date: 2012-12-20 22:18:02.185
Description: ファイル ハッシュをシステム上で検出できなかったため、Windows ではファイル \Device\HarddiskVolume2\ComboFix\catchme.sys のイメージの整合性を検証できません。最近のハードウェアまたはソフトウェアの更新によって、正しく署名されていないファイルや壊れているファイル、または不明なソースからの悪意のあるソフトウェアであるファイルがインストールされた可能性があります。

Date: 2012-12-20 22:18:02.060
Description: ファイル ハッシュをシステム上で検出できなかったため、Windows ではファイル \Device\HarddiskVolume2\ComboFix\catchme.sys のイメージの整合性を検証できません。最近のハードウェアまたはソフトウェアの更新によって、正しく署名されていないファイルや壊れているファイル、または不明なソースからの悪意のあるソフトウェアであるファイルがインストールされた可能性があります。

Date: 2012-12-02 00:29:21.417
Description: ファイル ハッシュをシステム上で検出できなかったため、Windows ではファイル \Device\HarddiskVolume2\ComboFix\catchme.sys のイメージの整合性を検証できません。最近のハードウェアまたはソフトウェアの更新によって、正しく署名されていないファイルや壊れているファイル、または不明なソースからの悪意のあるソフトウェアであるファイルがインストールされた可能性があります。

Date: 2012-12-02 00:29:21.293
Description: ファイル ハッシュをシステム上で検出できなかったため、Windows ではファイル \Device\HarddiskVolume2\ComboFix\catchme.sys のイメージの整合性を検証できません。最近のハードウェアまたはソフトウェアの更新によって、正しく署名されていないファイルや壊れているファイル、または不明なソースからの悪意のあるソフトウェアであるファイルがインストールされた可能性があります。

Date: 2012-12-01 23:39:05.559
Description: ページごとのイメージ ハッシュ セットをシステム上で検出できなかったため、コードの整合性ではファイル \Device\HarddiskVolume2\Windows\System32\drivers\tmevtmgr.sys のイメージの整合性を検証できません。

Date: 2012-12-01 23:39:05.387
Description: ページごとのイメージ ハッシュ セットをシステム上で検出できなかったため、コードの整合性ではファイル \Device\HarddiskVolume2\Windows\System32\drivers\tmevtmgr.sys のイメージの整合性を検証できません。

Date: 2012-12-01 23:39:05.247
Description: ページごとのイメージ ハッシュ セットをシステム上で検出できなかったため、コードの整合性ではファイル \Device\HarddiskVolume2\Windows\System32\drivers\tmevtmgr.sys のイメージの整合性を検証できません。

Date: 2012-12-01 23:39:05.059
Description: ページごとのイメージ ハッシュ セットをシステム上で検出できなかったため、コードの整合性ではファイル \Device\HarddiskVolume2\Windows\System32\drivers\tmevtmgr.sys のイメージの整合性を検証できません。


=========================== Installed Programs ============================

ALPS Touch Pad Driver (Version: 7.102.303.101)
Apple Mobile Device Support (Version: 6.0.1.3)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.24)
Dolby Control Center (Version: 2.2.1)
dynabookランチャー (Version: 2.2.1)
Google Chrome (Version: 23.0.1271.95)
HDMI Control Manager (Version: 1.9)
iCloud (Version: 2.0.2.187)
Intel® Graphics Media Accelerator Driver
IntelR Matrix Storage Manager
iTunes (Version: 11.0.1.12)
Microsoft .NET Framework 3.5 Language Pack SP1 - jpn (Version: 3.5.30729)
Microsoft .NET Framework 3.5 Language Pack SP1 - 日本語
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile JPN Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile Language Pack - 日本語 (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office IME (Japanese) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (Japanese) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
MonsterTV (Version: 003.010.12060)
Motorola Bluetooth (Version: 3.0.02.272)
SillyClocks (Version: 2.2.0.6)
TOSHIBA Disc Creator (Version: 2.0.1.4 for x64)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.2 for x64)
TOSHIBA SD Memory Utilities (Version: 1.9.1.12)
TOSHIBA Value Added Package (Version: 1.1.38.64)
TOSHIBA Wireless LAN 5Ghz Enable Disable Tool (Version: 2.0.0.64)
Trend Micro Titanium (Version: 5.11)
VNC Mirror Driver 1.8.0 (Version: 1.8.0)
VNC Printer Driver 1.8.0 (Version: 1.8.0)
VNC Server 5.0.3 (Version: 5.0.3)
VNC Viewer 5.0.3 (Version: 5.0.3)
Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0) (Version: 04/29/2008 2.5.0.0)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Language Selector (Version: 15.4.3555.0308)
WinRAR 4.20 (64-bit) (Version: 4.20.0)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 3931.95 MB
Available physical RAM: 2208.3 MB
Total Pagefile: 8055.17 MB
Available Pagefile: 6410.93 MB
Total Virtual: 4095.88 MB
Available Virtual: 3983.73 MB

========================= Partitions: =====================================

1 Drive c: (S3A7290D002) (Fixed) (Total:306.51 GB) (Free:162.47 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:50 GB) (Free:49 GB) NTFS
4 Drive f: () (Removable) (Total:15.05 GB) (Free:13.59 GB) FAT32

========================= Users: ========================================

\\ED-PC のユーザー アカウント

Administrator Ed Guest
コマンドは正常に終了しました。


**** End of log ****

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:08 PM

Posted 20 December 2012 - 09:59 AM

Hi Ed,

Can you tell me if these look familiar in any way or make sense to you?

ARPCache\・O0・O0!qレ}ケ0ソ0・ネ0E*X* (this is an add/remove program entry)
Programs\・O0・O0!qレ}ケ0ソ0・ネ0E*X*
Programs\「0ッ0サ0オ0・\キ0ケ0ニ0・ *ト0・・


Let's clean up just a little bit more. Please do this for me.

===================================================


Running Combofix Script

-------------------

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text below into the Notepad document

    Registry::
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FEF701AE-ADAA-AF7D-E1D6-F3682ED1172B}]
    
    Folder::
    c:\programdata\Codecv
    

  • Save this on your desktop as CFScript.txt.


    Posted Image

  • Referring to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Do you recognize the entries?
  • Combofix log
  • Is your computer still running well?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 sunnysideup

sunnysideup
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 22 December 2012 - 05:47 AM

Hi Gary

1. I think ・O0・O0!qレ}ケ0ソ0・ネ0E*X* refers to "らくらく無線スタートEX" which is a setup wizard I used to install my wireless router. I can't work out what 「0ッ0サ0オ0・\キ0ケ0ニ0・ *ト0・・
is though.

2. The combofix log is below.

3. My computer doesn't seem to crash as much as before however it did crash once this morning as soon as I logged in (I left it in sleep mode overnight).

4. I'm going to be away for about a week next week so apologies if I don't get back to you.

5. Happy holidays to you if I don't talk to you before then!


ComboFix 12-12-22.01 - Ed 2012/12/22 19:14:05.3.2 - x64
Running from: c:\users\Ed\Desktop\ComboFix.exe
Command switches used :: c:\users\Ed\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-11-22 to 2012-12-22 )))))))))))))))))))))))))))))))
.
.
2012-12-22 10:22 . 2012-12-22 10:22 -------- d-----w- c:\users\Ed\AppData\Local\temp
2012-12-22 10:22 . 2012-12-22 10:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-22 02:56 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF40355D-4640-40DA-A9D8-61B924C83014}\mpengine.dll
2012-12-19 12:33 . 2012-12-19 12:33 -------- d-----w- c:\program files (x86)\NirSoft
2012-12-16 13:16 . 2012-12-16 13:16 -------- d-----w- c:\program files\iPod
2012-12-16 13:16 . 2012-12-16 13:17 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-16 13:16 . 2012-12-16 13:17 -------- d-----w- c:\program files\iTunes
2012-12-16 13:16 . 2012-12-16 13:17 -------- d-----w- c:\program files (x86)\iTunes
2012-12-15 02:10 . 2012-12-15 02:10 -------- d-----w- C:\found.001
2012-12-01 09:06 . 2012-12-01 09:06 -------- d-----w- C:\found.000
2012-11-29 09:50 . 2012-11-29 09:49 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B7AB1DC-DCDC-4C9B-BC6F-4C0961C4B19B}\gapaengine.dll
2012-11-25 02:10 . 2012-11-25 02:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 12:54 . 2012-11-04 13:37 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 12:54 . 2012-11-04 13:37 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-08 17:24 . 2012-02-06 09:23 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-02 07:35 . 2012-10-28 12:42 37704 ----a-w- c:\windows\system32\VNCpm.dll
2012-10-02 07:35 . 2012-10-28 12:39 4608 ----a-w- c:\windows\system32\drivers\vncmirror.sys
2012-10-02 07:35 . 2012-10-28 12:39 26112 ----a-w- c:\windows\system32\vncmirror.dll
2012-09-28 01:32 . 2012-09-28 01:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-09-28 01:32 . 2012-09-28 01:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-09-27 15:18 . 2006-11-02 12:35 65309168 ----a-w- c:\windows\system32\mrt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a999000f-9e59-4d90-8abd-885f49774fca}]
2009-11-08 01:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FEF701AE-ADAA-AF7D-E1D6-F3682ED1172B}]
c:\programdata\Codecv\bhoclass.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-12-10 438584]
"World Clocks Wallpaper"="c:\program files (x86)\WorldClocksWallpaper\WorldClocksWallpaper.exe" [2006-09-18 843264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ imjp12.ime
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 12:54]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 01:08]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 01:08]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3303524322-3365780025-869472404-1001Core1cd96b59cf1c630.job
- c:\users\Ed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 12:45]
.
2012-12-09 c:\windows\Tasks\Norton Security Scan for Ed.job
- c:\progra~2\NORTON~2\Engine\372~1.5\Nss.exe [2012-06-16 09:45]
.
2011-12-11 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2011-12-11 02:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Client Framework"="c:\program files\NTTW\Security\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-11-18 213824]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.co.jp/
mStart Page = hxxp://dynabook.fresheye.com/cgi-bin/login.cgi
mDefault_Page_URL = hxxp://dynabook.fresheye.com/cgi-bin/login.cgi
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Microsoft Excel にエクスポート(&X) - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
LSP: c:\windows\SysWOW64\ifp5lsp.dll
Trusted Zone: fresheye.com\dynabook
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\yl0upilj.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
FF - Ext: Perapera-kun: Popup Japanese and Chinese Translator: chineseperakun@gmail.com - %profile%\extensions\chineseperakun@gmail.com
FF - Ext: Chinese-English Dictionary for Perapera-kun: peraperakun-chinese@gmail.com - %profile%\extensions\peraperakun-chinese@gmail.com
FF - Ext: Rikaichan Japanese-English Dictionary File: rikaichan-jpen@polarcloud.com - %profile%\extensions\rikaichan-jpen@polarcloud.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: FaviconizeTab: faviconizetab@espion.just-size.jp - %profile%\extensions\faviconizetab@espion.just-size.jp
FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com
FF - Ext: Codecv: 4feecdbd4588c@4feecdbd458c5.info - %profile%\extensions\4feecdbd4588c@4feecdbd458c5.info
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Codecv: 4feecdbd4588c@4feecdbd458c5.info - c:\users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\yl0upilj.default\extensions\4feecdbd4588c@4feecdbd458c5.info
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3303524322-3365780025-869472404-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\・O0・O0!qレ}ケ0ソ0・ネ0E*X*]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,00,29,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3303524322-3365780025-869472404-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\・O0・O0!qレ}ケ0ソ0・ネ0E*X*]
"Order"=hex:08,00,00,00,02,00,00,00,ba,01,00,00,01,00,00,00,03,00,00,00,86,00,
00,00,00,00,00,00,78,00,00,00,41,75,67,4d,04,00,00,00,01,00,00,00,00,00,01,\
.
[HKEY_USERS\S-1-5-21-3303524322-3365780025-869472404-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\「0ッ0サ0オ0・\キ0ケ0ニ0・ *ト0・・]
"Order"=hex:08,00,00,00,02,00,00,00,d0,08,00,00,01,00,00,00,0b,00,00,00,fc,00,
00,00,00,00,00,00,ee,00,00,00,41,75,67,4d,04,00,00,00,01,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\・O0・O0!qレ}ケ0ソ0・ネ0E*X*]
"DisplayName"="らくらく無線スタートEX"
"UninstallString"="c:\\Program Files\\NEC\\AtermWREX\\WRUninst.exe /delete"
"DisplayIcon"="c:\\Program Files\\NEC\\AtermWREX\\WRSTEXV.exe"
"Publisher"="NEC AccessTechnica, Ltd."
"InstallLocation"="c:\\Program Files\\NEC\\AtermWREX"
"VersionMajor"=dword:00000001
"VersionMinor"=dword:0000001f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TOSHIBA\q0・a0・・V*2*.*3*\{2BF395B8-CFC7-B9D6-7458-5B37EF5A3154}]
"_BEED7CC20C4945B5BDA88A0ECEEAF790"="c:\\Users\\Administrator\\AppData\\Roaming\\Toshiba\\Palachan\\"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TOSHIBA\q0・a0・・V*2*.*3*\{A7BF0CBE-C164-2BD1-2156-F82B3B163831}]
"_50E6CF6239FF4208954FD48989B896E6"="c:\\Users\\Administrator\\AppData\\Roaming\\Toshiba\\Palachan\\Graphics\\"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TOSHIBA\q0・a0・・V*2*.*3*\{FCD56C95-9083-C412-39C4-42D1A4B1530D}]
"_F4623A61FC5A4DEF8B01A0AED7BA2CCC"="c:\\Users\\Administrator\\AppData\\Roaming\\Toshiba\\"
.
Completion time: 2012-12-22 19:25:25
ComboFix-quarantined-files.txt 2012-12-22 10:25
ComboFix2.txt 2012-12-20 13:21
ComboFix3.txt 2012-12-01 16:06
.
Pre-Run: 176,536,223,744 バイトの空き領域
Post-Run: 175,767,683,072 バイトの空き領域
.
- - End Of File - - BE0D01CEE86B4171A3F799447BE7EE8E

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:08 PM

Posted 22 December 2012 - 10:36 AM

Hi Ed,

Thanks for the additional information and letting me know you will be gone.

My computer doesn't seem to crash as much as before however it did crash once this morning as soon as I logged in (I left it in sleep mode overnight).

Let's monitor when your computer crashes. If it is always coming out of sleep or hibernation modes that is an important clue. When you say "crash", does that mean a Blue Screen, freezes, shuts down.....?

There is a stubborn registry entry we need to address so we are going to bring out the big gun! We will delete the entry you are not familiar with as well. However, I am going to have you back up your registry before we do that just in case. :)

Please do this.


===================================================


ERUNT Registry Backup

--------------------

  • Please download ERUNT (Emergency Recovery Utility for NT) and save it to your desktop
  • Double click the icon
  • Select Run
  • Click OK, then click Next 3 times until you receive the Select Additional Tasks screen
  • Uncheck Create NTREGOPT desktop icon box
  • Select Next, then Install, then No
  • Uncheck Show documentation then Finish
  • Click OK, the OK again, then Yes
  • ERUNT will now back up your registry
  • Once completed click OK

===================================================


Blitzblank

--------------------

Blitzblank is a powerfull tool and care must be taken to follow the steps carefully. Please note the warning you will receive when the program is launched.

  • Download Blitzblank and save it to your Desktop <<< Important
  • Double click the icon
  • Click OK on the warning screen
  • Click the Script tab
  • Copy and paste the following inside the script window

    DelRegKey:
    HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FEF701AE-ADAA-AF7D-E1D6-F3682ED1172B}
    HKEY_USERS\S-1-5-21-3303524322-3365780025-869472404-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\「0ッ0サ0オ0・\キ0ケ0ニ0・ *ト0・・
    
  • Click Execute Now
  • Click OK on the warning window
  • Click OK on the System reboot window
  • You will see a black screen with writing on it indicating the actions being taken
  • Locate C:\blitzblank.txt and copy and paste the contents of that document in your reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Blitzblank log
  • Crash info

Edited by Oh My, 24 December 2012 - 02:13 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:08 PM

Posted 02 January 2013 - 10:47 AM

Greetings,

Now that the holidays are over and we are all most likely back to our normal routines I need to check to see if you are still with me.

Please do not take offense to this or see it as a threat, it is merely regrouping on my part in order to evaluate my availability to assist others who are waiting for assistance.

----------

  • Do you still need help with this?
  • If after 72 hours you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 sunnysideup

sunnysideup
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 04 January 2013 - 11:30 PM

Hi Gary

Thanks for the message. Please don't close the thread I will be looking into this today.


Talk to you later.

Ed

#15 sunnysideup

sunnysideup
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 05 January 2013 - 12:59 AM

Hi Gary

I ran ERUNT as directed however I also ran into a few problems.

The first message I got was

unable to create file:
C:\windows\erdnt\2013-01-05\erdnt.inf

Registry backup will continue, but no restore information for the ERDNT program will be saved. This means that later restoration of the registry can only be done manually, by using another OS to copy back the files.

Then I got a series of messages saying there was an error saving the following files

C:\windows\erdnt\2013-01-05\security
C:\windows\erdnt\2013-01-05\software
C:\windows\erdnt\2013-01-05\system
C:\windows\erdnt\2013-01-05\default
C:\windows\erdnt\2013-01-05\sam
C:\windows\erdnt\2013-01-05\components
C:\windows\erdnt\2013-01-05\bcd
C:\windows\erdnt\2013-01-05\users\00000001\ntuser.dat
C:\windows\erdnt\2013-01-05\users\00000002\usrclass.dat

each message reported that access to RegCreateKeyEx: 5 was denied

I decided that it would be better to check with you about this before running Blitzblank

Awaiting further instruction

Ed




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users