Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/DownloadAdmin.G, Crossrider, Conduit


  • This topic is locked This topic is locked
21 replies to this topic

#1 hereandnow

hereandnow

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 10 April 2013 - 10:38 PM

 
 
I seem to have picked up a persistent bug. While I know better I have run several anti-malware program although not combofix. CCE or SUPERAntispyware found and removed scap.dll(in downloads)trojan.agent/Gen-StartPage a few days ago in addition to the bugs listed in the heading. I am attaching the result of your DDS program and pasting the text file below. I am also abashedly pasting the log results of my many solo attempts to remove these intruders in case the information may be of any use.
 
Thank you for your help and patience.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.17.2
Run by E at 20:08:37 on 2013-04-10
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3932.924 [GMT -4:00]
.
AV: Panda Antivirus Pro 2013 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PskSvc.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\TPSrvWow.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2013\WebProxy.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrlS.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\AVENGINE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsImSvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Wise\Wise Care 365\WiseBootBooster.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files (x86)\AnVir Task Manager Free\anvir.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\tinySpell\tinyspell.exe
C:\Users\E\Local Settings\Apps\F.lux\flux.exe
C:\Users\E\AppData\Roaming\cubby\cubby.exe
C:\Users\E\AppData\Local\Apps\2.0\W7TAYZR2.X1X\20XVAJ6Z.RWK\wund..tion_45ec1bcecca77a53_0002.0000_764351e8af09666f\Wunderlist.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\S10 Password Vault\S10PasswordVault.exe
C:\Program Files (x86)\Keybreeze4\Keybreeze.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\ApVxdWin.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\System32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Users\E\Desktop\Kit\cce_2.5.242177.201_x64\CCE\KillSwitch.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Password Corral v4.0\password4.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
uRun: [tinySpell] C:\Program Files (x86)\tinySpell\tinyspell.exe
uRun: [F.lux] "C:\Users\E\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [LogMeIn Cubby] "C:\Users\E\AppData\Roaming\cubby\cubby.exe" -hidden
uRun: [Wunderlist] "C:\Users\E\AppData\Local\Apps\2.0\W7TAYZR2.X1X\20XVAJ6Z.RWK\wund..tion_45ec1bcecca77a53_0002.0000_764351e8af09666f\Wunderlist.exe" /silent
mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [Keybreeze4] "C:\Program Files (x86)\Keybreeze4\Keybreeze.exe"
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\Inicio.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Browser.ahk
StartupFolder: C:\Users\E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Clean.ahk
StartupFolder: C:\Users\E\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\E\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~2.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
StartupFolder: C:\Users\E\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\S10PAS~1.LNK - C:\Program Files (x86)\S10 Password Vault\S10PasswordVault.exe
StartupFolder: C:\Users\E\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Staxofax.lnk - C:\Program Files (x86)\Staxofax\Staxofax.exe
StartupFolder: C:\Users\E\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: S10 Autologin - C:\Program Files (x86)\S10 Password Vault\AutologinIE.htm
IE: S10 Autotype... - C:\Program Files (x86)\S10 Password Vault\AutotypeIE.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
TCP: NameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{606C43AE-41B4-4C11-9900-90A47BE93064} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{9AA56B55-CB12-4A45-A532-D90ED60E7FF8} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{CC1794FF-260C-4EE4-9708-0082722F7BE1} : DHCPNameServer = 192.168.1.1 71.252.0.12
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
x64-Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe" /LaunchType=Auto /LaunchApps=Common
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Notify: avldr - avldr64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-IFEO: taskmgr.exe - C:\Users\E\Desktop\Kit\cce_2.5.242177.201_x64\CCE\KillSwitch.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-02-12 10:03; afurladvisor@anchorfree.com; C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - ExtSQL: 2013-02-28 11:40; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: 2013-03-02 13:27; jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack; C:\Users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
FF - ExtSQL: 2013-03-02 13:35; {7CA9CF31-1C73-46CD-8377-85AB71EA771F}; C:\Users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi
FF - ExtSQL: 2013-03-02 13:36; {ea61041c-1e22-4400-99a0-aea461e69d04}; C:\Users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi
FF - ExtSQL: 2013-03-02 13:36; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; C:\Users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF - ExtSQL: 2013-03-02 13:37; donottrackplus@abine.com; C:\Users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\extensions\donottrackplus@abine.com
FF - ExtSQL: 2013-03-16 03:39; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: 2013-04-05 14:51; amznUWL2@amazon.com; C:\Users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\extensions\amznUWL2@amazon.com.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;Panda Boot Driver;C:\Windows\System32\drivers\pavboot64.sys [2013-3-6 30792]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-1-5 17720]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2008-8-20 504912]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2013-3-7 30752]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-4-2 46280]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-2-20 465216]
R2 AmFSM;AmFSM;C:\Windows\System32\drivers\amm6460.sys [2013-4-8 71432]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2008-4-3 36864]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2008-4-17 40960]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2012-7-18 310232]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-4-7 109352]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-4-5 566568]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-4-5 390952]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-11-29 821592]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-3-7 1028464]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-11-22 828072]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2012-10-30 230416]
R2 Panda Software Controller;Panda Software Controller;C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrlS.exe [2013-4-8 177440]
R2 PAVFNSVR;Panda Function Service;C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe [2013-4-8 202016]
R2 PAVSRV;Panda On-Access Anti-Malware Service;C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe [2013-4-8 313664]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2013-3-7 82160]
R2 PskSvcRetail;Panda PSK service;C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\psksvc.exe [2013-4-8 28992]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2008-3-25 294400]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys [2013-1-20 21384]
R3 NETwNv64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETwNv64.sys [2013-1-13 7653888]
R3 O2MDRDR;O2MDRDR;C:\Windows\System32\drivers\o2mdx64.sys [1999-12-31 62040]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2007-4-9 9728]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\RegFilter.sys [2013-1-20 33224]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-1-10 42184]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-8-20 54136]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\UrlFilter.sys [2013-1-20 21904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2012-3-27 389920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 WiseBootAssistant;Wise Boot Assistant;C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [2013-3-30 580648]
S3 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-1-24 2074256]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-6-13 343856]
S3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\System32\drivers\NETw5v64.sys [2008-4-28 4730368]
S3 O2SDRDR;O2SDRDR;C:\Windows\System32\drivers\o2sdx64.sys [1999-12-31 51800]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-1-12 15712]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2012-11-29 89920]
S4 KR10I64;KR10I64;C:\Windows\System32\drivers\KR10I64.sys [2008-8-20 248320]
S4 KR10N64;KR10N64;C:\Windows\System32\drivers\KR10N64.sys [2008-8-20 237568]
S4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-24 84992]
SUnknown qeormv;qeormv; [x]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe  "%1" %*
FileExt: .vbs: VBSFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe  "%1" %*
FileExt: .js: JSFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
FileExt: .jse: JSEFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
FileExt: .wsf: WSFFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe  "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-04-10 03:54:25 386 ----a-w- C:\Windows\DeleteOnReboot.bat
2013-04-09 22:34:58 163644 ----a-w- C:\Windows\SysWow64\drivers\SECDRV.SYS
2013-04-09 18:02:48 72702784 ----a-w- C:\Windows\System32\mrt.exe
2013-04-08 10:18:20 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2013-04-03 00:54:24 46280 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys
2013-03-31 18:00:11 15712 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2013-03-16 07:36:58 201872 ----a-w- C:\Windows\SysWow64\rmoc3260.dll
2013-03-16 07:36:14 6656 ----a-w- C:\Windows\SysWow64\pndx5016.dll
2013-03-16 07:36:14 5632 ----a-w- C:\Windows\SysWow64\pndx5032.dll
2013-03-16 07:36:04 272896 ----a-w- C:\Windows\SysWow64\pncrt.dll
2013-03-12 21:33:58 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 21:33:58 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-12 05:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-11 13:33:42 4691304 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-09 04:16:35 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-09 01:48:36 75264 ----a-w- C:\Windows\System32\smss.exe
2013-03-08 04:18:52 451072 ----a-w- C:\Windows\System32\winsrv.dll
2013-03-08 04:17:12 2425344 ----a-w- C:\Windows\System32\mstscax.dll
2013-03-08 03:52:22 2067968 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-03-07 08:06:35 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll
2013-03-07 05:12:01 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
2013-03-06 22:32:22 287840 ----a-w- C:\Windows\System32\aswBoot.exe
2013-03-06 15:08:15 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-03-06 15:08:12 310688 ----a-w- C:\Windows\System32\javaws.exe
2013-03-06 15:08:12 188832 ----a-w- C:\Windows\System32\javaw.exe
2013-03-06 15:08:11 188320 ----a-w- C:\Windows\System32\java.exe
2013-03-06 15:08:11 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-03-06 15:08:10 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-03-06 06:11:25 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-06 06:11:21 262560 ----a-w- C:\Windows\SysWow64\javaws.exe
2013-03-06 06:11:21 174496 ----a-w- C:\Windows\SysWow64\javaw.exe
2013-03-06 06:11:21 174496 ----a-w- C:\Windows\SysWow64\java.exe
2013-03-06 06:11:15 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-06 06:03:42 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-05 01:57:37 2774016 ----a-w- C:\Windows\System32\win32k.sys
2013-03-03 19:13:14 1513320 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-03-03 01:10:21 216576 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2013-02-27 20:33:29 378 ----a-w- C:\Users\E\advanced_ip_scanner_MAC.bin
2013-02-26 05:01:44 74017 ----a-w- C:\ProgramData\1361854799.bdinstall.bin
2013-02-26 04:59:59 22636 ----a-w- C:\ProgramData\1361854796.bdinstall.bin
2013-02-26 01:36:57 135202 ----a-w- C:\ProgramData\1361842582.bdinstall.bin
2013-02-26 01:26:02 23747 ----a-w- C:\ProgramData\1361831987.8496.bin
2013-02-25 22:40:38 7476 ----a-w- C:\ProgramData\1361831987.10372.bin
2013-02-25 22:40:36 1827 ----a-w- C:\ProgramData\1361831987.7348.bin
2013-02-25 22:40:36 1204 ----a-w- C:\ProgramData\1361831987.11380.bin
2013-02-25 22:39:45 22420 ----a-w- C:\ProgramData\1361831975.bdinstall.bin
2013-02-22 06:57:13 17817088 ----a-w- C:\Windows\System32\mshtml.dll
2013-02-22 06:29:21 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:21:13 1346560 ----a-w- C:\Windows\System32\urlmon.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:18:42 237056 ----a-w- C:\Windows\System32\url.dll
2013-02-22 06:17:23 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:15:22 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-02-22 06:14:22 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-02-22 06:13:40 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-02-22 06:13:02 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 06:09:21 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-02-22 04:05:50 12324352 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-02-22 03:47:17 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:39 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:36:35 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-02-22 03:35:31 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-02-22 03:34:18 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:33:11 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-02-22 03:32:05 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-02-22 03:31:55 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-22 03:28:48 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-02-19 06:16:41 160527 ----a-w- C:\ProgramData\1361252390.bdinstall.bin
2013-02-19 05:22:07 24952 ----a-w- C:\ProgramData\1361251219.10016.bin
2013-02-19 05:20:44 2040 ----a-w- C:\ProgramData\1361251219.8828.bin
2013-02-19 05:15:43 28270 ----a-w- C:\ProgramData\1361250897.bdinstall.bin
2013-02-19 04:54:16 15578 ----a-w- C:\ProgramData\1361249650.7936.bin
2013-02-19 04:33:22 15578 ----a-w- C:\ProgramData\1361248397.4900.bin
2013-02-19 04:29:18 15578 ----a-w- C:\ProgramData\1361248152.8648.bin
2013-02-12 02:18:19 19456 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-01-28 05:12:52 56072 ----a-w- C:\Windows\System32\certsentry.dll
2013-01-28 05:12:52 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll
2013-01-15 23:49:08 26432 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-11-30 01:31:04 38608 ----a-w- C:\Program Files (x86)\rndlresolversvc.exe
.
============= FINISH: 20:10:45.81 ===============
MiniToolBox by Farbar  Version:05-03-2013
Ran by E (administrator) on 09-04-2013 at 23:36:12
Running from "C:\Users\E\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-09 17:52:37
-----------------------------
17:52:37.489    OS Version: Windows x64 6.0.6002 Service Pack 2
17:52:37.489    Number of processors: 2 586 0x170A
17:52:37.489    ComputerName: E-PC  UserName: E
17:52:39.304    Initialize success
17:54:25.616    AVAST engine defs: 13040901
18:14:50.219    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:14:50.221    Disk 0 Vendor: TOSHIBA_ FG01 Size: 305245MB BusType: 3
18:14:50.324    Disk 0 MBR read successfully
18:14:50.327    Disk 0 MBR scan
18:14:50.332    Disk 0 Windows VISTA default MBR code
18:14:50.339    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
18:14:50.356    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       295427 MB offset 3074048
18:14:50.385    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS         8317 MB offset 608108544
18:14:50.526    Disk 0 scanning C:\Windows\system32\drivers
18:15:03.285    Service scanning
18:15:43.535    Modules scanning
18:15:43.535    Disk 0 trace - called modules:
18:15:43.566    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll 
18:15:43.566    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005962060]
18:15:43.566    3 CLASSPNP.SYS[fffffa6000fd2c33] -> nt!IofCallDriver -> [0xfffffa8004b89890]
18:15:43.566    5 acpi.sys[fffffa60008e3fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800537d050]
18:15:45.370    AVAST engine scan C:\Windows
18:15:48.259    AVAST engine scan C:\Windows\system32
18:19:11.315    AVAST engine scan C:\Windows\system32\drivers
18:19:25.183    AVAST engine scan C:\Users\E
18:24:52.190    AVAST engine scan C:\ProgramData
18:28:11.935    Scan finished successfully
18:36:41.017    Disk 0 MBR has been saved successfully to "C:\Users\E\Desktop\Kit\LOGS\MBR.dat"
18:36:41.027    The log file has been saved successfully to "C:\Users\E\Desktop\Kit\LOGS\aswMBR-log.txt"
 
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
Hosts file not detected in the default directory
========================= IP Configuration: ================================
 
Intel® WiFi Link 5100 AGN = Wireless Network Connection (Connected)
Marvell Yukon 88E8040T PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global defaultcurhoplimit=64 icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : E-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home
 
Ethernet adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Anchorfree HSS VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-60-6C-43-AE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
   Physical Address. . . . . . . . . : 00-22-FA-DD-E7-D0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f157:41b1:a2af:ab83%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, April 09, 2013 11:08:32 PM
   Lease Expires . . . . . . . . . . : Wednesday, April 10, 2013 11:08:32 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 285221626
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-47-3A-F6-00-23-8B-C7-F2-69
   DNS Servers . . . . . . . . . . . : 192.168.1.1
                                       71.252.0.12
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Marvell Yukon 88E8040T PCI-E Fast Ethernet Controller
   Physical Address. . . . . . . . . : 00-23-8B-C7-F2-69
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 6:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{9AA56B55-CB12-4A45-A532-D90ED60E7FF8}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 7:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.home
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4004:801::100e
 74.125.228.35
 74.125.228.46
 74.125.228.34
 74.125.228.32
 74.125.228.38
 74.125.228.33
 74.125.228.36
 74.125.228.37
 74.125.228.41
 74.125.228.40
 74.125.228.39
 
Pinging google.com [74.125.228.67] with 32 bytes of data:Reply from 74.125.228.67: bytes=32 time=14ms TTL=252Reply from 74.125.228.67: bytes=32 time=14ms TTL=252Ping statistics for 74.125.228.67:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 14ms, Maximum = 14ms, Average = 14msServer:  Wireless_Broadband_Router.home
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.139.183.24
 98.138.253.109
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=719ms TTL=50Reply from 98.139.183.24: bytes=32 time=847ms TTL=50Ping statistics for 98.139.183.24:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 719ms, Maximum = 847ms, Average = 783msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time=1ms TTL=64Reply from 127.0.0.1: bytes=32 time=1ms TTL=64Ping statistics for 127.0.0.1:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 1ms, Maximum = 1ms, Average = 1ms===========================================================================
Interface List
 15 ...00 ff 60 6c 43 ae ...... Anchorfree HSS VPN Adapter
 11 ...00 22 fa dd e7 d0 ...... Intel® WiFi Link 5100 AGN
 10 ...00 23 8b c7 f2 69 ...... Marvell Yukon 88E8040T PCI-E Fast Ethernet Controller
  1 ........................... Software Loopback Interface 1
 13 ...00 00 00 00 00 00 00 e0  isatap.{9AA56B55-CB12-4A45-A532-D90ED60E7FF8}
 14 ...00 00 00 00 00 00 00 e0  isatap.home
 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    281
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 11    281 fe80::f157:41b1:a2af:ab83/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (04/09/2013 11:30:34 PM) (Source: Perflib) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8
 
Error: (04/09/2013 11:30:33 PM) (Source: Perflib) (User: )
Description: PolicyAgent
 
Error: (04/09/2013 11:30:33 PM) (Source: Perflib) (User: )
Description: OpenIPSecPerformanceDataC:\Windows\System32\ipsecsvc.dllPolicyAgent8
 
Error: (04/09/2013 11:30:33 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8
 
Error: (04/09/2013 11:30:31 PM) (Source: Perflib) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8
 
Error: (04/09/2013 11:30:29 PM) (Source: Perflib) (User: )
Description: LsaC:\Windows\system32\Secur32.dll8
 
Error: (04/09/2013 11:30:29 PM) (Source: Perflib) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll8
 
Error: (04/09/2013 11:30:29 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll8
 
Error: (04/09/2013 11:30:28 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll8
 
Error: (04/09/2013 11:29:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (04/09/2013 11:09:21 PM) (Source: Service Control Manager) (User: )
Description: ZoneAlarm LTD Toolbar IswSvc450001Restart the service
 
Error: (04/09/2013 11:09:05 PM) (Source: Service Control Manager) (User: )
Description: ZoneAlarm LTD Toolbar IswSvc350001Restart the service
 
Error: (04/09/2013 11:08:53 PM) (Source: Service Control Manager) (User: )
Description: ZoneAlarm LTD Toolbar IswSvc250001Restart the service
 
Error: (04/09/2013 11:08:41 PM) (Source: Service Control Manager) (User: )
Description: ZoneAlarm LTD Toolbar IswSvc150001Restart the service
 
Error: (04/09/2013 11:08:06 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:06:35 PM on 4/9/2013 was unexpected.
 
Error: (04/09/2013 11:03:22 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (04/09/2013 10:45:02 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (04/09/2013 10:11:24 PM) (Source: Service Control Manager) (User: )
Description: cdrom
ElRawDisk
pavboot
spldr
Wanarpv6
 
Error: (04/09/2013 10:11:24 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068
 
Error: (04/09/2013 10:11:00 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
 
Microsoft Office Sessions:
=========================
Error: (04/09/2013 11:30:34 PM) (Source: Perflib)(User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8
 
Error: (04/09/2013 11:30:33 PM) (Source: Perflib)(User: )
Description: PolicyAgent
 
Error: (04/09/2013 11:30:33 PM) (Source: Perflib)(User: )
Description: OpenIPSecPerformanceDataC:\Windows\System32\ipsecsvc.dllPolicyAgent8
 
Error: (04/09/2013 11:30:33 PM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8
 
Error: (04/09/2013 11:30:31 PM) (Source: Perflib)(User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8
 
Error: (04/09/2013 11:30:29 PM) (Source: Perflib)(User: )
Description: LsaC:\Windows\system32\Secur32.dll8
 
Error: (04/09/2013 11:30:29 PM) (Source: Perflib)(User: )
Description: ESENTC:\Windows\system32\esentprf.dll8
 
Error: (04/09/2013 11:30:29 PM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll8
 
Error: (04/09/2013 11:30:28 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\system32\bitsperf.dll8
 
Error: (04/09/2013 11:29:27 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-04-08 06:42:58.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pavboot64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-08 06:42:57.962
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pavboot64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-08 06:42:57.759
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pavboot64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-08 06:42:57.541
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pavboot64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-08 00:26:10.685
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\E\AppData\Local\Temp\tmp166D.tmp because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-08 00:26:10.576
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\E\AppData\Local\Temp\tmp166D.tmp because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-08 00:26:10.467
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\E\AppData\Local\Temp\tmp166D.tmp because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-08 00:26:10.358
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\E\AppData\Local\Temp\tmp166D.tmp because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-08 00:05:28.075
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\E\AppData\Local\Temp\{E4EA2CC6-273F-438A-864E-7233B661B5F5}\{E55FB276-73C9-4776-AB53-BC028C0509ED}\pavboot64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-08 00:05:27.951
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\E\AppData\Local\Temp\{E4EA2CC6-273F-438A-864E-7233B661B5F5}\{E55FB276-73C9-4776-AB53-BC028C0509ED}\pavboot64.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Apple Mobile Device Support (Version: 6.1.0.13)
Bluetooth Stack for Windows by Toshiba (Version: v6.10.07(T))
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.00)
Cubby (Version: 1.0.0.12131)
EMCO MoveOnBoot 2.3 (Version: 2.3.2.3498)
F.lux
FileMenu Tools
FreeSocialTV
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.73.00)
HitmanPro 3.7 (Version: 3.7.3.193)
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software (Version: 12.00.0004)
Intel® Matrix Storage Manager
Internet Explorer (Enable DEP)
iTunes (Version: 11.0.2.26)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Nitro Reader 3 (Version: 3.0.6.3)
O2Micro Flash Memory Card Reader Driver (x64) (Version: 3.25)
Send To Toys v2.7
SUPERAntiSpyware (Version: 5.6.1014)
Synaptics Pointing Device Driver (Version: 10.1.7.0)
TOSHIBA Disc Creator (Version: 2.0.1.3 for x64)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 2.0.2.64)
TOSHIBA Hardware Setup (Version: 3.00.01.00)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.2 for x64)
TOSHIBA Supervisor Password (Version: 3.00.01.00)
TOSHIBA Value Added Package (Version: 1.1.19.64)
Windows Driver Package - Intel (NETwLv64) net  (08/15/2010 13.3.0.137) (Version: 08/15/2010 13.3.0.137)
Windows Driver Package - Intel (NETwNv64) net  (07/14/2010 13.3.0.24) (Version: 07/14/2010 13.3.0.24)
Wunderlist (Version: 2.0.6.12)
ZoneAlarm LTD Toolbar
 
========================= Devices: ================================
 
Name: isatap.{9AA56B55-CB12-4A45-A532-D90ED60E7FF8}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
 
Name: isatap.home
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
 
Name: ACPI x64-based PC
Description: ACPI x64-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL
 
Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI
 
Name: Microsoft Windows Management Interface for ACPI
Description: Microsoft Windows Management Interface for ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WmiAcpi
 
Name: PCI bus
Description: PCI bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
 
Name: Mobile Intel® 4 Series Chipset Processor to DRAM Controller - 2A40
Description: Mobile Intel® 4 Series Chipset Processor to DRAM Controller - 2A40
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: 
 
Name: Mobile Intel® 4 Series Express Chipset Family
Description: Mobile Intel® 4 Series Express Chipset Family
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
 
Name: Generic PnP Monitor
Description: Generic PnP Monitor
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard monitor types)
Service: monitor
 
Name: Mobile Intel® 4 Series Express Chipset Family
Description: Mobile Intel® 4 Series Express Chipset Family
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
 
Name: Intel® ICH9 Family USB Universal Host Controller - 2937
Description: Intel® ICH9 Family USB Universal Host Controller - 2937
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
 
Name: Intel® ICH9 Family USB Universal Host Controller - 2938
Description: Intel® ICH9 Family USB Universal Host Controller - 2938
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
 
Name: Intel® ICH9 Family USB Universal Host Controller - 2939
Description: Intel® ICH9 Family USB Universal Host Controller - 2939
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
 
Name: Intel® ICH9 Family USB2 Enhanced Host Controller - 293C
Description: Intel® ICH9 Family USB2 Enhanced Host Controller - 293C
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
 
Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
 
Name: Conexant High Definition SmartAudio 221
Description: Conexant High Definition SmartAudio 221
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Conexant
Service: CnxtHdAudService
 
Name: HDAUDIO Soft Data Fax Modem with SmartCP
Description: HDAUDIO Soft Data Fax Modem with SmartCP
Class Guid: {4d36e96d-e325-11ce-bfc1-08002be10318}
Manufacturer: CXT
Service: Modem
 
Name: Intel® ICH9 Family PCI Express Root Port 1 - 2940
Description: Intel® ICH9 Family PCI Express Root Port 1 - 2940
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci
 
Name: Intel® ICH9 Family PCI Express Root Port 5 - 2948
Description: Intel® ICH9 Family PCI Express Root Port 5 - 2948
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci
 
Name: Marvell Yukon 88E8040T PCI-E Fast Ethernet Controller
Description: Marvell Yukon 88E8040T PCI-E Fast Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonx64
 
Name: Intel® ICH9 Family PCI Express Root Port 6 - 294A
Description: Intel® ICH9 Family PCI Express Root Port 6 - 294A
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci
 
Name: Intel® WiFi Link 5100 AGN
Description: Intel® WiFi Link 5100 AGN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNv64
 
Name: Intel® ICH9 Family USB Universal Host Controller - 2934
Description: Intel® ICH9 Family USB Universal Host Controller - 2934
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
 
Name: Intel® ICH9 Family USB Universal Host Controller - 2935
Description: Intel® ICH9 Family USB Universal Host Controller - 2935
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
 
Name: Intel® ICH9 Family USB Universal Host Controller - 2936
Description: Intel® ICH9 Family USB Universal Host Controller - 2936
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
 
Name: Intel® ICH9 Family USB2 Enhanced Host Controller - 293A
Description: Intel® ICH9 Family USB2 Enhanced Host Controller - 293A
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
 
Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp
 
Name: Chicony USB 2.0 Camera
Description: Chicony USB 2.0 Camera
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Chicony
Service: usbvideo
 
Name: Intel® 82801 PCI Bridge - 2448
Description: Intel® 82801 PCI Bridge - 2448
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci
 
Name: OHCI Compliant IEEE 1394 Host Controller
Description: OHCI Compliant IEEE 1394 Host Controller
Class Guid: {6bdd1fc1-810f-11d0-bec7-08002be2092f}
Manufacturer: IEEE 1394 OHCI Compliant Host Controller Vendor
Service: ohci1394
 
Name: SDA Standard Compliant SD Host Controller
Description: SDA Standard Compliant SD Host Controller
Class Guid: {a0a588a4-c46f-4b37-b7ea-c82fe89870c6}
Manufacturer: SDA Standard Compliant SD Host Controller Vendor
Service: sdbus
 
Name: O2Micro Integrated MS/MSPRO/xD Controller
Description: O2Micro Integrated MS/MSPRO/xD Controller
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: O2Micro
Service: O2MDRDR
 
Name: Intel® ICH9M LPC Interface Controller - 2919
Description: Intel® ICH9M LPC Interface Controller - 2919
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: msisadrv
 
Name: Microsoft ACPI-Compliant Embedded Controller
Description: Microsoft ACPI-Compliant Embedded Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Direct Application Launch Button
Description: Direct Application Launch Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Direct Application Launch Button
Description: Direct Application Launch Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
 
Name: Synaptics PS/2 Port TouchPad
Description: Synaptics PS/2 Port TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
 
Name: Intel® ICH9M-E/M SATA AHCI Controller
Description: Intel® ICH9M-E/M SATA AHCI Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: iaStor
 
Name: TOSHIBA MK3255GSX
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
 
Name: TSSTcorp CDDVDW TS-L633P
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: Intel® ICH9 Family SMBus Controller - 2930
Description: Intel® ICH9 Family SMBus Controller - 2930
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: 
 
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Intel® Core™2 Duo CPU     T6400  @ 2.00GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
 
Name: Intel® Core™2 Duo CPU     T6400  @ 2.00GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
 
Name: Microsoft AC Adapter
Description: Microsoft AC Adapter
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt
 
Name: Microsoft ACPI-Compliant Control Method Battery
Description: Microsoft ACPI-Compliant Control Method Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt
 
Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: TOSHIBA x64 ACPI-Compliant Value Added Logical and General Purpose Device
Description: TOSHIBA x64 ACPI-Compliant Value Added Logical and General Purpose Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: TVALZ
 
Name: ACPI Lid
Description: ACPI Lid
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
 
Name: Microsoft Composite Battery
Description: Microsoft Composite Battery
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Compbatt
 
Name: Microsoft iSCSI Initiator
Description: Microsoft iSCSI Initiator
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: iScsiPrt
 
Name: Ancilliary Function Driver for Winsock
Description: Ancilliary Function Driver for Winsock
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AFD
 
Name: IDE Channel
Description: IDE Channel
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: atapi
 
Name: Common Log (CLFS)
Description: Common Log (CLFS)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: CLFS
 
Name: Crcdisk Filter Driver
Description: Crcdisk Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: crcdisk
 
Name: LDDM Graphics Subsystem
Description: LDDM Graphics Subsystem
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: DXGKrnl
 
Name: ElRawDisk
Description: ElRawDisk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ElRawDisk
 
Name: HitmanPro 3.7 Support Driver
Description: HitmanPro 3.7 Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: hitmanpro37
 
Name: Hotspot Shield Routing Driver 6
Description: Hotspot Shield Routing Driver 6
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HssDRV6
 
Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HTTP
 
Name: ZoneAlarm LTD Toolbar ISWKL
Description: ZoneAlarm LTD Toolbar ISWKL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ISWKL
 
Name: KSecDD
Description: KSecDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: KSecDD
 
Name: Link-Layer Topology Discovery Mapper I/O Driver
Description: Link-Layer Topology Discovery Mapper I/O Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: lltdio
 
Name: Mount Point Manager
Description: Mount Point Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MountMgr
 
Name: Windows Firewall Authorization Driver
Description: Windows Firewall Authorization Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mpsdrv
 
Name: msahci
Description: msahci
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: msahci
 
Name: ISA/EISA Class Driver
Description: ISA/EISA Class Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: msisadrv
 
Name: NativeWiFi Filter
Description: NativeWiFi Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: NativeWifiP
 
Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: NDIS
 
Name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Ndisuio
 
Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: NDProxy
 
Name: NETBT
Description: NETBT
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: netbt
 
Name: NSI proxy service
Description: NSI proxy service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: nsiproxy
 
Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Null
 
Name: PavTPK.sys
Description: PavTPK.sys
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: PavTPK.sys
 
Name: pciide
Description: pciide
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: pciide
 
Name: PEAUTH
Description: PEAUTH
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: PEAUTH
 
Name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: PSched
 
Name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: RasAcd
 
Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: RDPCDD
 
Name: RDP Encoder Mirror Driver
Description: RDP Encoder Mirror Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: RDPENCDD
 
Name: RegFilter
Description: RegFilter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: RegFilter
 
Name: Link-Layer Topology Discovery Responder
Description: Link-Layer Topology Discovery Responder
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: rspndr
 
Name: Security Driver
Description: Security Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: secdrv
 
Name: SmartDefragDriver
Description: SmartDefragDriver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SmartDefragDriver
 
Name: Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
Description: Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Smb
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
 
Name: SWDUMon
Description: SWDUMon
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SWDUMon
 
Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Tcpip
 
Name: TCP/IP Registry Compatibility
Description: TCP/IP Registry Compatibility
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: tcpipreg
 
Name: NetIO Legacy TDI Support Driver
Description: NetIO Legacy TDI Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: tdx
 
Name: UrlFilter
Description: UrlFilter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: UrlFilter
 
Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: VgaSave
 
Name: Dynamic Volume Manager
Description: Dynamic Volume Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: volmgrx
 
Name: Storage volumes
Description: Storage volumes
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: volsnap
 
Name: Zone Alarm Firewall Driver
Description: Zone Alarm Firewall Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Vsdatant
 
Name: Remote Access IPv6 ARP Driver
Description: Remote Access IPv6 ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Wanarpv6
 
Name: Kernel Mode Driver Frameworks service
Description: Kernel Mode Driver Frameworks service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Wdf01000
 
Name: User Mode Driver Frameworks Platform Driver
Description: User Mode Driver Frameworks Platform Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: WudfPf
 
Name: XAudio
Description: XAudio
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: XAudio
 
Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
 
Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
 
Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
 
Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
 
Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
 
Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
 
Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
 
Name: Anchorfree HSS VPN Adapter
Description: Anchorfree HSS VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Anchorfree HSS VPN Adapter
Service: taphss6
 
Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD
 
Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD
 
Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum
 
Name: Generic IO & Memory Access
Description: Generic IO & Memory Access
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: QIOMem
 
Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios
 
Name: TOSHIBA tos_sps64 Driver
Description: TOSHIBA tos_sps64 Driver
Class Guid: {8bbd94a0-a150-11d4-a878-0040265b73ee}
Manufacturer: TOSHIBA Corp.
Service: tos_sps64
 
Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
 
Name: UMBus Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
 
Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: volmgr
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 46%
Total physical RAM: 3931.93 MB
Available physical RAM: 2119.01 MB
Total Pagefile: 8057.13 MB
Available Pagefile: 5636.91 MB
Total Virtual: 4095.88 MB
Available Virtual: 3989.38 MB
 
========================= Partitions: =====================================
 
1 Drive c: (SQ004828V03) (Fixed) (Total:288.5 GB) (Free:185.42 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\E-PC
 
Administrator            E                        fbwuser                  
Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
 
**** End of log ****
 
# AdwCleaner v2.200 - Logfile created 04/09/2013 at 23:53:54
# Updated 02/04/2013 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : E - E-PC
# Boot Mode : Normal
# Running from : C:\Users\E\Desktop\Kit\AdwCleaner(1).exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Deleted on reboot : C:\ProgramData\Ask
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211091100}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211091100}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0020900.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0020900.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0020900.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0020900.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440244094400}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211091100}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211091100}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220222092200}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211091100}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211091100}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211091100}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255095500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266096600}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v20.0 (en-US)
 
-\\ Google Chrome v26.0.1410.43
 
*************************
 
AdwCleaner[R1].txt - [4175 octets] - [03/02/2013 14:44:46]
AdwCleaner[S1].txt - [3938 octets] - [03/02/2013 14:45:21]
AdwCleaner[S2].txt - [4229 octets] - [09/04/2013 23:53:54]
 
########## EOF - C:\AdwCleaner[S2].txt - [4289 octets] ##########
 
C:\Program Files (x86)\FreeSocialTV\Uninstall\Uninstall.exe a variant of Win32/InstallCore.AZ application cleaned by deleting - quarantined
C:\Program Files (x86)\Ghostery IE\Ghostery IE.dll a variant of Win32/Toolbar.CrossRider.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Ghostery IE\Uninstall.exe multiple threats cleaned by deleting - quarantined
C:\Users\E\Desktop\IOBIT\unlocker-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\E\Desktop\Kit\cbsidlm-cbsi5_3_0_93-XP_TCPIP_Repair-ORG-10410929.exe a variant of Win32/CNETInstaller.A application cleaned by deleting - quarantined
C:\Users\E\Desktop\Kit\cbsidlm-tr1_10a-LSPFix-ORG-10417026.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Desktop\Kit\Conn\cbsidlm-tr1_10a-LSPFix-ORG-10417026.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Desktop\Kit\HOLDING\driver_fusion_1.2.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\E\Desktop\Kit\Utilities\driver_fusion_1.2.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\E\Documents\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\E\Documents\Financial\cbsidlm-cbsi5_3_0_93-Debt_Reduction_Calculator_for_Excel-BP-10770226.exe a variant of Win32/CNETInstaller.A application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-cbsi5_3_0_93-Debt_Reduction_Calculator_for_Excel-BP-10770226.exe a variant of Win32/CNETInstaller.A application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-cbsi5_3_0_93-XP_TCPIP_Repair-ORG-10410929.exe a variant of Win32/CNETInstaller.A application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-cbsi5_3_0_96-Cool_Timer-ORG-10062255.exe probably a variant of Win32/CNETInstaller.A application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-tr1_10a-ActivePresenter-ORG-10915335.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-tr1_10a-BatteryCare-ORG-10964408.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-tr1_10a-FileMenu_Tools-SEO-10810545.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-tr1_10a-ieSpell-ORG-10208550.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-tr1_10a-LSPFix-ORG-10417026.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-tr1_10a-Privatefirewall-ORG-10371057.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-tr1_10a-Send_To_Toys-ORG-10072522.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-tr1_10a-Stayfocused-ORG-75332062.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-tr1_10a-Talking_Time_Keeper-BP-10223297.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-tr1_10a-Universal_Extractor-ORG-75449770.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-tr1_11-EMCO_MoveOnBoot-ORG-10397293.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-tr1_11-EMCO_UnLock_IT-SEO-10427650.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-tr1_11-Free_Sound_Recorder-ORG-10698910.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-tr1_11-Talking_Time_Keeper-ORG-10223297.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-tr1_11-Unlocker-SEO-10493998.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-tr1_12-VScheduler-SEO-10005045.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-tra1-Web_Page_Maker-ORG-10213459.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Downloads\driver_fusion_1.2.0 - Copy.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\E\Downloads\driver_fusion_1.2.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\E\Downloads\FileMenuTools-setup.exe Win32/InstallMonetizer.AF application cleaned by deleting - quarantined
C:\Users\E\Downloads\Unlocker1.9.1.exe multiple threats cleaned by deleting - quarantined
C:\Users\E\Downloads\SetupBatteryCarezip\SetupBatteryCare.exe Win32/OpenCandy application cleaned by deleting - quarantined
 
------------------------------------------
# AdwCleaner v2.200 - Logfile created 04/09/2013 at 23:53:54
# Updated 02/04/2013 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : E - E-PC
# Boot Mode : Normal
# Running from : C:\Users\E\Desktop\Kit\AdwCleaner(1).exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Deleted on reboot : C:\ProgramData\Ask
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211091100}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211091100}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0020900.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0020900.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0020900.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0020900.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440244094400}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211091100}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211091100}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220222092200}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211091100}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211091100}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211091100}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255095500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266096600}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v20.0 (en-US)
 
-\\ Google Chrome v26.0.1410.43
 
*************************
 
AdwCleaner[R1].txt - [4175 octets] - [03/02/2013 14:44:46]
AdwCleaner[S1].txt - [3938 octets] - [03/02/2013 14:45:21]
AdwCleaner[S2].txt - [4229 octets] - [09/04/2013 23:53:54]
 
########## EOF - C:\AdwCleaner[S2].txt - [4289 octets] ##########
C:\Users\E\Downloads\cbsidlm-tr1_12-7_Sticky_Notes-ORG-75375596(1).exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-tr1_12-7_Sticky_Notes-ORG-75375596.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-tr1_12-Staxofax_Lite-ORG-75449468.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\E\Downloads\cbsidlm-tr1_12-TechPro_Utilities_Collection-ORG-10297544.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined


BC AdBot (Login to Remove)

 


#2 hereandnow

hereandnow
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 10 April 2013 - 11:38 PM

It looks like my DDS attachment did not come through. If so, here is another attempt.

 

 

Thanks!

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 PM

Posted 11 April 2013 - 07:56 AM


Hello hereandnow

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
  • Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 hereandnow

hereandnow
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 12 April 2013 - 01:13 AM

Here are the log results of those three scans:

 

 

 Results of screen317's Security Check version 0.99.62  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Panda Antivirus Pro 2013   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Panda Cloud Cleaner   
 Java 7 Update 17  
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (20.0) 
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSASCui.exe 
 Panda Security Panda Antivirus Pro 2013 PskSvc.exe  
 Panda Security Panda Antivirus Pro 2013 TPSrvWow.exe  
 PANDA SECURITY PANDA ANTIVIRUS PRO 2013 WebProxy.exe  
 Panda Security Panda Antivirus Pro 2013 PsCtrlS.exe  
 Panda Security Panda Antivirus Pro 2013 PavFnSvr.exe  
 Panda Security Panda Antivirus Pro 2013 pavsrvx86.exe  
 Panda Security Panda Antivirus Pro 2013 AVENGINE.EXE  
 Panda Security Panda Antivirus Pro 2013 PsImSvc.exe  
 Panda Security Panda Antivirus Pro 2013 ApVxdWin.exe  
 IObit IObit Malware Fighter IMFsrv.exe  
 IObit IObit Malware Fighter IMF.exe  
 Windows Defender MSASCui.exe   
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm zatray.exe  
 Trend Micro RUBotted RUBotSrv.exe  
 Trend Micro RUBotted RUBottedGUI.exe  
 iolo Common Lib ioloServiceManager.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 

# AdwCleaner v2.200 - Logfile created 04/12/2013 at 00:47:00
# Updated 02/04/2013 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : E - E-PC
# Boot Mode : Normal
# Running from : C:\Users\E\Desktop\adwcleaner(2).exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Deleted on reboot : C:\ProgramData\Ask
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v20.0 (en-US)
 
-\\ Google Chrome v26.0.1410.64
 
*************************
 
AdwCleaner[R1].txt - [4175 octets] - [03/02/2013 14:44:46]
AdwCleaner[S1].txt - [3938 octets] - [03/02/2013 14:45:21]
AdwCleaner[S2].txt - [4336 octets] - [09/04/2013 23:53:54]
AdwCleaner[S3].txt - [1031 octets] - [12/04/2013 00:47:00]
 
########## EOF - C:\AdwCleaner[S3].txt - [1091 octets] ##########
 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : E [Admin rights]
Mode : Scan -- Date : 04/12/2013 01:59:20
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 3 ¤¤¤
[DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\E\AppData\Roaming\cubby\cubbyext64.dll [x] -> UNLOADED
[SUSP PATH] cubby.exe -- C:\Users\E\AppData\Roaming\cubby\cubby.exe [7] -> KILLED [TermProc]
[SUSP PATH] Wunderlist.exe -- C:\Users\E\AppData\Local\Apps\2.0\W7TAYZR2.X1X\20XVAJ6Z.RWK\wund..tion_45ec1bcecca77a53_0002.0000_764351e8af09666f\Wunderlist.exe [-] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : LogMeIn Cubby ("C:\Users\E\AppData\Roaming\cubby\cubby.exe" -hidden) [7] -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Wunderlist ("C:\Users\E\AppData\Local\Apps\2.0\W7TAYZR2.X1X\20XVAJ6Z.RWK\wund..tion_45ec1bcecca77a53_0002.0000_764351e8af09666f\Wunderlist.exe" /silent) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2837847164-3402004048-1312535764-1000[...]\Run : LogMeIn Cubby ("C:\Users\E\AppData\Roaming\cubby\cubby.exe" -hidden) [7] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2837847164-3402004048-1312535764-1000[...]\Run : Wunderlist ("C:\Users\E\AppData\Local\Apps\2.0\W7TAYZR2.X1X\20XVAJ6Z.RWK\wund..tion_45ec1bcecca77a53_0002.0000_764351e8af09666f\Wunderlist.exe" /silent) [-] -> FOUND
[TASK][SUSP PATH] CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job : C:\Users\E\AppData\Local\Temp\cisE3F8.exe --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82} [x] -> FOUND
[TASK][SUSP PATH] CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job : C:\Users\E\AppData\Local\Temp\cisE3F8.exe --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805} [x] -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{9AA56B55-CB12-4A45-A532-D90ED60E7FF8} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{9AA56B55-CB12-4A45-A532-D90ED60E7FF8} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[IFEO] HKLM\[...]\taskmgr.exe : Debugger (C:\Users\E\Desktop\Kit\cce_2.5.242177.201_x64\CCE\KillSwitch.exe) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: TOSHIBA MK3255GSX +++++
--- User ---
[MBR] d44b44c48507612f03f94936f800fec2
[BSP] c3b19e2d75126568c76bbdb71cdd9a6f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 295427 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 608108544 | Size: 8317 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[1]_S_04122013_02d0159.txt >>
RKreport[1]_S_04122013_02d0159.txt
 
 
 


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 PM

Posted 12 April 2013 - 01:17 AM


Hello hereandnow

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had

  • How is the computer doing now?

  • Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 hereandnow

hereandnow
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 12 April 2013 - 02:12 PM

Hi,
 
I have pasted the ComboFix log  below. The only issue I had was with my Panda security and ComboFix.  ComboFix insisted that Panda was still running. I shut it down in the system tray and made sure it was also gone from the processes in task manager. I hope that did not interfere with the scan.
 
The computer seems a little "haunted". The first boot up after the ComboFix scan was quick (for my computer) and seemed smooth. The second boot was noticeably slower. The third boot was close to the first.
 
The computer connected to the internet on first boot, not second and it is fine on third attempt..
 
There is a new Internet Explorer shortcut on the desktop. It has the same blue "e" but is labeled:"The Internet".  It does not have a shortcut entry under its properties tab and that instead leads to the IE Program Properties menu. I had to go into safe mode to access the properties of this shortcut. When I tried to access it under normal startup the system locked. The system message:"This application is not responding. It may respond if you wait." This also occurred when I tried to access the internet.  
 
Audio was off but I was able to easily turn it back on through the system tray sound controller.
 
Except for the computer locking which started within the last few weeks it is performing about the same as before the malware.
 
Please let me know if there is more to be done.
 
 
Thanks again for your help,
 
Eric
 
 
 
ComboFix 13-04-12.01 - E 04/12/2013   9:31.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3932.2109 [GMT -4:00]
Running from: c:\users\E\Desktop\ComboFix.exe
AV: Panda Antivirus Pro 2013 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\1361248152.8648.bin
c:\programdata\1361248397.4900.bin
c:\programdata\1361249650.7936.bin
c:\programdata\1361250897.bdinstall.bin
c:\programdata\1361251219.10016.bin
c:\programdata\1361251219.8828.bin
c:\programdata\1361252390.bdinstall.bin
c:\programdata\1361831975.bdinstall.bin
c:\programdata\1361831987.10372.bin
c:\programdata\1361831987.11380.bin
c:\programdata\1361831987.7348.bin
c:\programdata\1361831987.8496.bin
c:\programdata\1361842582.bdinstall.bin
c:\programdata\1361854796.bdinstall.bin
c:\programdata\1361854799.bdinstall.bin
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\windows\SysWow64\UNWISE.EXE
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-12 to 2013-04-12  )))))))))))))))))))))))))))))))
.
.
2013-04-12 13:52 . 2013-04-12 13:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-12 03:35 . 2013-04-12 03:35 -------- d-----w- c:\programdata\Trend Micro
2013-04-11 21:33 . 2013-04-11 21:33 -------- d-----w- c:\program files (x86)\WinPcap
2013-04-11 21:30 . 2013-04-11 21:30 -------- d-----w- c:\program files (x86)\Trend Micro
2013-04-11 21:11 . 2013-04-11 21:11 -------- d-----w- c:\programdata\Panda Software
2013-04-11 04:45 . 2013-04-12 13:56 -------- d-----w- c:\users\E\AppData\Roaming\Staxofax_Data
2013-04-10 15:42 . 2012-10-14 02:20 805376 ----a-w- c:\windows\SysWow64\EditCtlsU.ocx
2013-04-10 15:42 . 2011-08-14 01:06 1031168 ----a-w- c:\windows\SysWow64\ExLVwU.ocx
2013-04-10 15:42 . 2011-05-21 04:02 604672 ----a-w- c:\windows\SysWow64\ExTVwU.ocx
2013-04-10 15:42 . 2009-06-07 13:27 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2013-04-10 15:42 . 2005-04-15 19:58 1351392 ----a-w- c:\windows\SysWow64\comctl32.ocx
2013-04-10 15:42 . 2004-03-09 04:00 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2013-04-10 15:42 . 2000-05-22 16:58 140488 ----a-w- c:\windows\SysWow64\comdlg32.ocx
2013-04-10 15:42 . 1998-06-24 05:00 198456 ----a-w- c:\windows\SysWow64\MCI32.OCX
2013-04-10 15:42 . 2008-01-19 15:34 554008 ----a-w- c:\windows\SysWow64\dao360.dll
2013-04-10 15:42 . 2004-03-09 18:45 212240 ----a-w- c:\windows\SysWow64\richtx32.ocx
2013-04-10 15:42 . 2013-04-10 15:42 -------- d-----w- c:\program files (x86)\7 Sticky Notes
2013-04-10 14:39 . 1998-11-26 23:00 1347344 ----a-w- c:\windows\SysWow64\Msvbvm50.dll
2013-04-10 14:39 . 2013-04-10 14:39 -------- d-----w- c:\program files (x86)\Staxofax
2013-04-10 13:01 . 2013-04-10 13:55 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-04-10 03:59 . 2013-04-10 03:59 -------- d-----w- C:\IObit
2013-04-09 22:34 . 2013-04-11 01:42 163644 ----a-w- c:\windows\SysWow64\drivers\SECDRV.SYS
2013-04-09 18:15 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{29705512-00C0-4762-B8E6-5DC9C122BEEF}\mpengine.dll
2013-04-09 17:57 . 2013-02-22 06:57 17817088 ----a-w- c:\windows\system32\mshtml.dll
2013-04-09 17:57 . 2013-02-22 06:29 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-04-09 17:56 . 2013-03-03 19:13 1513320 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-09 17:56 . 2013-03-05 01:57 2774016 ----a-w- c:\windows\system32\win32k.sys
2013-04-09 17:56 . 2013-03-08 04:18 451072 ----a-w- c:\windows\system32\winsrv.dll
2013-04-09 17:56 . 2013-03-11 13:33 4691304 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-09 17:56 . 2013-03-09 04:16 85504 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-09 17:56 . 2013-03-09 01:48 75264 ----a-w- c:\windows\system32\smss.exe
2013-04-09 17:56 . 2013-03-08 04:17 2425344 ----a-w- c:\windows\system32\mstscax.dll
2013-04-09 17:56 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-08 20:06 . 2013-04-08 20:06 -------- d-----w- c:\windows\FltMgr
2013-04-08 19:28 . 2013-04-08 19:28 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-04-08 19:10 . 2013-04-08 19:10 -------- d-----w- c:\users\E\AppData\Local\Panda Security
2013-04-08 10:24 . 2013-04-08 10:25 -------- d-----w- c:\users\E\Pavark
2013-04-08 10:18 . 2013-04-08 10:18 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-04-08 03:28 . 2013-04-08 03:28 -------- d-----w- c:\program files\HitmanPro
2013-04-08 03:26 . 2013-04-08 10:19 -------- d-----w- c:\programdata\HitmanPro
2013-04-07 04:59 . 2013-04-07 05:00 -------- d-----w- C:\PNotes
2013-04-07 04:50 . 2013-04-07 04:50 -------- d-----w- c:\program files (x86)\CintaNotes
2013-04-05 23:17 . 2013-04-05 23:17 -------- d-----w- c:\users\E\AppData\Local\Help
2013-04-05 22:43 . 2013-04-05 22:46 -------- d-----w- c:\users\E\AppData\Roaming\Downloaded Installations
2013-04-05 18:59 . 2007-02-18 21:11 296960 ----a-w- c:\windows\winhlp32.exe
2013-04-05 18:59 . 2007-02-18 21:11 194560 ----a-w- c:\windows\SysWow64\ftsrch.dll
2013-04-05 18:59 . 2007-02-18 21:11 194560 ----a-w- c:\windows\system32\ftsrch.dll
2013-04-05 18:59 . 2007-02-18 21:11 9728 ----a-w- c:\windows\SysWow64\ftlx041e.dll
2013-04-05 18:59 . 2007-02-18 21:11 9728 ----a-w- c:\windows\system32\ftlx041e.dll
2013-04-05 18:59 . 2007-02-18 21:11 9216 ----a-w- c:\windows\SysWow64\ftlx0411.dll
2013-04-05 18:59 . 2007-02-18 21:11 9216 ----a-w- c:\windows\system32\ftlx0411.dll
2013-04-03 22:29 . 2013-04-06 02:56 -------- d-----w- c:\program files (x86)\Virdi Software
2013-04-03 19:10 . 2013-04-03 19:10 -------- d-----w- c:\program files (x86)\CodeStuff
2013-04-03 19:09 . 2013-04-03 19:09 -------- d-----w- c:\programdata\r2 Studios
2013-04-03 19:07 . 2013-04-03 19:07 -------- d-----w- c:\program files\r2 Studios
2013-04-03 00:54 . 2013-04-03 00:54 46280 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-03-31 02:24 . 2013-04-12 03:57 -------- d-----w- c:\users\E\AutonomyCentralData
2013-03-31 00:38 . 2013-03-31 00:38 -------- d-----w- c:\users\E\vaultletsoft
2013-03-30 22:08 . 2013-03-30 22:09 -------- d-----w- c:\program files (x86)\AutonomyCentral
2013-03-30 07:52 . 2013-04-12 13:56 -------- d-----w- c:\users\E\AppData\Roaming\Wise Care 365
2013-03-29 20:03 . 2013-04-08 03:11 -------- d-----w- c:\users\fbwuser
2013-03-22 17:10 . 2013-02-12 02:18 19456 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-21 23:24 . 2013-03-21 23:24 -------- d-----w- c:\users\E\AppData\Roaming\ActivePresenter
2013-03-20 04:57 . 2013-03-20 04:57 -------- d-----w- c:\program files (x86)\Evernote
2013-03-17 14:10 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-03-17 14:08 . 2013-03-17 14:10 -------- d-----w- c:\program files\iTunes
2013-03-16 07:39 . 2013-03-16 07:39 -------- d-----w- c:\program files (x86)\RealNetworks
2013-03-16 07:37 . 2013-03-16 07:37 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-03-14 15:23 . 2013-03-14 15:23 -------- d-----w- c:\program files\EMCO
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 04:47 . 2013-02-03 18:45 565 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-09 18:02 . 2006-11-02 12:35 72702784 ----a-w- c:\windows\system32\mrt.exe
2013-03-31 18:00 . 2013-01-13 02:26 15712 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-03-12 21:33 . 2013-03-01 19:32 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 21:33 . 2013-03-01 19:32 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 05:10 . 2012-11-28 07:22 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-07 08:06 . 2013-03-07 08:06 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
2013-03-07 05:12 . 2013-03-07 05:12 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
2013-03-06 22:32 . 2012-11-28 07:13 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-06 15:08 . 2013-03-06 15:08 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-06 15:08 . 2013-03-06 15:08 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-06 15:08 . 2013-03-06 15:08 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-06 15:08 . 2013-03-06 15:08 188320 ----a-w- c:\windows\system32\java.exe
2013-03-06 15:08 . 2013-01-16 08:16 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-06 15:08 . 2013-01-16 08:16 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-06 06:11 . 2013-03-06 06:11 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-06 06:11 . 2012-12-04 20:42 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-06 06:03 . 2012-12-04 20:42 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-03 01:10 . 2013-03-03 01:10 216576 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2013-02-27 20:33 . 2013-02-27 20:23 378 ----a-w- c:\users\E\advanced_ip_scanner_MAC.bin
2013-01-28 05:12 . 2013-01-27 23:46 56072 ----a-w- c:\windows\system32\certsentry.dll
2013-01-28 05:12 . 2013-01-27 23:46 47368 ----a-w- c:\windows\SysWow64\certsentry.dll
2013-01-15 23:49 . 2012-12-15 01:29 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-11-30 01:31 . 2012-11-30 01:31 38608 ----a-w- c:\program files (x86)\rndlresolversvc.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 432640]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2013-03-25 6025496]
"tinySpell"="c:\program files (x86)\tinySpell\tinyspell.exe" [2012-11-12 281088]
"F.lux"="c:\users\E\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PCMAgent"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2009-04-10 143360]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"Keybreeze4"="c:\program files (x86)\Keybreeze4\Keybreeze.exe" [2012-12-28 564736]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-30 73832]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-03-16 295512]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"APVXDWIN"="c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\APVXDWIN.EXE" [2012-11-27 1037600]
"SCANINICIO"="c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\Inicio.exe" [2012-11-08 70432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
.
c:\users\E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Browser.ahk [2013-2-26 812]
Clean.ahk [2013-2-26 332]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-3-19 1086816]
EvernoteTray.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteTray.exe [2013-3-19 395104]
S10 Password Vault.lnk - c:\program files (x86)\S10 Password Vault\S10PasswordVault.exe [2012-4-7 539256]
Staxofax.lnk - c:\program files (x86)\Staxofax\Staxofax.exe [2013-4-10 1798656]
.
c:\users\E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\users\E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cardisabled
Locate32 Autorun.lnk - c:\program files (x86)\Locate32\locate32.exe [2011-7-10 1966080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-15 465216]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 08:10 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-01 21:33]
.
2013-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-31 06:59]
.
2013-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-31 06:59]
.
2013-04-01 c:\windows\Tasks\SlimDrivers Scan.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2012-12-16 17:04]
.
2013-04-12 c:\windows\Tasks\Wise Care 365.job
- c:\program files (x86)\Wise\Wise Care 365\WiseTray.exe [2013-03-30 13:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-30 1216808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-26 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-26 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-26 181784]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2013-03-07 1081856]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: S10 Autologin - c:\program files (x86)\S10 Password Vault\AutologinIE.htm
IE: S10 Autotype... - c:\program files (x86)\S10 Password Vault\AutotypeIE.htm
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{9AA56B55-CB12-4A45-A532-D90ED60E7FF8}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\
FF - ExtSQL: 2013-02-12 10:03; afurladvisor@anchorfree.com; c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - ExtSQL: 2013-02-28 11:40; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: 2013-03-02 13:27; jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack; c:\users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
FF - ExtSQL: 2013-03-02 13:35; {7CA9CF31-1C73-46CD-8377-85AB71EA771F}; c:\users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi
FF - ExtSQL: 2013-03-02 13:36; {ea61041c-1e22-4400-99a0-aea461e69d04}; c:\users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi
FF - ExtSQL: 2013-03-02 13:36; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; c:\users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF - ExtSQL: 2013-03-02 13:37; donottrackplus@abine.com; c:\users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\extensions\donottrackplus@abine.com
FF - ExtSQL: 2013-03-16 03:39; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: 2013-04-05 14:51; amznUWL2@amazon.com; c:\users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\extensions\amznUWL2@amazon.com.xpi
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
------- File Associations -------
.
JSEFile=c:\progra~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-ISW - (no file)
AddRemove-Ghostery IE - c:\program files (x86)\Ghostery IE\Uninstall.exe
AddRemove-Staxofax - c:\windows\System32\UNWISE.EXE
AddRemove-FreeSocialTV - c:\program files (x86)\FreeSocialTV\Uninstall\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\PskSvc.exe
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\TPSrvWow.exe
c:\program files (x86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2013\WebProxy.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files (x86)\Common Files\Nuance\dgnsvc.exe
c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Hotspot Shield\bin\hsswd.exe
c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrlS.exe
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\AVENGINE.EXE
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\PsImSvc.exe
c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\AnVir Task Manager Free\anvir.exe
c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
c:\program files\AutoHotkey\AutoHotkey.exe
c:\program files\AutoHotkey\AutoHotkey.exe
c:\program files (x86)\Hotspot Shield\bin\openvpntray.exe
c:\program files (x86)\Evernote\Evernote\Evernote.exe
c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2013-04-12  10:12:11 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-12 14:12
.
Pre-Run: 196,517,687,296 bytes free
Post-Run: 196,214,329,344 bytes free
.
- - End Of File - - 29186235692CC140E3761238F2D19371


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 PM

Posted 12 April 2013 - 02:27 PM


Hello hereandnow

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:
ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 hereandnow

hereandnow
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 12 April 2013 - 04:13 PM

The computer seems fine now, no extreme lags or hang ups. Still slow but that may be just a memory issue. The ComboFix log is below. Thank you.


ComboFix 13-04-12.01 - E 04/12/2013  16:01:05.2.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3932.2201 [GMT -4:00]
Running from: c:\users\E\Desktop\ComboFix.exe
Command switches used :: c:\users\E\Desktop\CFScript.txt
AV: Panda Antivirus Pro 2013 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-12 to 2013-04-12  )))))))))))))))))))))))))))))))
.
.
2013-04-12 20:21 . 2013-04-12 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-12 03:35 . 2013-04-12 03:35 -------- d-----w- c:\programdata\Trend Micro
2013-04-11 21:33 . 2013-04-11 21:33 -------- d-----w- c:\program files (x86)\WinPcap
2013-04-11 21:30 . 2013-04-11 21:30 -------- d-----w- c:\program files (x86)\Trend Micro
2013-04-11 21:11 . 2013-04-11 21:11 -------- d-----w- c:\programdata\Panda Software
2013-04-11 04:45 . 2013-04-12 18:23 -------- d-----w- c:\users\E\AppData\Roaming\Staxofax_Data
2013-04-10 15:42 . 2012-10-14 02:20 805376 ----a-w- c:\windows\SysWow64\EditCtlsU.ocx
2013-04-10 15:42 . 2011-08-14 01:06 1031168 ----a-w- c:\windows\SysWow64\ExLVwU.ocx
2013-04-10 15:42 . 2011-05-21 04:02 604672 ----a-w- c:\windows\SysWow64\ExTVwU.ocx
2013-04-10 15:42 . 2009-06-07 13:27 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2013-04-10 15:42 . 2005-04-15 19:58 1351392 ----a-w- c:\windows\SysWow64\comctl32.ocx
2013-04-10 15:42 . 2004-03-09 04:00 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2013-04-10 15:42 . 2000-05-22 16:58 140488 ----a-w- c:\windows\SysWow64\comdlg32.ocx
2013-04-10 15:42 . 1998-06-24 05:00 198456 ----a-w- c:\windows\SysWow64\MCI32.OCX
2013-04-10 15:42 . 2008-01-19 15:34 554008 ----a-w- c:\windows\SysWow64\dao360.dll
2013-04-10 15:42 . 2004-03-09 18:45 212240 ----a-w- c:\windows\SysWow64\richtx32.ocx
2013-04-10 15:42 . 2013-04-10 15:42 -------- d-----w- c:\program files (x86)\7 Sticky Notes
2013-04-10 14:39 . 1998-11-26 23:00 1347344 ----a-w- c:\windows\SysWow64\Msvbvm50.dll
2013-04-10 14:39 . 2013-04-10 14:39 -------- d-----w- c:\program files (x86)\Staxofax
2013-04-10 13:01 . 2013-04-10 13:55 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-04-10 03:59 . 2013-04-10 03:59 -------- d-----w- C:\IObit
2013-04-09 22:34 . 2013-04-11 01:42 163644 ----a-w- c:\windows\SysWow64\drivers\SECDRV.SYS
2013-04-09 18:15 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{29705512-00C0-4762-B8E6-5DC9C122BEEF}\mpengine.dll
2013-04-09 17:57 . 2013-02-22 06:57 17817088 ----a-w- c:\windows\system32\mshtml.dll
2013-04-09 17:57 . 2013-02-22 06:29 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-04-09 17:56 . 2013-03-03 19:13 1513320 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-09 17:56 . 2013-03-05 01:57 2774016 ----a-w- c:\windows\system32\win32k.sys
2013-04-09 17:56 . 2013-03-08 04:18 451072 ----a-w- c:\windows\system32\winsrv.dll
2013-04-09 17:56 . 2013-03-11 13:33 4691304 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-09 17:56 . 2013-03-09 04:16 85504 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-09 17:56 . 2013-03-09 01:48 75264 ----a-w- c:\windows\system32\smss.exe
2013-04-09 17:56 . 2013-03-08 04:17 2425344 ----a-w- c:\windows\system32\mstscax.dll
2013-04-09 17:56 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-08 20:06 . 2013-04-08 20:06 -------- d-----w- c:\windows\FltMgr
2013-04-08 19:28 . 2013-04-08 19:28 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-04-08 19:10 . 2013-04-08 19:10 -------- d-----w- c:\users\E\AppData\Local\Panda Security
2013-04-08 10:24 . 2013-04-08 10:25 -------- d-----w- c:\users\E\Pavark
2013-04-08 10:18 . 2013-04-08 10:18 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-04-08 03:28 . 2013-04-08 03:28 -------- d-----w- c:\program files\HitmanPro
2013-04-08 03:26 . 2013-04-08 10:19 -------- d-----w- c:\programdata\HitmanPro
2013-04-07 04:59 . 2013-04-07 05:00 -------- d-----w- C:\PNotes
2013-04-07 04:50 . 2013-04-07 04:50 -------- d-----w- c:\program files (x86)\CintaNotes
2013-04-05 23:17 . 2013-04-05 23:17 -------- d-----w- c:\users\E\AppData\Local\Help
2013-04-05 22:43 . 2013-04-05 22:46 -------- d-----w- c:\users\E\AppData\Roaming\Downloaded Installations
2013-04-05 18:59 . 2007-02-18 21:11 296960 ----a-w- c:\windows\winhlp32.exe
2013-04-05 18:59 . 2007-02-18 21:11 194560 ----a-w- c:\windows\SysWow64\ftsrch.dll
2013-04-05 18:59 . 2007-02-18 21:11 194560 ----a-w- c:\windows\system32\ftsrch.dll
2013-04-05 18:59 . 2007-02-18 21:11 9728 ----a-w- c:\windows\SysWow64\ftlx041e.dll
2013-04-05 18:59 . 2007-02-18 21:11 9728 ----a-w- c:\windows\system32\ftlx041e.dll
2013-04-05 18:59 . 2007-02-18 21:11 9216 ----a-w- c:\windows\SysWow64\ftlx0411.dll
2013-04-05 18:59 . 2007-02-18 21:11 9216 ----a-w- c:\windows\system32\ftlx0411.dll
2013-04-03 22:29 . 2013-04-06 02:56 -------- d-----w- c:\program files (x86)\Virdi Software
2013-04-03 19:10 . 2013-04-03 19:10 -------- d-----w- c:\program files (x86)\CodeStuff
2013-04-03 19:09 . 2013-04-03 19:09 -------- d-----w- c:\programdata\r2 Studios
2013-04-03 19:07 . 2013-04-03 19:07 -------- d-----w- c:\program files\r2 Studios
2013-04-03 00:54 . 2013-04-03 00:54 46280 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-03-31 02:24 . 2013-04-12 19:40 -------- d-----w- c:\users\E\AutonomyCentralData
2013-03-31 00:38 . 2013-03-31 00:38 -------- d-----w- c:\users\E\vaultletsoft
2013-03-30 22:08 . 2013-03-30 22:09 -------- d-----w- c:\program files (x86)\AutonomyCentral
2013-03-30 07:52 . 2013-04-12 18:22 -------- d-----w- c:\users\E\AppData\Roaming\Wise Care 365
2013-03-29 20:03 . 2013-04-08 03:11 -------- d-----w- c:\users\fbwuser
2013-03-22 17:10 . 2013-02-12 02:18 19456 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-21 23:24 . 2013-03-21 23:24 -------- d-----w- c:\users\E\AppData\Roaming\ActivePresenter
2013-03-20 04:57 . 2013-03-20 04:57 -------- d-----w- c:\program files (x86)\Evernote
2013-03-17 14:10 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-03-17 14:08 . 2013-03-17 14:10 -------- d-----w- c:\program files\iTunes
2013-03-16 07:39 . 2013-03-16 07:39 -------- d-----w- c:\program files (x86)\RealNetworks
2013-03-16 07:37 . 2013-03-16 07:37 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-03-14 15:23 . 2013-03-14 15:23 -------- d-----w- c:\program files\EMCO
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 04:47 . 2013-02-03 18:45 565 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-09 18:02 . 2006-11-02 12:35 72702784 ----a-w- c:\windows\system32\mrt.exe
2013-03-31 18:00 . 2013-01-13 02:26 15712 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-03-12 21:33 . 2013-03-01 19:32 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 21:33 . 2013-03-01 19:32 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 05:10 . 2012-11-28 07:22 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-07 08:06 . 2013-03-07 08:06 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
2013-03-07 05:12 . 2013-03-07 05:12 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
2013-03-06 22:32 . 2012-11-28 07:13 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-06 15:08 . 2013-03-06 15:08 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-06 15:08 . 2013-03-06 15:08 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-06 15:08 . 2013-03-06 15:08 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-06 15:08 . 2013-03-06 15:08 188320 ----a-w- c:\windows\system32\java.exe
2013-03-06 15:08 . 2013-01-16 08:16 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-06 15:08 . 2013-01-16 08:16 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-06 06:11 . 2013-03-06 06:11 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-06 06:11 . 2012-12-04 20:42 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-06 06:03 . 2012-12-04 20:42 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-03 01:10 . 2013-03-03 01:10 216576 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2013-02-27 20:33 . 2013-02-27 20:23 378 ----a-w- c:\users\E\advanced_ip_scanner_MAC.bin
2013-01-28 05:12 . 2013-01-27 23:46 56072 ----a-w- c:\windows\system32\certsentry.dll
2013-01-28 05:12 . 2013-01-27 23:46 47368 ----a-w- c:\windows\SysWow64\certsentry.dll
2013-01-15 23:49 . 2012-12-15 01:29 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-11-30 01:31 . 2012-11-30 01:31 38608 ----a-w- c:\program files (x86)\rndlresolversvc.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 432640]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2013-03-25 6025496]
"tinySpell"="c:\program files (x86)\tinySpell\tinyspell.exe" [2012-11-12 281088]
"F.lux"="c:\users\E\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PCMAgent"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2009-04-10 143360]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"Keybreeze4"="c:\program files (x86)\Keybreeze4\Keybreeze.exe" [2012-12-28 564736]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-30 73832]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-03-16 295512]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"APVXDWIN"="c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\APVXDWIN.EXE" [2012-11-27 1037600]
"SCANINICIO"="c:\program files (x86)\Panda Security\Panda Antivirus Pro 2013\Inicio.exe" [2012-11-08 70432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
.
c:\users\E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Browser.ahk [2013-2-26 812]
Clean.ahk [2013-2-26 332]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-3-19 1086816]
EvernoteTray.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteTray.exe [2013-3-19 395104]
S10 Password Vault.lnk - c:\program files (x86)\S10 Password Vault\S10PasswordVault.exe [2012-4-7 539256]
Staxofax.lnk - c:\program files (x86)\Staxofax\Staxofax.exe [2013-4-10 1798656]
.
c:\users\E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\users\E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cardisabled
Locate32 Autorun.lnk - c:\program files (x86)\Locate32\locate32.exe [2011-7-10 1966080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-15 465216]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 08:10 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-01 21:33]
.
2013-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-31 06:59]
.
2013-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-31 06:59]
.
2013-04-12 c:\windows\Tasks\Wise Care 365.job
- c:\program files (x86)\Wise\Wise Care 365\WiseTray.exe [2013-03-30 13:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-30 1216808]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-26 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-26 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-26 181784]
"ISW"="" [BU]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2013-03-07 1081856]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: S10 Autologin - c:\program files (x86)\S10 Password Vault\AutologinIE.htm
IE: S10 Autotype... - c:\program files (x86)\S10 Password Vault\AutotypeIE.htm
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{9AA56B55-CB12-4A45-A532-D90ED60E7FF8}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\
FF - ExtSQL: 2013-02-28 11:40; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: 2013-03-02 13:27; jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack; c:\users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
FF - ExtSQL: 2013-03-02 13:35; {7CA9CF31-1C73-46CD-8377-85AB71EA771F}; c:\users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi
FF - ExtSQL: 2013-03-02 13:36; {ea61041c-1e22-4400-99a0-aea461e69d04}; c:\users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi
FF - ExtSQL: 2013-03-02 13:36; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; c:\users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF - ExtSQL: 2013-03-02 13:37; donottrackplus@abine.com; c:\users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\extensions\donottrackplus@abine.com
FF - ExtSQL: 2013-03-16 03:39; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: 2013-04-05 14:51; amznUWL2@amazon.com; c:\users\E\AppData\Roaming\Mozilla\Firefox\Profiles\y60a636p.default\extensions\amznUWL2@amazon.com.xpi
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Ghostery IE - c:\program files (x86)\Ghostery IE\Uninstall.exe
AddRemove-Staxofax - c:\windows\System32\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-04-12  16:27:15
ComboFix-quarantined-files.txt  2013-04-12 20:27
ComboFix2.txt  2013-04-12 14:12
.
Pre-Run: 196,821,655,552 bytes free
Post-Run: 196,780,072,960 bytes free
.
- - End Of File - - A5AC8ED026B276D5A7C1725E04DBD87F



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 PM

Posted 12 April 2013 - 06:31 PM


Hello hereandnow

I would like to see a report that combofix makes.

extra combofix report
C:\Qoobox\Add-Remove Programs.txt
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
    • click ok
  • copy and paste the report into this topic for me to review

    Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 hereandnow

hereandnow
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 12 April 2013 - 06:56 PM

Here is the extra Combofix report:
 

 

7 Sticky Notes
AceMoney Lite
ActivePresenter
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Advanced IP Scanner
Advanced SystemCare 6
AnVir Task Manager Free
Apple Application Support
Apple Software Update
AutoHotkey 1.1.09.03
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
CodeStuff Starter
Comodo Dragon
Cool Timer 4.9.1
Cubby
Currate.com/AlwaysMath.com Calculator
CyberLink PowerCinema for TOSHIBA
Dragon NaturallySpeaking 12
DriverMax 6
DVD MovieFactory for TOSHIBA
Edraw Mind Map 6.5
EMCO UnLock IT 3.0
ESET Online Scanner v3
Evernote v. 4.6.4
F.lux
FlashPeak SlimBrowser
focus booster
Free Alarm Clock 2.7.1
Free Countdown Timer 2.7.2
Free Sound Recorder v9.4.1
Free Video Zilla
Ghostery IE
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotspot Shield 2.90
ieSpell
IObit Unlocker
iolo technologies' System Mechanic
Java 7 Update 17
Java Auto Updater
Keybreeze
LibreOffice 4.0 Help Pack (English)
LibreOffice 4.0.1.2
Malwarebytes Anti-Malware version 1.70.0.1100
Marvell Miniport Driver
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
Mozilla Firefox 20.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
OpenOffice.org 3.4.1
OverDrive Media Console
Panda Antivirus Pro 2013
Password Corral v4.0
Password Depot 6 - Panda Secure Vault Edition
PrimoPDF -- brought to you by Nitro PDF Software
QuickBooks Financial Center
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
REALTEK RTL8187B Wireless LAN Driver
RealUpgrade 1.1
Rosetta Stone 2.1.4.1A
S10 Password Vault 4.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Windows Media Encoder (KB2447961)
SlimDrivers
Smart Defrag 2
Startup Delayer v3.0 (build 331)
Staxofax
swMSM
System Checkup 3.4
System Ninja version 2.4.0
System Requirements Lab for Intel
TapinRadio 1.58.2
tinySpell 1.9.44
Toshiba Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Trend Micro RUBotted 2.0 Beta
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
V-Scheduler
WildTangent Games
Windows Media Encoder 9 Series
WinPcap 4.1.1
Wise Care 365 version 2.27
Wunderlist
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm Security
 



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 PM

Posted 12 April 2013 - 07:17 PM


Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove

    • Adobe Reader X (10.1.6)
      Java 7 Update 17


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
  • .



    Update Adobe reader
    • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

      You can download it from http://www.adobe.com/products/acrobat/readstep2.html
      After installing the latest Adobe Reader, uninstall all previous versions.
      If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
      • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

        Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

    Clean Out Temp Files
    • This small application you may want to keep and use once a week to keep the computer clean.

      Download CCleaner from here http://www.ccleaner.com/
      • Run the installer to install the application.
      • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
      • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
      • Click Run Cleaner.
      • Close CCleaner.
: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



    Download HijackThis
    • Go Here to download HijackThis program
    • Save HijackThis to your desktop.
    • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
    • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
    • copy and paste hijackthis report into the topic
    "information and logs"
    • In your next post I need the following
      • Log From MBAM
      • report from Hijackthis
      • let me know of any problems you may have had
      • How is the computer doing now?
    Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 hereandnow

hereandnow
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 12 April 2013 - 09:12 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.13.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
E :: E-PC [administrator]

4/12/2013 9:34:32 PM
mbam-log-2013-04-12 (21-34-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241094
Time elapsed: 14 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:59:49 PM, on 4/12/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2013\WebProxy.exe
C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
C:\Program Files (x86)\AnVir Task Manager Free\anvir.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Program Files (x86)\S10 Password Vault\S10PasswordVault.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files (x86)\Keybreeze4\Keybreeze.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\apvxdwin.exe
C:\Users\E\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [Keybreeze4] "C:\Program Files (x86)\Keybreeze4\Keybreeze.exe"
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\Inicio.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] "C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
O4 - HKCU\..\Run: [tinySpell] C:\Program Files (x86)\tinySpell\tinyspell.exe
O4 - HKCU\..\Run: [F.lux] "C:\Users\E\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - Startup: AutorunsDisabled
O4 - Startup: Browser.ahk
O4 - Startup: cardisabled
O4 - Startup: Clean.ahk
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: EvernoteTray.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
O4 - Startup: S10 Password Vault.lnk = C:\Program Files (x86)\S10 Password Vault\S10PasswordVault.exe
O4 - Startup: Staxofax.lnk = C:\Program Files (x86)\Staxofax\Staxofax.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
O8 - Extra context menu item: S10 Autologin - C:\Program Files (x86)\S10 Password Vault\AutologinIE.htm
O8 - Extra context menu item: S10 Autotype... - C:\Program Files (x86)\S10 Password Vault\AutotypeIE.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AA56B55-CB12-4A45-A532-D90ED60E7FF8}: NameServer = 8.26.56.26,156.154.70.22
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsCtrlS.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PavFnSvr.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\pavsrvx86.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\PskSvc.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2013\TPSrvWow.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 14852 bytes
 

-- No real issues. A short hang of a minute or two while uninstalling one of the programs using Revo: Windows spinning circle. Only that once and it resolved itself.

 

The computer seems to be working well.



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 PM

Posted 12 April 2013 - 09:26 PM


Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
      O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
      O4 - HKLM\..\Run: [Keybreeze4] "C:\Program Files (x86)\Keybreeze4\Keybreeze.exe"
      O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
      O4 - HKCU\..\Run: [F.lux] "C:\Users\E\Local Settings\Apps\F.lux\flux.exe" /noshow
      O4 - Startup: AutorunsDisabled
      O4 - Startup: Browser.ahk
      O4 - Startup: cardisabled
      O4 - Startup: Clean.ahk
      O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
      O4 - Startup: EvernoteTray.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
      O4 - Startup: Staxofax.lnk = C:\Program Files (x86)\Staxofax\Staxofax.exe


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
    • NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brackets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
  • When the scan is complete
    • If no threats were found
      • put a checkmark in "Uninstall application on close"
      • close program
      • report to me that nothing was found
    • If threats were found
      • click on "list of threats found"
      • click on "export to text file" and save it as ESET SCAN and save to the desktop
      • Click on back
      • put a checkmark in "Uninstall application on close"
      • click on finish
      • close program
      • copy and paste the report here
    Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 hereandnow

hereandnow
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 13 April 2013 - 10:42 AM

Good Morning Gringo,

I ran HijackThis last night and removed the entries you suggested. I then ran a full ESSET scan with your selections. No infected files were found.

I had one curious/troubling issue this morning. When I went to use the computer this morning Toshiba Power Cinema was still active. That is one of the one of the items checked for removal in HijackThis. I had not yet done a reboot but it did not occur to me to try this first. Instead I just started Hijack again to verify that it had been selected last night.

  • I received the following message on starting up the HijackThis program: "For some reason you system was denied access to the Hosts file. If any hijack domains are in this file, HijackThis may NOT be able to fix this."


Then instruction for resolving it manually.

  • I rebooted and restarted HijackThis again and received the same message.


Is this message due to something besides malware?

A little bit paranoid about “wee beasties” that might be lucking on my machine I have tried to keep my internet surfing to a minimum while we have gone through this process. I did feel a little more relaxed and do *some* surfing on this computer but spent most of my non-Gringo internet time on another one.

You suggested CCleaner last night. I had this on my machine and and set to clean on each boot, otherwise I would have offered my history logs in figuring out if this is a reinfection or enduring malware. If it is that of course and not some software issue. If my DNS logs would be useful in determining if this is a reinfection I am happy to provide them and would just need the appropriate command to open the logs.

What would be the next step? Should I follow Vista instructions to re-rerun Hijack this as an administrator? Any instructions from there?

Thanks for your continued assistance.

 



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 PM

Posted 14 April 2013 - 10:07 AM

Hello


reboot the computer and rerun hijackthis as admin (right click and select run as admin) if the entries are still there then put a check in them this time and select fix



restart the computer and check again
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users