Jump to content

wallysurfr

Honorary Members
 View Profile  See their activity

  • Posts

    33

  • Joined

  • Last visited

 Content Type 

Everything posted by wallysurfr

  1. wallysurfr
    ok, I'll do that all around 4 pm this afternoon. Sorry, i work for the government so I can't bring my laptop to work with me. Thanks!
  2. wallysurfr
    No, no error messages. If I start up like usual and select my profile it goes to blank screen with mouse cursor for 20-30 minutes (longest I've waited without manually powering off, logging off to switch profiles). I ctrl alt delete, log off switch user and can get my wifes profile to load normally. I can also get her profile to load normally when starting up. I power down manually, select start in safe mode w/ networking in order to get to my profile. I have no problem deleting my profile and starting a new one or just using my wife's profile from now on. I have everything backed up on an external hard drive.
  3. wallysurfr
    Here it is. After the reboot, I had to start in safe mode still it wouldn't load to my profile although I dont think my wife has had any issues on her profile. OTL logfile created on: 11/6/2012 11:28:28 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Travis\Desktop\Malware Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 80.12% Memory free 3.96 Gb Paging File | 3.75 Gb Available in Paging File | 94.65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 231.42 Gb Total Space | 146.89 Gb Free Space | 63.48% Space Free | Partition Type: NTFS Computer Name: TRAVIS-PC | User Name: Travis | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Travis\Desktop\Malware\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (cfa9ec882a0a98d6) -- C:\Windows\System32\drivers\cfa9ec882a0a98d6.sys () SRV - (MBAMService) -- C:\Users\Travis\Desktop\Malwarebites' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Users\Travis\Desktop\Malwarebites' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (SeagateDashboardService) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo) SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe () SRV - (pinger) -- C:\Toshiba\IVP\ISM\pinger.exe () SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) ========== Driver Services (SafeList) ========== DRV - (WPN111) -- system32\DRIVERS\WPN111v.sys File not found DRV - (TpChoice) -- system32\DRIVERS\TpChoice.sys File not found DRV - (Tosrfcom) -- File not found DRV - (spubrx) -- System32\drivers\gelnu.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (CFcatchme) -- C:\Users\Travis\AppData\Local\Temp\CFcatchme.sys File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies) DRV - (cfa9ec882a0a98d6) -- C:\Windows\System32\drivers\cfa9ec882a0a98d6.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Tcpip6) -- C:\Windows\System32\drivers\tcpip.sys () DRV - (Tcpip) -- C:\Windows\System32\drivers\tcpip.sys () DRV - (tunnel) -- C:\Windows\System32\drivers\tunnel.sys () DRV - (tunmp) -- C:\Windows\System32\drivers\TUNMP.SYS () DRV - (srv) -- C:\Windows\System32\drivers\srv.sys () DRV - (srvnet) -- C:\Windows\System32\drivers\srvnet.sys () DRV - (srv2) -- C:\Windows\System32\drivers\srv2.sys () DRV - (Wdf01000) -- C:\Windows\System32\drivers\Wdf01000.sys () DRV - (sermouse) -- C:\Windows\System32\drivers\sermouse.sys () DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (usbhub) -- C:\Windows\System32\drivers\usbhub.sys () DRV - (usbccgp) -- C:\Windows\System32\drivers\usbccgp.sys () DRV - (usbehci) -- C:\Windows\System32\drivers\usbehci.sys () DRV - (usbohci) -- C:\Windows\System32\drivers\usbohci.sys () DRV - (sdbus) -- C:\Windows\System32\drivers\sdbus.sys () DRV - (sffdisk) -- C:\Windows\System32\drivers\sffdisk.sys () DRV - (sffp_sd) -- C:\Windows\System32\drivers\sffp_sd.sys () DRV - (NDIS) -- C:\Windows\System32\drivers\ndis.sys () DRV - (Rasl2tp) -- C:\Windows\System32\drivers\rasl2tp.sys () DRV - (PptpMiniport) -- C:\Windows\System32\drivers\raspptp.sys () DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys () DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS () DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys () DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys () DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (DNISp50) -- C:\Windows\System32\drivers\DNISP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (DNIMp50) -- C:\Windows\System32\drivers\DNIMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (NativeWifiP) -- C:\Windows\System32\drivers\nwifi.sys () DRV - (QWAVEdrv) -- C:\Windows\System32\drivers\qwavedrv.sys () DRV - (Ntfs) -- C:\Windows\System32\drivers\ntfs.sys () DRV - (volmgrx) -- C:\Windows\System32\drivers\volmgrx.sys () DRV - (volsnap) -- C:\Windows\System32\drivers\volsnap.sys () DRV - (pcmcia) -- C:\Windows\System32\drivers\pcmcia.sys () DRV - (pci) -- C:\Windows\System32\drivers\pci.sys () DRV - (nv_agp) -- C:\Windows\System32\drivers\NV_AGP.SYS () DRV - (TermDD) -- C:\Windows\System32\drivers\termdd.sys () DRV - (volmgr) -- C:\Windows\System32\drivers\volmgr.sys () DRV - (Mup) -- C:\Windows\System32\drivers\mup.sys () DRV - (partmgr) -- C:\Windows\System32\drivers\partmgr.sys () DRV - (sbp2port) -- C:\Windows\System32\drivers\sbp2port.sys () DRV - (uliagpkx) -- C:\Windows\System32\drivers\ULIAGPKX.SYS () DRV - (uagp35) -- C:\Windows\System32\drivers\UAGP35.SYS () DRV - (viaagp) -- C:\Windows\System32\drivers\VIAAGP.SYS () DRV - (Wd) -- C:\Windows\System32\drivers\wd.sys () DRV - (spldr) -- C:\Windows\System32\drivers\spldr.sys () DRV - (pciide) -- C:\Windows\System32\drivers\pciide.sys () DRV - (swenum) -- C:\Windows\System32\drivers\swenum.sys () DRV - (usbprint) -- C:\Windows\System32\drivers\usbprint.sys () DRV - (StillCam) -- C:\Windows\System32\drivers\serscan.sys () DRV - (usbscan) -- C:\Windows\System32\drivers\usbscan.sys () DRV - (PEAUTH) -- C:\Windows\System32\drivers\PEAuth.sys () DRV - (WpdUsb) -- C:\Windows\System32\drivers\WpdUsb.sys () DRV - (rdpdr) -- C:\Windows\System32\drivers\rdpdr.sys () DRV - (RDPWD) -- C:\Windows\System32\drivers\rdpwd.sys () DRV - (tssecsrv) -- C:\Windows\System32\drivers\tssecsrv.sys () DRV - (TDTCP) -- C:\Windows\System32\drivers\tdtcp.sys () DRV - (TDPIPE) -- C:\Windows\System32\drivers\tdpipe.sys () DRV - (RDPENCDD) -- C:\Windows\System32\drivers\RDPENCDD.sys () DRV - (RDPCDD) -- C:\Windows\System32\drivers\RDPCDD.sys () DRV - (ws2ifsl) -- C:\Windows\System32\drivers\ws2ifsl.sys () DRV - (NdisWan) -- C:\Windows\System32\drivers\ndiswan.sys () DRV - (Wanarpv6) -- C:\Windows\System32\drivers\wanarp.sys () DRV - (Wanarp) -- C:\Windows\System32\drivers\wanarp.sys () DRV - (RasAcd) -- C:\Windows\System32\drivers\rasacd.sys () DRV - (RasPppoe) -- C:\Windows\System32\drivers\raspppoe.sys () DRV - (NDProxy) -- C:\Windows\System32\drivers\ndproxy.sys () DRV - (NdisTapi) -- C:\Windows\System32\drivers\ndistapi.sys () DRV - (tcpipreg) -- C:\Windows\System32\drivers\tcpipreg.sys () DRV - (tdx) -- C:\Windows\System32\drivers\tdx.sys () DRV - (PSched) -- C:\Windows\System32\drivers\pacer.sys () DRV - (nsiproxy) -- C:\Windows\System32\drivers\nsiproxy.sys () DRV - (NetBIOS) -- C:\Windows\System32\drivers\netbios.sys () DRV - (Ndisuio) -- C:\Windows\System32\drivers\ndisuio.sys () DRV - (netbt) -- C:\Windows\System32\drivers\netbt.sys () DRV - (Smb) -- C:\Windows\System32\drivers\smb.sys () DRV - (rspndr) -- C:\Windows\System32\drivers\rspndr.sys () DRV - (umbus) -- C:\Windows\System32\drivers\umbus.sys () DRV - (usbvideo) -- C:\Windows\System32\drivers\usbvideo.sys () DRV - (ohci1394) -- C:\Windows\System32\drivers\ohci1394.sys () DRV - (usbcir) -- C:\Windows\System32\drivers\usbcir.sys () DRV - (USBSTOR) -- C:\Windows\System32\drivers\USBSTOR.SYS () DRV - (usbuhci) -- C:\Windows\System32\drivers\usbuhci.sys () DRV - (WUDFRd) -- C:\Windows\System32\drivers\WUDFRd.sys () DRV - (vga) -- C:\Windows\System32\drivers\vgapnp.sys () DRV - (VgaSave) -- C:\Windows\System32\drivers\vga.sys () DRV - (WacomPen) -- C:\Windows\System32\drivers\wacompen.sys () DRV - (sfloppy) -- C:\Windows\System32\drivers\sfloppy.sys () DRV - (sffp_mmc) -- C:\Windows\System32\drivers\sffp_mmc.sys () DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys () DRV - (Parport) -- C:\Windows\System32\drivers\parport.sys () DRV - (Serenum) -- C:\Windows\System32\drivers\serenum.sys () DRV - (Parvdm) -- C:\Windows\System32\drivers\parvdm.sys () DRV - (Null) -- C:\Windows\System32\drivers\null.sys () DRV - (WmiAcpi) -- C:\Windows\System32\drivers\wmiacpi.sys () DRV - (rdbss) -- C:\Windows\System32\drivers\rdbss.sys () DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys () DRV - (Npfs) -- C:\Windows\System32\drivers\npfs.sys () DRV - (ViaC7) -- C:\Windows\System32\drivers\viac7.sys () DRV - (Processor) -- C:\Windows\System32\drivers\processr.sys () DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys () DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS () DRV - (KR3NPXP) -- C:\Windows\System32\drivers\kr3npxp.sys (TOSHIBA CORPORATION) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION) DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {DF4BB4D7-B671-420B-9EF1-DA690996CC9B} IE - HKLM\..\SearchScopes\{DF4BB4D7-B671-420B-9EF1-DA690996CC9B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms} IE - HKCU\..\SearchScopes\{DF4BB4D7-B671-420B-9EF1-DA690996CC9B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHB_en IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Yahoo" FF - prefs.js..browser.search.order.2: "" FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20121145,6902,0,62,0" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20121145,16900,0,62,0" FF - prefs.js..extensions.enabledAddons: addon@defaulttab.com:1.4.2 FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.7.20120315050400 FF - prefs.js..extensions.enabledItems: FF - prefs.js..extensions.enabledItems: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0 FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={AB969AB6-0C78-4DFA-9EC9-0FAE1070218C}&Version=3.6.5&Vintage=20121145&Defaultbrowserid=62&Productid=2875&Vendorid=6923&Offerid=6894&searchterm=" FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20121145,6902,0,62,0&p=" FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\Windows\ [2012/10/29 16:44:07 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Users\Travis\Desktop\TVUPlayer\npTVUAx.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/06 12:57:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/29 07:09:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/29 07:09:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/06 12:57:41 | 000,000,000 | ---D | M] [2009/04/10 21:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Travis\AppData\Roaming\Mozilla\Extensions [2012/11/06 23:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\i8lwgax1.default\extensions [2012/11/06 22:46:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\i8lwgax1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012/11/06 22:46:57 | 000,022,426 | ---- | M] () (No name found) -- C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\i8lwgax1.default\extensions\addon@defaulttab.com.xpi [2012/10/08 14:31:45 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\i8lwgax1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012/11/06 22:47:35 | 000,001,982 | ---- | M] () -- C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\i8lwgax1.default\searchplugins\search-here.xml [2012/02/18 18:13:21 | 000,002,270 | ---- | M] () -- C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\i8lwgax1.default\searchplugins\SearchTheWeb.xml [2012/10/29 07:09:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/10/29 07:09:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/10/29 07:09:27 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2012/10/07 19:13:38 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/12/28 14:18:04 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml [2012/10/20 15:21:32 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/05/09 12:38:09 | 000,000,761 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe () O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe () O4 - HKLM..\Run: [smoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\RunOnce: [] File not found O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Users\Travis\Desktop\Malwarebites' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [OTM] C:\Users\Travis\Downloads\OTM(1).exe (OldTimer Tools) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: ameritrade.com ([wwws] https in Trusted sites) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AB2B725-E653-4CE8-8901-25D3A80E2B40}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE3F9AD2-278E-4433-A8E1-5877D8C48DD5}: DhcpNameServer = 192.168.1.1 O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/11/06 23:20:06 | 000,000,000 | ---D | C] -- C:\_OTL [2012/10/29 16:44:07 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/10/29 16:44:07 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\temp [2012/10/29 16:39:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/10/29 13:54:06 | 000,000,000 | ---D | C] -- C:\_OTM [2012/10/29 12:28:08 | 000,000,000 | ---D | C] -- C:\Users\Travis\Desktop\Malware [2012/10/29 10:33:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/10/29 10:33:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/10/29 10:33:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2012/10/29 10:33:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/10/29 10:33:04 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/10/29 10:31:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/10/29 07:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/10/28 18:36:56 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Roaming\Malwarebytes [2012/10/28 18:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/10/28 18:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebites' Anti-Malware [2012/10/28 18:36:32 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/10/28 18:36:30 | 000,000,000 | ---D | C] -- C:\Users\Travis\Desktop\Malwarebites' Anti-Malware [2012/10/15 18:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012/10/12 09:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012/10/12 09:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2012/10/08 11:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/10/08 11:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/10/08 07:51:28 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Roaming\Avira [2012/10/08 07:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/10/08 07:43:43 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012/10/08 07:43:23 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012/10/08 07:43:22 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012/10/08 07:43:22 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012/10/08 07:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/10/08 07:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avira ========== Files - Modified Within 30 Days ========== [2012/11/06 23:24:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/06 23:22:04 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012/11/06 23:21:57 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/06 23:21:57 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/06 18:21:10 | 000,617,662 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/11/06 18:21:10 | 000,103,440 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/11/02 21:04:59 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{941602F2-06FF-41EB-9E8F-47B31ACA879A}.job [2012/10/20 10:23:24 | 000,405,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/10/15 18:15:05 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012/10/15 18:15:05 | 000,001,958 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012/10/08 11:41:10 | 000,000,881 | ---- | M] () -- C:\Users\Travis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/10/08 11:41:10 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/10/08 07:45:01 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk ========== Files Created - No Company Name ========== [2012/10/29 10:33:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/10/29 10:33:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/10/29 10:33:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/10/29 10:33:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/10/29 10:33:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/10/12 09:56:15 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012/10/12 09:56:15 | 000,001,958 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012/10/08 11:41:10 | 000,000,869 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/10/08 11:41:10 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/10/08 07:45:01 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/10/04 15:10:58 | 000,060,160 | ---- | C] () -- C:\Windows\System32\drivers\cfa9ec882a0a98d6.sys [2012/05/18 07:49:48 | 000,206,405 | ---- | C] () -- C:\Windows\hpoins49.dat [2012/05/18 07:49:48 | 000,001,241 | ---- | C] () -- C:\Windows\hpomdl49.dat [2012/04/25 11:11:36 | 000,043,520 | ---- | C] () -- C:\Windows\System32\drivers\usbaapl.sys [2011/10/06 12:45:18 | 000,205,845 | ---- | C] () -- C:\Windows\hpoins46.dat [2011/10/06 12:45:18 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat [2008/01/05 17:24:59 | 000,007,268 | ---- | C] () -- C:\Users\Travis\AppData\Local\d3d9caps.dat [2007/12/28 18:32:48 | 000,000,000 | ---- | C] () -- C:\Users\Travis\AppData\Roaming\wklnhst.dat [2007/07/12 12:24:30 | 001,306,822 | ---- | C] () -- C:\Program Files\research.cdd ========== ZeroAccess Check ========== [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2008/11/06 07:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/02 23:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 04:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >
  4. wallysurfr
    Done, see below. Thanks! RogueKiller V8.2.2 [11/03/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6000 ) 32 bits version Started in : Safe mode with network support User : Travis [Admin rights] Mode : Scan -- Date : 11/06/2012 22:51:23 ¤¤¤ Bad processes : 2 ¤¤¤ [sUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Travis\Desktop\Malwarebites' Anti-Malware\mbamext.dll -> UNLOADED [sUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Travis\Desktop\Malwarebites' Anti-Malware\mbamext.dll -> UNLOADED ¤¤¤ Registry Entries : 5 ¤¤¤ [RUN][sUSP PATH] HKUS\S-1-5-21-2714218306-2716712880-2844936835-1001[...]\Run : SmileboxTray ("C:\Users\Jacqueline\AppData\Roaming\Smilebox\SmileboxTray.exe") -> FOUND [RUN][sUSP PATH] HKLM\[...]\RunOnce : Malwarebytes Anti-Malware (C:\Users\Travis\Desktop\Malwarebites' Anti-Malware\mbamgui.exe /install /silent) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: FUJITSU MHX2250BT ATA Device +++++ --- User --- [MBR] 5fda213a8146ffd7df142aa50ce8c7a4 [bSP] 2c60e3e08a4fa002faabe1a5a0bd19e2 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 236974 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_11062012_02d2251.txt >> RKreport[1]_S_11062012_02d2251.txt
  5. wallysurfr
    I remember doing this last time. I just did it again and it says I do not have permissions to open this file. Contact admin to obtain permission.
  6. wallysurfr
    OTL Extras logfile created on: 11/6/2012 7:54:04 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Travis\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 75.46% Memory free 3.96 Gb Paging File | 3.67 Gb Available in Paging File | 92.71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 231.42 Gb Total Space | 146.80 Gb Free Space | 63.43% Space Free | Partition Type: NTFS Computer Name: TRAVIS-PC | User Name: Travis | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-2714218306-2716712880-2844936835-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-2714218306-2716712880-2844936835-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003B5184-F3DF-AF76-CB17-D35B7BB46B81}" = CCC Help Japanese "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0 "{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0E9C4531-58C4-4349-AD2F-A4D999E451EC}" = TOSHIBA Music "{0F6932CF-E642-5A7A-8194-3F7443188287}" = CCC Help Turkish "{103A43D9-9ED8-E78D-7BF1-E536DFE6FC9F}" = Catalyst Control Center Localization Greek "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{12887AF2-AE16-34CC-E85C-637DF6911C8C}" = Catalyst Control Center Localization Turkish "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{13614186-B0A0-AA21-F75A-2097F9167DB8}" = CCC Help Portuguese "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{177B615E-47B1-C1C4-6F3B-7D6FEB8D4564}" = CCC Help Thai "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar "{26210745-925C-8AE4-F3B9-5FA737A1F6F2}" = CCC Help Russian "{2768CDA5-57DA-59D4-884F-A0F8A5B36D3E}" = CCC Help Finnish "{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}" = HP ePrint Mobile "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{29DC966A-DA3E-3ED4-68E7-6D3D9A055B42}" = Catalyst Control Center Localization Korean "{2E7A9DDC-E062-0074-08AB-DE7D1B431F75}" = Catalyst Control Center Localization Chinese Traditional "{2FAE3800-CC47-C556-C57F-A91851BF7854}" = CCC Help French "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6 "{33824DAC-3F98-0BB6-56D5-7DE1A3CCC068}" = Catalyst Control Center Localization German "{3621A2DF-0870-FE7E-674F-1DBCB18C5D22}" = ccc-utility "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba "{3F11CE8A-388B-0D3A-DF6F-061F23A13D26}" = CCC Help Korean "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0 "{41DD15BE-811D-7DEF-19A9-30AF18F75EFF}" = Catalyst Control Center Localization Thai "{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades "{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min "{4E484899-4F93-4086-88BA-56BDDF47A776}" = HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{52F368DE-06BD-E116-9233-D1DE207BDFE6}" = CCC Help Dutch "{53BABC75-1DC1-479B-224B-1EB9E18A799B}" = CCC Help German "{55C4B9E9-39C8-4BD6-9BCF-41BE40393A5F}" = D110 "{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio "{56797214-1A4C-052E-1ECE-B00308BF3362}" = CCC Help Chinese Standard "{572D71E9-5102-74B3-5D22-DEDF911F7FE5}" = CCC Help Italian "{582BA1F1-FAB4-41AD-A5E3-4A9535343461}" = PS_AIO_07_C310_SW_Min "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status "{5BA0C9F0-3B01-91A3-6922-4DCF943D9CBE}" = CCC Help English "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{6080CE3C-2CB3-2FA3-1CE2-3350B06664BC}" = CCC Help Swedish "{611E35B8-7F46-DDBB-CC4F-FAAED6C054FF}" = Catalyst Control Center Localization Spanish "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{678F1F2D-F214-08D4-67FB-AC04316C4940}" = ccc-core-static "{6A0B868C-89BE-ACF1-8C0A-CC88878A9E46}" = Catalyst Control Center Localization Russian "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes "{6C4734CF-A10C-DFF4-5565-457F33849862}" = Catalyst Control Center Localization Swedish "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6DECCD60-782D-7B14-22DE-FB8D6EA46433}" = CCC Help Polish "{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{715044AC-B95E-4CD0-9B0C-CEDDB422F93B}" = CCC Help Czech "{724A8BEC-B350-1C76-C580-959AEA487108}" = Catalyst Control Center Localization Japanese "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7994AA46-4BA6-4349-1606-1DF4148CE05B}" = CCC Help Hungarian "{7AFBAC39-F6A8-9F8D-6A6D-F134F7E34B6E}" = Catalyst Control Center Localization Danish "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{845D19A7-0BBF-12DF-87CF-F5D468930EA6}" = Catalyst Control Center Localization Czech "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}" = HP Photosmart All-In-One Software 9.0 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content "{90BF970B-3335-CFD5-711C-9FE0310A97C0}" = CCC Help Greek "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business "{926593ED-3962-4630-7CE3-34FF1B4ACCF3}" = Catalyst Control Center Localization Finnish "{9EB0D4D4-87A5-52F5-C59C-159F81BED0E6}" = Catalyst Control Center Graphics Previews Vista "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A91383E9-0311-DB40-6AF6-3F9E80F83E84}" = Catalyst Control Center Localization Portuguese "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8 "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B1211E68-4DA2-7942-BE75-14272A8C1EA9}" = Catalyst Control Center Localization Dutch "{B1F8FA80-EFA5-EC12-AD36-F5266EF90B61}" = CCC Help Danish "{B4369E44-8703-E769-A711-40EE5000AC2C}" = Catalyst Control Center Core Implementation "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B7DE7B5E-4A2B-B709-E133-EC74C81E654A}" = Catalyst Control Center Graphics Full New "{B87A3B9F-7632-E053-2148-8EDD1A787B78}" = Catalyst Control Center Localization Chinese Standard "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard "{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration "{C7EA6173-A2B8-D45E-A0EE-74F8D2C58D30}" = Catalyst Control Center Localization Hungarian "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D1C3920F-1DC3-A2FA-BF5E-7497B5EF072E}" = Catalyst Control Center Localization Norwegian "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D95AAA04-9BEF-54B3-CD70-348AC1155DAB}" = Catalyst Control Center Graphics Full Existing "{D9C7C58C-AC51-EDBF-CF22-E4E1B93ED50D}" = Skins "{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI "{DDC4619D-1DC8-C2A7-4968-45586F237131}" = CCC Help Norwegian "{E015B7D9-01AD-FE29-052A-489F4F29ED7F}" = Catalyst Control Center Graphics Light "{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer "{E7511B20-2857-3F50-1B84-F0F32C519FE1}" = CCC Help Chinese Traditional "{EB5BE9DE-6025-6227-0C25-AE5C852EC479}" = Catalyst Control Center Localization Polish "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{EC28331A-FF2B-6D66-D8A0-32C706AEA120}" = CCC Help Spanish "{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F2B27034-6059-0549-F01A-4BD9865521B1}" = Catalyst Control Center Localization French "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FBE6B550-A93E-AA46-1DBB-421EC319E2DA}" = Catalyst Control Center Localization Italian "{FE651900-D014-482F-AEBC-2928F57D1FB0}" = C310 "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player "ATI Uninstaller" = ATI Uninstaller "Avira AntiVir Desktop" = Avira Free Antivirus "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "Desktop Dialer" = Desktop Dialer "Glary Utilities_is1" = Glary Utilities 2.33.0.1158 "Google Desktop" = Google Desktop "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Photo Creations" = HP Photo Creations "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Internet Offers from Toshiba" = Internet Offers "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "oggcodecs" = oggcodecs 0.71.0946 "Picasa2" = Picasa 2 "Shop for HP Supplies" = Shop for HP Supplies "TOSHIBA Game Console" = TOSHIBA Game Console "TOSHIBA Media Center Game Console" = TOSHIBA Media Center Game Console "TOSHIBA Software Modem" = TOSHIBA Software Modem "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WT022084" = Bejeweled 2 Deluxe "WT022085" = Blackhawk Striker 2 "WT022086" = Blasterball 3 "WT022087" = Diner Dash - Flo on the Go "WT022089" = FATE "WT022090" = Mah Jong Quest "WT022091" = Penguins! "WT022092" = Polar Bowler "WT022093" = Polar Golfer "Yahoo! Companion" = Yahoo! Toolbar ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2714218306-2716712880-2844936835-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Smilebox" = Smilebox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10/29/2012 1:12:32 PM | Computer Name = Travis-PC | Source = EventSystem | ID = 4609 Description = Error - 10/29/2012 1:27:35 PM | Computer Name = Travis-PC | Source = EventSystem | ID = 4609 Description = Error - 10/29/2012 1:30:59 PM | Computer Name = Travis-PC | Source = EventSystem | ID = 4609 Description = Error - 10/29/2012 3:08:28 PM | Computer Name = Travis-PC | Source = EventSystem | ID = 4609 Description = Error - 10/29/2012 3:55:56 PM | Computer Name = Travis-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584 Description = Error - 10/29/2012 4:09:23 PM | Computer Name = Travis-PC | Source = EventSystem | ID = 4609 Description = Error - 10/29/2012 4:11:19 PM | Computer Name = Travis-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584 Description = Error - 10/29/2012 4:59:23 PM | Computer Name = Travis-PC | Source = EventSystem | ID = 4609 Description = Error - 11/6/2012 7:19:02 PM | Computer Name = Travis-PC | Source = EventSystem | ID = 4609 Description = Error - 11/6/2012 7:19:32 PM | Computer Name = Travis-PC | Source = EventSystem | ID = 4609 Description = [ System Events ] Error - 11/6/2012 7:18:48 PM | Computer Name = Travis-PC | Source = Service Control Manager | ID = 7022 Description = Error - 11/6/2012 7:18:49 PM | Computer Name = Travis-PC | Source = DCOM | ID = 10005 Description = Error - 11/6/2012 7:18:49 PM | Computer Name = Travis-PC | Source = DCOM | ID = 10005 Description = Error - 11/6/2012 7:18:49 PM | Computer Name = Travis-PC | Source = Service Control Manager | ID = 7026 Description = Error - 11/6/2012 7:19:01 PM | Computer Name = Travis-PC | Source = DCOM | ID = 10005 Description = Error - 11/6/2012 7:19:02 PM | Computer Name = Travis-PC | Source = Service Control Manager | ID = 7023 Description = Error - 11/6/2012 7:19:04 PM | Computer Name = Travis-PC | Source = DCOM | ID = 10005 Description = Error - 11/6/2012 7:19:06 PM | Computer Name = Travis-PC | Source = DCOM | ID = 10005 Description = Error - 11/6/2012 7:19:32 PM | Computer Name = Travis-PC | Source = DCOM | ID = 10005 Description = Error - 11/6/2012 7:19:32 PM | Computer Name = Travis-PC | Source = DCOM | ID = 10005 Description = < End of report >
  7. wallysurfr
    OTL logfile created on: 11/6/2012 7:54:04 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Travis\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 75.46% Memory free 3.96 Gb Paging File | 3.67 Gb Available in Paging File | 92.71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 231.42 Gb Total Space | 146.80 Gb Free Space | 63.43% Space Free | Partition Type: NTFS Computer Name: TRAVIS-PC | User Name: Travis | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Travis\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (cfa9ec882a0a98d6) -- C:\Windows\System32\drivers\cfa9ec882a0a98d6.sys () SRV - (MBAMService) -- C:\Users\Travis\Desktop\Malwarebites' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Users\Travis\Desktop\Malwarebites' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (SeagateDashboardService) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo) SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe () SRV - (pinger) -- C:\Toshiba\IVP\ISM\pinger.exe () SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) ========== Driver Services (SafeList) ========== DRV - (WPN111) -- system32\DRIVERS\WPN111v.sys File not found DRV - (TpChoice) -- system32\DRIVERS\TpChoice.sys File not found DRV - (Tosrfcom) -- File not found DRV - (spubrx) -- System32\drivers\gelnu.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (CFcatchme) -- C:\Users\Travis\AppData\Local\Temp\CFcatchme.sys File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies) DRV - (cfa9ec882a0a98d6) -- C:\Windows\System32\drivers\cfa9ec882a0a98d6.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Tcpip6) -- C:\Windows\System32\drivers\tcpip.sys () DRV - (Tcpip) -- C:\Windows\System32\drivers\tcpip.sys () DRV - (tunnel) -- C:\Windows\System32\drivers\tunnel.sys () DRV - (tunmp) -- C:\Windows\System32\drivers\TUNMP.SYS () DRV - (srv) -- C:\Windows\System32\drivers\srv.sys () DRV - (srvnet) -- C:\Windows\System32\drivers\srvnet.sys () DRV - (srv2) -- C:\Windows\System32\drivers\srv2.sys () DRV - (Wdf01000) -- C:\Windows\System32\drivers\Wdf01000.sys () DRV - (sermouse) -- C:\Windows\System32\drivers\sermouse.sys () DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (usbhub) -- C:\Windows\System32\drivers\usbhub.sys () DRV - (usbccgp) -- C:\Windows\System32\drivers\usbccgp.sys () DRV - (usbehci) -- C:\Windows\System32\drivers\usbehci.sys () DRV - (usbohci) -- C:\Windows\System32\drivers\usbohci.sys () DRV - (sdbus) -- C:\Windows\System32\drivers\sdbus.sys () DRV - (sffdisk) -- C:\Windows\System32\drivers\sffdisk.sys () DRV - (sffp_sd) -- C:\Windows\System32\drivers\sffp_sd.sys () DRV - (NDIS) -- C:\Windows\System32\drivers\ndis.sys () DRV - (Rasl2tp) -- C:\Windows\System32\drivers\rasl2tp.sys () DRV - (PptpMiniport) -- C:\Windows\System32\drivers\raspptp.sys () DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys () DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS () DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys () DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys () DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (DNISp50) -- C:\Windows\System32\drivers\DNISP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (DNIMp50) -- C:\Windows\System32\drivers\DNIMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (NativeWifiP) -- C:\Windows\System32\drivers\nwifi.sys () DRV - (QWAVEdrv) -- C:\Windows\System32\drivers\qwavedrv.sys () DRV - (Ntfs) -- C:\Windows\System32\drivers\ntfs.sys () DRV - (volmgrx) -- C:\Windows\System32\drivers\volmgrx.sys () DRV - (volsnap) -- C:\Windows\System32\drivers\volsnap.sys () DRV - (pcmcia) -- C:\Windows\System32\drivers\pcmcia.sys () DRV - (pci) -- C:\Windows\System32\drivers\pci.sys () DRV - (nv_agp) -- C:\Windows\System32\drivers\NV_AGP.SYS () DRV - (TermDD) -- C:\Windows\System32\drivers\termdd.sys () DRV - (volmgr) -- C:\Windows\System32\drivers\volmgr.sys () DRV - (Mup) -- C:\Windows\System32\drivers\mup.sys () DRV - (partmgr) -- C:\Windows\System32\drivers\partmgr.sys () DRV - (sbp2port) -- C:\Windows\System32\drivers\sbp2port.sys () DRV - (uliagpkx) -- C:\Windows\System32\drivers\ULIAGPKX.SYS () DRV - (uagp35) -- C:\Windows\System32\drivers\UAGP35.SYS () DRV - (viaagp) -- C:\Windows\System32\drivers\VIAAGP.SYS () DRV - (Wd) -- C:\Windows\System32\drivers\wd.sys () DRV - (spldr) -- C:\Windows\System32\drivers\spldr.sys () DRV - (pciide) -- C:\Windows\System32\drivers\pciide.sys () DRV - (swenum) -- C:\Windows\System32\drivers\swenum.sys () DRV - (usbprint) -- C:\Windows\System32\drivers\usbprint.sys () DRV - (StillCam) -- C:\Windows\System32\drivers\serscan.sys () DRV - (usbscan) -- C:\Windows\System32\drivers\usbscan.sys () DRV - (PEAUTH) -- C:\Windows\System32\drivers\PEAuth.sys () DRV - (WpdUsb) -- C:\Windows\System32\drivers\WpdUsb.sys () DRV - (rdpdr) -- C:\Windows\System32\drivers\rdpdr.sys () DRV - (RDPWD) -- C:\Windows\System32\drivers\rdpwd.sys () DRV - (tssecsrv) -- C:\Windows\System32\drivers\tssecsrv.sys () DRV - (TDTCP) -- C:\Windows\System32\drivers\tdtcp.sys () DRV - (TDPIPE) -- C:\Windows\System32\drivers\tdpipe.sys () DRV - (RDPENCDD) -- C:\Windows\System32\drivers\RDPENCDD.sys () DRV - (RDPCDD) -- C:\Windows\System32\drivers\RDPCDD.sys () DRV - (ws2ifsl) -- C:\Windows\System32\drivers\ws2ifsl.sys () DRV - (NdisWan) -- C:\Windows\System32\drivers\ndiswan.sys () DRV - (Wanarpv6) -- C:\Windows\System32\drivers\wanarp.sys () DRV - (Wanarp) -- C:\Windows\System32\drivers\wanarp.sys () DRV - (RasAcd) -- C:\Windows\System32\drivers\rasacd.sys () DRV - (RasPppoe) -- C:\Windows\System32\drivers\raspppoe.sys () DRV - (NDProxy) -- C:\Windows\System32\drivers\ndproxy.sys () DRV - (NdisTapi) -- C:\Windows\System32\drivers\ndistapi.sys () DRV - (tcpipreg) -- C:\Windows\System32\drivers\tcpipreg.sys () DRV - (tdx) -- C:\Windows\System32\drivers\tdx.sys () DRV - (PSched) -- C:\Windows\System32\drivers\pacer.sys () DRV - (nsiproxy) -- C:\Windows\System32\drivers\nsiproxy.sys () DRV - (NetBIOS) -- C:\Windows\System32\drivers\netbios.sys () DRV - (Ndisuio) -- C:\Windows\System32\drivers\ndisuio.sys () DRV - (netbt) -- C:\Windows\System32\drivers\netbt.sys () DRV - (Smb) -- C:\Windows\System32\drivers\smb.sys () DRV - (rspndr) -- C:\Windows\System32\drivers\rspndr.sys () DRV - (umbus) -- C:\Windows\System32\drivers\umbus.sys () DRV - (usbvideo) -- C:\Windows\System32\drivers\usbvideo.sys () DRV - (ohci1394) -- C:\Windows\System32\drivers\ohci1394.sys () DRV - (usbcir) -- C:\Windows\System32\drivers\usbcir.sys () DRV - (USBSTOR) -- C:\Windows\System32\drivers\USBSTOR.SYS () DRV - (usbuhci) -- C:\Windows\System32\drivers\usbuhci.sys () DRV - (WUDFRd) -- C:\Windows\System32\drivers\WUDFRd.sys () DRV - (vga) -- C:\Windows\System32\drivers\vgapnp.sys () DRV - (VgaSave) -- C:\Windows\System32\drivers\vga.sys () DRV - (WacomPen) -- C:\Windows\System32\drivers\wacompen.sys () DRV - (sfloppy) -- C:\Windows\System32\drivers\sfloppy.sys () DRV - (sffp_mmc) -- C:\Windows\System32\drivers\sffp_mmc.sys () DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys () DRV - (Parport) -- C:\Windows\System32\drivers\parport.sys () DRV - (Serenum) -- C:\Windows\System32\drivers\serenum.sys () DRV - (Parvdm) -- C:\Windows\System32\drivers\parvdm.sys () DRV - (MSTEE) -- C:\Windows\System32\drivers\mstee.sys () DRV - (Null) -- C:\Windows\System32\drivers\null.sys () DRV - (WmiAcpi) -- C:\Windows\System32\drivers\wmiacpi.sys () DRV - (rdbss) -- C:\Windows\System32\drivers\rdbss.sys () DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys () DRV - (Npfs) -- C:\Windows\System32\drivers\npfs.sys () DRV - (ViaC7) -- C:\Windows\System32\drivers\viac7.sys () DRV - (Processor) -- C:\Windows\System32\drivers\processr.sys () DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys () DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS () DRV - (KR3NPXP) -- C:\Windows\System32\drivers\kr3npxp.sys (TOSHIBA CORPORATION) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION) DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {DF4BB4D7-B671-420B-9EF1-DA690996CC9B} IE - HKLM\..\SearchScopes\{DF4BB4D7-B671-420B-9EF1-DA690996CC9B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}; IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2714218306-2716712880-2844936835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-2714218306-2716712880-2844936835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2714218306-2716712880-2844936835-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-2714218306-2716712880-2844936835-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2714218306-2716712880-2844936835-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms} IE - HKU\S-1-5-21-2714218306-2716712880-2844936835-1000\..\SearchScopes\{DF4BB4D7-B671-420B-9EF1-DA690996CC9B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHB_en IE - HKU\S-1-5-21-2714218306-2716712880-2844936835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2714218306-2716712880-2844936835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2714218306-2716712880-2844936835-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart IE - HKU\S-1-5-21-2714218306-2716712880-2844936835-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mls.momls.com/ [binary data] IE - HKU\S-1-5-21-2714218306-2716712880-2844936835-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/WiHome IE - HKU\S-1-5-21-2714218306-2716712880-2844936835-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2714218306-2716712880-2844936835-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found IE - HKU\S-1-5-21-2714218306-2716712880-2844936835-1001\..\SearchScopes,DefaultScope = {DF4BB4D7-B671-420B-9EF1-DA690996CC9B} IE - HKU\S-1-5-21-2714218306-2716712880-2844936835-1001\..\SearchScopes\{DF4BB4D7-B671-420B-9EF1-DA690996CC9B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHB_en IE - HKU\S-1-5-21-2714218306-2716712880-2844936835-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019 FF - prefs.js..extensions.enabledItems: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\Windows\ [2012/10/29 16:44:07 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Users\Travis\Desktop\TVUPlayer\npTVUAx.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/06 12:57:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/29 07:09:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/29 07:09:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/06 12:57:41 | 000,000,000 | ---D | M] [2009/04/10 21:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Travis\AppData\Roaming\Mozilla\Extensions [2012/10/28 19:23:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\i8lwgax1.default\extensions [2012/10/08 11:13:04 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\i8lwgax1.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012/10/08 11:14:40 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\i8lwgax1.default\extensions\toolbar@ask.com [2012/10/08 14:31:45 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\i8lwgax1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012/02/18 18:13:21 | 000,002,270 | ---- | M] () -- C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\i8lwgax1.default\searchplugins\SearchTheWeb.xml [2012/10/29 07:09:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/10/29 07:09:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/10/29 07:09:09 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com [2012/10/29 07:09:27 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2012/10/07 19:13:38 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/12/28 14:18:04 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml [2012/10/20 15:21:32 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/05/09 12:38:09 | 000,000,761 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-2714218306-2716712880-2844936835-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2714218306-2716712880-2844936835-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe () O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe () O4 - HKLM..\Run: [smoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKU\S-1-5-21-2714218306-2716712880-2844936835-1001..\Run: [smileboxTray] C:\Users\Jacqueline\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.) O4 - HKU\S-1-5-21-2714218306-2716712880-2844936835-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found O4 - HKU\S-1-5-21-2714218306-2716712880-2844936835-1001..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKLM..\RunOnce: [] File not found O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Users\Travis\Desktop\Malwarebites' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [OTM] C:\Users\Travis\Downloads\OTM(1).exe (OldTimer Tools) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2714218306-2716712880-2844936835-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2714218306-2716712880-2844936835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2714218306-2716712880-2844936835-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-2714218306-2716712880-2844936835-1000\..Trusted Domains: ameritrade.com ([wwws] https in Trusted sites) O15 - HKU\S-1-5-21-2714218306-2716712880-2844936835-1000\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKU\S-1-5-21-2714218306-2716712880-2844936835-1001\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AB2B725-E653-4CE8-8901-25D3A80E2B40}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE3F9AD2-278E-4433-A8E1-5877D8C48DD5}: DhcpNameServer = 192.168.1.1 O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2012/11/06 19:51:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Travis\Desktop\OTL.exe [2012/10/29 16:44:07 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/10/29 16:44:07 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\temp [2012/10/29 16:39:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/10/29 13:54:06 | 000,000,000 | ---D | C] -- C:\_OTM [2012/10/29 12:28:08 | 000,000,000 | ---D | C] -- C:\Users\Travis\Desktop\Malware [2012/10/29 10:33:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/10/29 10:33:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/10/29 10:33:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2012/10/29 10:33:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/10/29 10:33:04 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/10/29 10:31:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/10/29 07:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/10/28 18:36:56 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Roaming\Malwarebytes [2012/10/28 18:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/10/28 18:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebites' Anti-Malware [2012/10/28 18:36:32 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/10/28 18:36:30 | 000,000,000 | ---D | C] -- C:\Users\Travis\Desktop\Malwarebites' Anti-Malware [2012/10/15 18:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012/10/12 09:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012/10/12 09:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2012/10/08 11:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/10/08 11:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/10/08 07:51:28 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Roaming\Avira [2012/10/08 07:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/10/08 07:43:43 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012/10/08 07:43:23 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012/10/08 07:43:22 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012/10/08 07:43:22 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012/10/08 07:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/10/08 07:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012/10/07 21:31:41 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Local\Avg2013 ========== Files - Modified Within 30 Days ========== [2012/11/06 19:51:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Travis\Desktop\OTL.exe [2012/11/06 18:21:10 | 000,617,662 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/11/06 18:21:10 | 000,103,440 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/11/06 18:16:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/06 18:08:58 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/06 18:08:57 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/03 08:17:39 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012/11/02 21:04:59 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{941602F2-06FF-41EB-9E8F-47B31ACA879A}.job [2012/10/20 10:23:24 | 000,405,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/10/15 18:15:05 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012/10/15 18:15:05 | 000,001,958 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012/10/08 11:41:10 | 000,000,881 | ---- | M] () -- C:\Users\Travis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/10/08 11:41:10 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/10/08 07:45:01 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk ========== Files Created - No Company Name ========== [2012/10/29 10:33:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/10/29 10:33:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/10/29 10:33:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/10/29 10:33:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/10/29 10:33:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/10/12 09:56:15 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012/10/12 09:56:15 | 000,001,958 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012/10/08 11:41:10 | 000,000,869 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/10/08 11:41:10 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/10/08 07:45:01 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/10/04 15:10:58 | 000,060,160 | ---- | C] () -- C:\Windows\System32\drivers\cfa9ec882a0a98d6.sys [2012/05/18 07:49:48 | 000,206,405 | ---- | C] () -- C:\Windows\hpoins49.dat [2012/05/18 07:49:48 | 000,001,241 | ---- | C] () -- C:\Windows\hpomdl49.dat [2012/04/25 11:11:36 | 000,043,520 | ---- | C] () -- C:\Windows\System32\drivers\usbaapl.sys [2011/10/06 12:45:18 | 000,205,845 | ---- | C] () -- C:\Windows\hpoins46.dat [2011/10/06 12:45:18 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat [2008/02/13 18:32:40 | 000,005,632 | ---- | C] () -- C:\Users\Travis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/01/05 17:24:59 | 000,007,268 | ---- | C] () -- C:\Users\Travis\AppData\Local\d3d9caps.dat [2007/12/28 18:32:48 | 000,000,000 | ---- | C] () -- C:\Users\Travis\AppData\Roaming\wklnhst.dat [2007/07/12 12:24:30 | 001,306,822 | ---- | C] () -- C:\Program Files\research.cdd ========== ZeroAccess Check ========== [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2008/11/06 07:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/02 23:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 04:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/05/25 09:27:17 | 000,000,000 | ---D | M] -- C:\Users\Jacqueline\AppData\Roaming\Memeo [2012/05/25 09:27:04 | 000,000,000 | ---D | M] -- C:\Users\Jacqueline\AppData\Roaming\Seagate [2012/08/10 10:30:35 | 000,000,000 | ---D | M] -- C:\Users\Jacqueline\AppData\Roaming\Smilebox [2012/11/02 17:23:57 | 000,000,000 | ---D | M] -- C:\Users\Jacqueline\AppData\Roaming\TOSHIBA [2012/02/19 13:55:09 | 000,000,000 | ---D | M] -- C:\Users\Travis\AppData\Roaming\Audacity [2008/09/01 11:39:29 | 000,000,000 | ---D | M] -- C:\Users\Travis\AppData\Roaming\CVS [2012/02/18 18:08:43 | 000,000,000 | ---D | M] -- C:\Users\Travis\AppData\Roaming\Genieo [2011/05/14 19:34:55 | 000,000,000 | ---D | M] -- C:\Users\Travis\AppData\Roaming\GlarySoft [2012/05/17 20:13:15 | 000,000,000 | ---D | M] -- C:\Users\Travis\AppData\Roaming\Leadertech [2012/05/17 20:19:01 | 000,000,000 | ---D | M] -- C:\Users\Travis\AppData\Roaming\Memeo [2011/07/08 17:36:59 | 000,000,000 | ---D | M] -- C:\Users\Travis\AppData\Roaming\MyPublisher [2012/05/17 20:18:38 | 000,000,000 | ---D | M] -- C:\Users\Travis\AppData\Roaming\Seagate [2007/12/28 18:32:49 | 000,000,000 | ---D | M] -- C:\Users\Travis\AppData\Roaming\Template [2010/10/09 14:52:21 | 000,000,000 | ---D | M] -- C:\Users\Travis\AppData\Roaming\TOSHIBA [2012/10/07 19:15:28 | 000,000,000 | ---D | M] -- C:\Users\Travis\AppData\Roaming\TuneUp Software [2010/01/27 20:08:32 | 000,000,000 | ---D | M] -- C:\Users\Travis\AppData\Roaming\Ulead Systems [2007/12/16 20:13:31 | 000,000,000 | ---D | M] -- C:\Users\Travis\AppData\Roaming\WinBatch ========== Purity Check ========== ========== Custom Scans ========== < MD5 for: EXPLORER.EXE > [2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\erdnt\cache\explorer.exe [2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe [2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: SVCHOST.EXE > [2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\erdnt\cache\svchost.exe [2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe [2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe [2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe [2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Users\Travis\Desktop\Malwarebites' Anti-Malware\Chameleon\svchost.exe < MD5 for: USERINIT.EXE > [2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\erdnt\cache\userinit.exe [2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe [2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Users\Travis\Desktop\Malwarebites' Anti-Malware\Chameleon\winlogon.exe [2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\erdnt\cache\winlogon.exe [2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe [2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < > [2006/11/02 08:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006/11/02 08:01:49 | 000,032,612 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2008/02/09 20:56:47 | 000,000,420 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{941602F2-06FF-41EB-9E8F-47B31ACA879A}.job [2011/05/14 19:26:26 | 000,000,314 | ---- | C] () -- C:\Windows\Tasks\GlaryInitialize.job < End of report >
  8. wallysurfr
    Jeff, Below please find my most recent logs: ComboFix 12-10-29.05 - Travis 10/29/2012 17:16:44.1.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1917.1336 [GMT -4:00] Running from: c:\users\Travis\Downloads\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\cfa9ec882a0a98d6.sys . . . . Failed to delete . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_cfa9ec882a0a98d6 -------\Service_cfa9ec882a0a98d6 . . ((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-29 ))))))))))))))))))))))))))))))) . . 2012-10-29 21:25 . 2012-10-29 21:37 -------- d-----w- c:\users\Travis\AppData\Local\temp 2012-10-29 21:25 . 2012-10-29 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-29 18:54 . 2012-10-29 18:54 -------- d-----w- C:\_OTM 2012-10-28 23:36 . 2012-10-28 23:36 -------- d-----w- c:\users\Travis\AppData\Roaming\Malwarebytes 2012-10-28 23:36 . 2012-10-28 23:36 -------- d-----w- c:\programdata\Malwarebytes 2012-10-28 23:36 . 2012-09-29 23:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-14 13:01 . 2012-10-14 13:01 -------- d-----w- c:\users\Jacqueline\AppData\Roaming\Avira 2012-10-12 14:56 . 2012-10-12 14:56 -------- d-----w- c:\programdata\McAfee Security Scan 2012-10-12 14:56 . 2012-10-15 23:15 -------- d-----w- c:\program files\McAfee Security Scan 2012-10-08 16:41 . 2012-10-29 17:14 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-10-08 12:51 . 2012-10-08 12:51 -------- d-----w- c:\users\Travis\AppData\Roaming\Avira 2012-10-08 12:43 . 2012-09-24 13:58 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-10-08 12:43 . 2012-10-01 21:14 134184 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-10-08 12:43 . 2012-09-13 14:58 83792 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-10-08 12:43 . 2012-10-08 12:43 -------- d-----w- c:\programdata\Avira 2012-10-08 12:43 . 2012-10-08 12:43 -------- d-----w- c:\program files\Avira 2012-10-08 02:31 . 2012-10-08 02:31 -------- d-----w- c:\users\Travis\AppData\Local\Avg2013 2012-10-08 00:15 . 2012-10-08 00:15 -------- d-----w- c:\users\Travis\AppData\Roaming\TuneUp Software 2012-10-08 00:14 . 2012-10-08 00:14 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-10-07 23:54 . 2012-10-07 23:54 -------- d--h--w- c:\programdata\Common Files 2012-10-07 23:54 . 2012-10-08 02:34 -------- d-----w- c:\programdata\MFAData 2012-10-07 23:54 . 2012-10-07 23:54 -------- d-----w- c:\users\Travis\AppData\Local\MFAData 2012-10-07 23:29 . 2012-10-07 23:39 -------- d-----w- c:\programdata\PCPitstop 2012-10-07 23:29 . 2012-10-07 23:42 -------- d-----w- c:\program files\PCPitstop 2012-10-04 20:10 . 2012-10-04 20:10 60160 ----a-w- c:\windows\system32\drivers\cfa9ec882a0a98d6.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-02 01:16 . 2012-09-02 01:16 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-02 01:16 . 2012-09-02 01:16 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-23 07:15 . 2012-09-02 00:55 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F4F68C1-7A0D-4240-91F9-564D80E3463B}\mpengine.dll 2012-10-29 12:09 . 2012-10-29 12:09 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160] "NDSTray.exe"="NDSTray.exe" [bU] "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192] "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-03-22 448632] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-27 538744] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416] "Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] "Malwarebytes Anti-Malware"="c:\users\Travis\Desktop\Malwarebites' Anti-Malware\mbamgui.exe" [2012-09-29 766536] "Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-09-29 1089608] "OTM"="c:\users\Travis\Downloads\OTM(1).exe" [2012-10-29 522240] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software] 2007-04-10 23:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2007-05-21 18:31 1862144 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - CFA9EC882A0A98D6 *Deregistered* - cfa9ec882a0a98d6 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-10-29 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2011-05-15 21:24] . 2012-10-29 c:\windows\Tasks\User_Feed_Synchronization-{941602F2-06FF-41EB-9E8F-47B31ACA879A}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 Trusted Zone: ameritrade.com\wwws TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\i8lwgax1.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - ExtSQL: 2012-10-08 12:13; {C9B68337-E93A-44EA-94DC-CB300EC06444}; c:\users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\i8lwgax1.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} FF - ExtSQL: 2012-10-08 12:35; toolbar@ask.com; c:\users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\i8lwgax1.default\extensions\toolbar@ask.com FF - ExtSQL: !HIDDEN! 2009-09-28 20:55; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - ExtSQL: !HIDDEN! 2011-10-06 13:57; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . HKLM-RunOnce-<NO NAME> - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-10-29 17:38 Windows 6.0.6000 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cfa9ec882a0a98d6] "ImagePath"="\SystemRoot\System32\Drivers\cfa9ec882a0a98d6.sys" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . ------------------------ Other Running Processes ------------------------ . c:\program files\Windows Media Player\wmpnscfg.exe . ************************************************************************** . Completion time: 2012-10-29 17:44:04 - machine was rebooted ComboFix-quarantined-files.txt 2012-10-29 21:44 ComboFix2.txt 2012-10-29 17:31 ComboFix3.txt 2012-10-29 15:55 . Pre-Run: 157,808,418,816 bytes free Post-Run: 157,662,179,328 bytes free . - - End Of File - - 0C600BABF96D4B6FD12B58925F741AF0
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.