Jump to content

sputnik_cheese

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Excellent job! Thanks a lot, MrC.

  2. It took me a while to verify the new Java install, because I hadn't enabled enhanced protection in IE 10 and I'd downloaded the 64-bit Java version. (This was probably because even though I have a 64-bit OS, at one time there was something about the 64-bit flavor of that version of IE -- I think it was 8 -- that was buggy, or annoyed me, so I made the 32-bit IE my default.) Once I enabled enhanced protection and re-booted, the Java verification ran just fine, but IE yelped about add-on toolbars (like Norton Secure Search) being incompatible with enhanced protected mode and they've disappeared from my browser. Also, when I asked Adobe Reader X to check for updates, it reported my version was up-to-date. (I'm definitely going to look into FoxIt Reader.) Other than that, I've followed your cleanup instructions and everything looks great! One thing, though: when I ran the ComboFix uninstall -- and yes, I typed it in as "combofix /uninstall" with a space and without the quotes -- it popped up a confirm dialog which was worded in such a way as to make the user think they were confirming an *install* of CF. Since I knew I'd typed the command in correctly, I went ahead and clicked "OK" and it uninstalled, but that might cause some confusion for a more nervous user.
  3. Contents of AdwCleaner Delete: # AdwCleaner v2.302 - Logfile created 06/07/2013 at 19:31:27 # Updated 06/06/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Hank - HANK-PC # Boot Mode : Normal # Running from : C:\Users\Hank\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\Partner ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\Software\InstallIQ Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKLM\SOFTWARE\Software Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16576 [OK] Registry is clean. -\\ Google Chrome v27.0.1453.110 File : C:\Users\Hank\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2746 octets] - [07/06/2013 18:59:22] AdwCleaner[s1].txt - [2723 octets] - [07/06/2013 19:31:27] ########## EOF - C:\AdwCleaner[s1].txt - [2783 octets] ########## --- And here's the Security Check log: Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 17 Java version out of Date! Adobe Reader 10.1.7 Adobe Reader out of Date! Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  4. System Restore worked. IE and Windows Explorer working fine. Thanks!
  5. Will do. Any precautions before I let System Restore do its magic?
  6. For some reason, when using Google Chrome I don't see an attach button, but here's the text of the file: 2013-06-07 22:00:38 . 2013-06-07 22:00:38 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-00TCrdMain.reg.dat 2013-06-07 22:00:38 . 2013-06-07 22:00:38 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-HSON.reg.dat 2013-06-07 22:00:37 . 2013-06-07 22:00:37 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SmartFaceVWatcher.reg.dat 2013-06-07 22:00:37 . 2013-06-07 22:00:37 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SmoothView.reg.dat 2013-06-07 22:00:37 . 2013-06-07 22:00:37 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat 2013-06-07 22:00:37 . 2013-06-07 22:00:37 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Teco.reg.dat 2013-06-07 22:00:37 . 2013-06-07 22:00:37 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TosNC.reg.dat 2013-06-07 22:00:37 . 2013-06-07 22:00:37 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TosReelTimeMonitor.reg.dat 2013-06-07 22:00:37 . 2013-06-07 22:00:37 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TosWaitSrv.reg.dat 2013-06-07 22:00:37 . 2013-06-07 22:00:37 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TPwrMain.reg.dat 2013-06-07 22:00:36 . 2013-06-07 22:00:36 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat 2013-06-07 22:00:33 . 2013-06-07 22:00:33 377 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat 2013-06-07 22:00:28 . 2013-06-07 22:00:28 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-22243809.sys.reg.dat 2013-06-07 22:00:15 . 2013-06-07 22:00:15 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat 2013-06-07 21:55:30 . 2013-06-07 21:55:30 12,381 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2013-06-07 21:45:23 . 2013-06-07 21:45:23 51 ----a-w- C:\Qoobox\Quarantine\catchme.log 2013-06-06 16:51:08 . 2013-06-06 16:51:08 0 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\AEBF.tmp.vir
  7. I've run ComboFix as instructed. It seems to have cleared up the problem (though I haven't tested things thoroughly yet) but it messed up something about Internet Explorer. IE launches, and looks ok (my default is the blank page) but it won't connect to anything, either via the Favorites menu or directly entering an address in the box. Fortunately I've got Google Chrome, which is functioning. Here's the ComboFix log: ComboFix 13-06-07.03 - Hank 06/07/2013 16:49:11.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2229 [GMT -5:00] Running from: c:\users\Hank\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\DRM\AEBF.tmp . . ((((((((((((((((((((((((( Files Created from 2013-05-07 to 2013-06-07 ))))))))))))))))))))))))))))))) . . 2013-06-07 21:58 . 2013-06-07 21:58 -------- d-----w- c:\users\Dev\AppData\Local\temp 2013-06-07 21:58 . 2013-06-07 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-06 18:43 . 2013-06-06 18:43 -------- d-----w- c:\users\Hank\AppData\Roaming\Malwarebytes 2013-06-06 18:43 . 2013-06-06 18:43 -------- d-----w- c:\programdata\Malwarebytes 2013-06-06 18:43 . 2013-06-06 18:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-06-06 18:43 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-06 18:42 . 2013-06-06 18:42 -------- d-----w- c:\users\Hank\AppData\Local\Programs 2013-05-21 22:58 . 2013-05-21 22:58 -------- d-----w- c:\users\Hank\AppData\Roaming\QuickScan 2013-05-21 22:58 . 2013-05-21 23:21 -------- d-----w- c:\users\Hank\AppData\Roaming\OpswatLogs 2013-05-21 22:49 . 2013-05-21 22:58 -------- d-----w- c:\program files (x86)\ctrlcenter PC CHECKUP AND TUNE-UP 2013-05-21 22:49 . 2013-05-21 22:49 -------- d-----w- c:\program files (x86)\Common Files\supportsoft . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-15 17:10 . 2012-09-21 17:28 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-15 01:50 . 2012-04-25 04:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-15 01:50 . 2012-04-25 04:05 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-04-13 05:49 . 2013-05-15 16:17 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 16:17 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 16:17 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 16:17 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 16:17 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 16:17 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-23 18:22 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-03-19 06:04 . 2013-04-10 16:46 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 16:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 16:46 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 16:46 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 16:46 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 16:46 112640 ----a-w- c:\windows\system32\smss.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-24 39408] "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-07-26 247768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736] "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304] "Reader Library Launcher"="c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648] "NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . c:\users\Hank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ctrlcenter PC CHECKUP AND TUNE-UP] @="ctrlcenter PC CHECKUP AND TUNE-UP" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 DIRECTIO;DIRECTIO;d:\directio.sys;d:\DirectIo.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 ctrlcenter PC CHECKUP AND TUNE-UP;ctrlcenter PC CHECKUP AND TUNE-UP;c:\program files (x86)\ctrlcenter PC CHECKUP AND TUNE-UP\esService.exe;c:\program files (x86)\ctrlcenter PC CHECKUP AND TUNE-UP\esService.exe [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [x] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130606.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130606.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1403010.016\SYMNETS.SYS [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe [x] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [x] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] . . Contents of the 'Scheduled Tasks' folder . 2013-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 01:50] . 2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 02:27] . 2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 02:27] . 2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3953530230-2219166816-3218853662-1001Core.job - c:\users\Hank\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03 05:46] . 2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3953530230-2219166816-3218853662-1001UA.job - c:\users\Hank\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03 05:46] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-22243809.sys HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*SG^;œÅ(] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*S>_,`¡] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*SÐ_¶pÅ] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*SÐ_6pÅ] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*SÑ_žuÚw] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:05,00,00,00,04,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,00, 00,00,00,ff,ff,ff,ff "1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "2"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "3"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "4"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "5"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*SÑ_wÚw] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*S}`²Ç¦§] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*S}`2ʦ§] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*SÇaÇ]Œ²] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:04,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,00,00,00,00,ff, ff,ff,ff "1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "2"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "3"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "4"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*S¿buŸÎÇ] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*StdpAñ] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:05,00,00,00,04,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,00, 00,00,00,ff,ff,ff,ff "1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "2"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "3"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "4"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "5"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*.WbŽÅ½Ã] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*.Wc=¦ãå] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:06,00,00,00,05,00,00,00,04,00,00,00,03,00,00,00,02,00,00,00,01, 00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "2"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "3"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "4"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "5"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "6"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*.Wc½©ãå] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "2"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*.W"e‚°a•] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*.WKeÉWSÚ] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*.Wúf(ý.!] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*.Wúf¨ÿ.!] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*.W0gÔ˜\“] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*.W'hQ¿Ôº] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff "1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "2"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*`^š\¸5aX] "0"=hex:74,00,31,00,00,00,00,00,00,00,00,00,10,00,47,72,65,65,74,69,6e,67,20, 43,61,72,64,20,53,65,74,73,00,00,52,00,08,00,04,00,ef,be,00,00,00,00,00,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_USERS\S-1-5-21-3953530230-2219166816-3218853662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*`^É^š¹2@] "0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00, 00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-06-07 17:01:50 ComboFix-quarantined-files.txt 2013-06-07 22:01 . Pre-Run: 333,923,758,080 bytes free Post-Run: 333,411,438,592 bytes free . - - End Of File - - ED38370CC99C8F1A85A09BEE470C385C
  8. I downloaded and ran TDSSKiller as per instructions. It didn't find anything. Note that Safe mode is not usable for me: I can boot to it, but the icons and taskbar will not respond. Had to use the three-finger salute to get out of it. I'll wait and see what MrCharlie has to say, but bwarecs' solution sounds promising. Thanks for passing that along.
  9. Thanks for the quick reply. Stupid me: I meant "Windows Explorer", not IE. (It's been a long day.) I downloaded RogueKillerx64, since I've got 64-bit Win 7. But the problem with Explorer prevents me from right-clicking/Run as Administrator. I tried double-clicking instead, and after telling UAC it's ok to run it, RogueKiller comes up and starts scanning. It then quickly hangs on rundll32.exe. I've noticed when looking at processes in Task Manager that I have two rundll32 processes, and the second one has no description. Whatever's infected my laptop is also frequently trying to hit some site which (fortunately) MBAM is blocking.
  10. This morning, my Toshiba L675 laptop suddenly shut down and re-booted. When it came back up, Norton Internet Security said it had successfully detected and removed boot.pihar malware. But whenever I start up, the Windows taskbar is apparently "busy" with something, because when I move the cursor over it, the cursor changes to the hourglass symbol. I left-click on the taskbar, and get a message that IE is not responding. I cancel the program, the screen flickers and redraws the icons. From that point on, IE will run, but every time I right-click on a file in IE I get this error: "There was a problem starting [filepath]\AppData\Local\Temp\sbndgtxl\stmeexr\wow.dll - A [dll] installation routine failed". I tried downloading and running Malwarebytes. It detected "Backdoor.bot". I selected and quarantined it, but still having the same problem with IE. This seems to be connected with a program called "White Trader", which has an icon on my desktop, and if I delete that icon, it re-appears on the next system startup. It also pops up a notification on the right-hand side of the taskbar (I never can remember what that section's called) telling me I haven't used the program "White Trader" in a while. I have attached the required files from running dds. attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.