Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old September 3rd, 2011, 01:48 AM
digmeout digmeout is offline
New Member
 
Join Date: Sep 2011
Posts: 9
Malware bites. Am I clean now?

Last night my computer was infected with that Security Protection trojan, which prevented me from opening any browsers and .exe files. I rebooted in Safe Mode and ran a Malwarebytes full scan, where I removed the following:

Trojan.fakeAV file
Trojan.fakeAV registry value

I rebooted again normally and seemed to be in the clear (could open browser, etc.) but ran a Malwarebytes quick scan to be sure. It found two Rogue.Security files which I then removed.

Everything's been fine since then and a full scan now turns up nothing, but I just want to make sure.

I'd appreciate your assistance. Thanks in advance.

(FYI, I did the aswMBR scan so far but am waiting on posting anything since I saw someone say that when people post a log in a new thread, it's assumed they've received a reply from someone here)

Last edited by digmeout; September 3rd, 2011 at 03:20 AM.
Reply With Quote
  #2  
Old September 4th, 2011, 08:35 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Hi digmeout,

Welcome to Cybertech.

Please do post the ASWmbr.txt file.


I'd like to also see the logs Malwarebytes created, too.

If you run malwarebytes, then click the Logs tab, you'll see a list of logs and the date and time they were created. Please post the pertinent logs.
Reply With Quote
  #3  
Old September 5th, 2011, 03:55 AM
digmeout digmeout is offline
New Member
 
Join Date: Sep 2011
Posts: 9
Hi Mosaic1. Thanks for replying. Here is the ASWmbr.txt:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-02 19:52:14
-----------------------------
19:52:14.560 OS Version: Windows 6.0.6002 Service Pack 2
19:52:14.561 Number of processors: 2 586 0xF0D
19:52:14.563 ComputerName: TOSHIBA-BMH UserName: Brianna
19:52:31.889 Initialize success
19:52:32.753 AVAST engine defs: 11090201
19:52:48.380 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:52:48.385 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
19:52:48.406 Disk 0 MBR read successfully
19:52:48.410 Disk 0 MBR scan
19:52:48.416 Disk 0 Windows VISTA default MBR code
19:52:48.426 Disk 0 scanning sectors +488396800
19:52:48.525 Disk 0 scanning C:\Windows\system32\drivers
19:52:56.942 Service scanning
19:52:58.536 Modules scanning
19:53:03.312 Disk 0 trace - called modules:
19:53:03.335 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:53:03.341 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a26ac8]
19:53:03.347 3 CLASSPNP.SYS[87d808b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8459b028]
19:53:04.731 AVAST engine scan C:\Windows
19:53:08.145 AVAST engine scan C:\Windows\system32
19:54:36.299 AVAST engine scan C:\Windows\system32\drivers
19:54:46.751 AVAST engine scan C:\Users\Brianna
20:00:16.214 AVAST engine scan C:\ProgramData
20:01:44.637 Scan finished successfully
20:04:00.676 Disk 0 MBR has been saved successfully to "C:\Users\Brianna\Documents\MBR.dat"
20:04:00.686 The log file has been saved successfully to "C:\Users\Brianna\Documents\aswMBR.txt"

Here is the log for the full scan:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6889

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19120

9/2/2011 12:36:25 AM
mbam-log-2011-09-02 (00-36-25).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 295477
Time elapsed: 42 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\Security Protection (Trojan.FakeAlert) -> Value: Security Protection -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Brianna\AppData\Roaming\defender.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

And the quick scan:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7634

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

9/2/2011 12:50:39 AM
mbam-log-2011-09-02 (00-50-39).txt

Scan type: Quick scan
Objects scanned: 167869
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Brianna\AppData\Local\Temp\6604.tmp (Rogue.SecurityProtection) -> Quarantined and deleted successfully.
c:\Users\Brianna\AppData\Local\Temp\8A27.tmp (Rogue.SecurityProtection) -> Quarantined and deleted successfully.


I said before that it found something called Trojan.FakeAV. Obviously I read that wrong and it said FakeAl for FakeAlert. Still having no problems, but to be sure...
Reply With Quote
  #4  
Old September 5th, 2011, 06:48 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
You're welcome, digmeout.

It looks good. But to get a better picture of your system, let's run a diagnostic scan.

Click this link to download OldTimer's OTL to your desktop.
http://oldtimer.geekstogo.com/OTL.exe

Next, click OTL.exe to open the scan display.(Vista and windows7 Users, right click on OTL.exe and click on Run As Administrator) At the top check "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.
Reply With Quote
  #5  
Old September 6th, 2011, 05:12 AM
digmeout digmeout is offline
New Member
 
Join Date: Sep 2011
Posts: 9
OTL Extras logfile created on: 9/5/2011 2:28:02 AM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Brianna\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 42.14% Memory free
3.98 Gb Paging File | 2.38 Gb Available in Paging File | 59.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.20 Gb Total Space | 125.27 Gb Free Space | 55.88% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-BMH | User Name: Brianna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Users\Brianna\AppData\Local\Aptana Studio 1.5\AptanaStudio.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Users\Brianna\AppData\Local\Aptana Studio 1.5\AptanaStudio.exe" "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{B89AB3DE-162D-4C9C-B4C8-F0776A3187D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{2E0956AF-4AE5-4D20-BBE7-9B6FC9317AA4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5E284AED-FB1F-4E09-BA92-8ADE41530327}" = protocol=6 | dir=in | app=c:\program files\hp\hp color laserjet cm1312 mfp series\hppfsu_cm1312.exe |
"{78F0B91F-087C-4B72-9B16-B5AA965EB3BE}" = protocol=17 | dir=in | app=c:\program files\mypoints toolbar 2.0\toolbarupdate.exe |
"{83F0BCE1-AA59-45F7-B009-374AF4DED3F7}" = protocol=17 | dir=in | app=c:\program files\hp\hp color laserjet cm1312 mfp series\hppfsu_cm1312.exe |
"{8C646D7D-B439-4AED-9195-0159DDBD2953}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{8F06C786-8968-48C7-88AE-B608941CD4ED}" = protocol=6 | dir=in | app=c:\program files\mypoints toolbar 2.0\toolbarupdate.exe |
"{99F91544-B42C-4BB5-9003-33E485CA83F8}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{B41F4BA9-9B26-4C51-9220-40605D550F03}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B57455FA-BD8B-4E0C-85C9-EB1EDF132DAA}" = protocol=6 | dir=in | app=c:\program files\mypoints toolbar 2.0\troubleshooter.exe |
"{CDB17CA6-C0C8-4D8A-ABA3-852E0B97D248}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D5D9E95A-3850-4778-B1FA-9CCAA80407CA}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D8F9B5A3-F57D-4D71-BB6B-BAF632D7DFA0}" = protocol=17 | dir=in | app=c:\program files\mypoints toolbar 2.0\troubleshooter.exe |
"{E16DD82A-3D8F-4BBE-AEF6-B0844A85B078}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F6333C7B-CCF6-44EA-B827-7277882CC8D4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F6853962-F42A-4D52-85CF-22211C941433}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{FDE3A968-F0A3-4598-AB91-59E38E886F50}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FEFEB421-6B16-48B1-92CC-E3B51E9E202A}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{06D9D7A7-39F8-4926-965F-70FBD1227987}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{07EC7D2F-A253-4F8F-8B2D-7F5224B70834}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{47D49C60-3FB6-40A1-87F2-338421F24C41}C:\users\brianna\appdata\local\aptana studio 1.5\aptanastudio.exe" = protocol=6 | dir=in | app=c:\users\brianna\appdata\local\aptana studio 1.5\aptanastudio.exe |
"TCP Query User{A10EC3F8-1B6A-493C-AFF3-BCAEB5ABD2F1}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{ABA584E4-FF10-4E47-8084-C037ADA9AD2F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{502DA4B7-0EE4-4707-815F-2CB5CB35FAFC}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{589FF7BD-0A80-49CE-A2BC-0F6E687542C4}C:\users\brianna\appdata\local\aptana studio 1.5\aptanastudio.exe" = protocol=17 | dir=in | app=c:\users\brianna\appdata\local\aptana studio 1.5\aptanastudio.exe |
"UDP Query User{BBB0A0E5-1891-471E-8714-07906CF79B0D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E2F49BE3-A8E4-4950-A476-969B87E4B448}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{F5A13D21-0FE7-479E-A52C-2E2266E185AA}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22E4CA5B-3829-4C61-9A9C-E4729C96C133}" = hppscanCM1312
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 27
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3865D924-89FD-4D9B-A276-5938A397FFC4}" = hppFaxUtilityCM1312
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4D106AEC-ED45-4F6E-BD99-C88C8E75857F}" = hppManualsCM1312
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{634D08B4-CFAC-CCB9-5891-FAB02B3FD9C1}" = TweetDeck
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D70B0D8-63D0-4D88-A0DF-97818C4595B1}" = hppCLJCM1312
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{856C155E-4A74-4041-B026-04F96FFD1BCD}" = ZIP Reader 8.00.0018
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}" = HP Color LaserJet CM1312 MFP Series 3.1
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9E2EB8B9-A938-47A2-AB22-6EEEDC7DC44D}" = Cropper
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A5B48A19-F319-6BFB-82DE-A18ED1087221}" = Acrobat.com
"{A651EC5E-A4FB-4AA6-B542-3F7ECB08D119}" = hppScanToCM1312
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C19AB6C4-BBD0-49EF-927D-9C7CB80BC0B0}" = MapleStory
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE7C3A14-1D20-49F6-B903-491561076F0F}" = ArcSoft Software Suite
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aptana Studio 1.5" = Aptana Studio 1.5
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"avast" = avast! Free Antivirus
"BitZipper_is1" = BitZipper 2010
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE. 1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485 DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistan t" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B3204 85DF8CE.1" = Acrobat.com
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DivX Setup.divx.com" = DivX Setup
"ffdshow_is1" = ffdshow v1.1.3452 [2010-05-24]
"Game Booster_is1" = Game Booster
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox (3.6.21)" = Mozilla Firefox (3.6.21)
"MyPoints Toolbar 2.0" = MyPoints Toolbar 2.0
"Picasa 3" = Picasa 3
"PlayChess" = PlayChess
"RealPlayer 12.0" = RealPlayer
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC 56543.1" = TweetDeck
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/2/2011 9:24:14 AM | Computer Name = Toshiba-BMH | Source = WinMgmt | ID = 10
Description =

Error - 9/2/2011 10:17:33 AM | Computer Name = Toshiba-BMH | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/2/2011 10:17:34 AM | Computer Name = Toshiba-BMH | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/2/2011 5:15:51 PM | Computer Name = Toshiba-BMH | Source = WinMgmt | ID = 10
Description =

Error - 9/2/2011 5:45:32 PM | Computer Name = Toshiba-BMH | Source = WinMgmt | ID = 10
Description =

Error - 9/2/2011 5:59:06 PM | Computer Name = Toshiba-BMH | Source = WinMgmt | ID = 10
Description =

Error - 9/2/2011 7:11:37 PM | Computer Name = Toshiba-BMH | Source = WinMgmt | ID = 10
Description =

Error - 9/3/2011 6:38:48 AM | Computer Name = Toshiba-BMH | Source = WinMgmt | ID = 10
Description =

Error - 9/3/2011 11:36:53 PM | Computer Name = Toshiba-BMH | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/3/2011 11:36:55 PM | Computer Name = Toshiba-BMH | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 9/2/2011 5:57:06 PM | Computer Name = Toshiba-BMH | Source = Service Control Manager | ID = 7011
Description =

Error - 9/2/2011 5:57:39 PM | Computer Name = Toshiba-BMH | Source = Service Control Manager | ID = 7043
Description =

Error - 9/2/2011 5:59:06 PM | Computer Name = Toshiba-BMH | Source = Service Control Manager | ID = 7000
Description =

Error - 9/2/2011 6:00:31 PM | Computer Name = Toshiba-BMH | Source = Service Control Manager | ID = 7022
Description =

Error - 9/2/2011 6:16:03 PM | Computer Name = Toshiba-BMH | Source = DCOM | ID = 10010
Description =

Error - 9/2/2011 7:11:21 PM | Computer Name = Toshiba-BMH | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:09:37 PM on 9/2/2011 was unexpected.

Error - 9/2/2011 7:11:37 PM | Computer Name = Toshiba-BMH | Source = Service Control Manager | ID = 7000
Description =

Error - 9/2/2011 7:13:07 PM | Computer Name = Toshiba-BMH | Source = Service Control Manager | ID = 7022
Description =

Error - 9/3/2011 6:38:48 AM | Computer Name = Toshiba-BMH | Source = Service Control Manager | ID = 7000
Description =

Error - 9/3/2011 6:40:14 AM | Computer Name = Toshiba-BMH | Source = Service Control Manager | ID = 7022
Description =


< End of report >
Reply With Quote
  #6  
Old September 6th, 2011, 05:13 AM
digmeout digmeout is offline
New Member
 
Join Date: Sep 2011
Posts: 9
OTL logfile created on: 9/5/2011 2:28:02 AM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Brianna\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 42.14% Memory free
3.98 Gb Paging File | 2.38 Gb Available in Paging File | 59.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.20 Gb Total Space | 125.27 Gb Free Space | 55.88% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-BMH | User Name: Brianna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/05 02:24:57 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Brianna\Desktop\OTL.exe
PRC - [2011/09/02 15:28:32 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/09/01 06:40:57 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/23 11:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/02/14 21:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/06 10:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/09 20:00:52 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/01/09 19:57:32 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/08/04 17:46:38 | 001,242,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
PRC - [2008/08/04 17:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/02 17:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 15:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 16:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/17 03:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 03:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/15 21:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 21:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/08 19:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 17:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/02/06 17:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/20 22:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/02 15:23:41 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/01 06:40:57 | 001,001,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/08/13 16:21:27 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\c50d9d540acecdef29c31201e203a331 \System.Windows.Forms.ni.dll
MOD - [2011/08/13 16:21:18 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\d8d83838f9840bde901df516ba3de588\Syste m.Drawing.ni.dll
MOD - [2011/08/13 16:20:35 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xm l.ni.dll
MOD - [2011/08/13 16:20:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\29c6ef7f07d89496c72a1bbf718aed5d \System.Configuration.ni.dll
MOD - [2011/08/12 19:12:02 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/12 19:11:56 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni .dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/14 21:33:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/02/14 21:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/06/28 08:21:42 | 009,905,152 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2010/06/28 08:21:42 | 007,793,152 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2010/06/28 08:21:42 | 002,530,304 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtXmlPatterns4.dll
MOD - [2010/06/28 08:21:42 | 002,094,592 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2010/06/28 08:21:42 | 001,116,160 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2010/06/28 08:21:42 | 000,915,456 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2010/06/28 08:21:42 | 000,232,960 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2010/06/28 08:21:42 | 000,120,320 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2010/06/28 08:21:42 | 000,022,016 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/07/29 13:55:14 | 000,969,728 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008/03/06 14:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 16:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 01:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/10 14:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 14:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/04 17:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/19 00:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 19:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 21:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/02/06 17:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 10:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 10:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 10:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 10:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 10:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 10:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/03/06 09:06:02 | 000,140,800 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/28 19:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 22:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 20:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/01/18 12:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/14 15:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 18:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 17:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 02:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 02:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2003/09/19 15:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdom...TSHB&bmod=TSHB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...TSHB&bmod=TSHB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdom...TSHB&bmod=TSHB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {96b985b7-3cf9-456a-9db6-791710e60f5f} - C:\Program Files\MyPoints Toolbar 2.0\Helper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT2260173.SearchEngineBeforeUnload: "data:text/plain,browser.search.defaultenginename=Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={s earchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: chachaguidebar@chacha.com:1.2
FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2.6
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704
FF - prefs.js..extensions.enabledItems: statsclicker@codewolf:1.6.6
FF - prefs.js..extensions.enabledItems: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1.5
FF - prefs.js..extensions.enabledItems: clickcapper@codewolf:1.2
FF - prefs.js..extensions.enabledItems: fox@replace.fx:0.12.2
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: googlesharing@extension.thoughtcrime.org:0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {997b9257-3ae8-41dd-ad6e-508d3e004190}:1.300.382
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/20 12:19:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/20 12:19:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext [2011/09/02 15:29:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/02 17:41:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/02 18:15:34 | 000,000,000 | ---D | M]

[2009/04/28 02:51:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Extension s
[2011/09/03 06:40:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\extensions
[2011/09/02 15:31:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/02 15:31:29 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/09/02 15:31:29 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/09/02 15:31:30 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2011/09/01 18:27:59 | 000,000,000 | ---D | M] (CashCrate Toolbar) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\extensions\{997b9257-3ae8-41dd-ad6e-508d3e004190}
[2010/01/22 17:48:48 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2011/07/09 18:29:40 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/11/13 23:36:43 | 000,000,000 | ---D | M] (Answers) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2011/05/22 21:14:53 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\extensions\chachaguidebar @chacha.com
[2010/11/13 21:21:36 | 000,000,000 | ---D | M] (ClickCapper) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\extensions\clickcapper@co dewolf
[2010/11/13 23:36:43 | 000,000,000 | ---D | M] ("FoxReplace") -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\extensions\fox@replace.fx
[2011/07/05 21:56:10 | 000,000,000 | ---D | M] (GoogleSharing) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\extensions\googlesharing@ extension.thoughtcrime.org
[2010/06/09 19:38:10 | 000,000,000 | ---D | M] (ChaCha StatsClicker) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\extensions\statsclicker@c odewolf
[2011/08/11 22:18:32 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\extensions\twitternotifie r@naan.net
[2011/07/05 21:56:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\extensions\googlesharing@ extension.thoughtcrime.org\chrome
[2011/07/05 21:56:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\extensions\googlesharing@ extension.thoughtcrime.org\components
[2011/07/05 21:56:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\extensions\googlesharing@ extension.thoughtcrime.org\defaults
[2011/09/01 18:27:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\extensions\{997b9257-3ae8-41dd-ad6e-508d3e004190}\chrome\content\dca\core\extensionMan ager
[2011/03/20 11:23:52 | 000,001,998 | ---- | M] () -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\searchplugins\grooveshark .xml
[2011/09/01 21:32:47 | 000,001,672 | ---- | M] () -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\searchplugins\mypoints-search.xml
[2009/07/23 16:52:51 | 000,000,945 | ---- | M] () -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\P rofiles\o04xzhqd.default\searchplugins\youtube-video-search.xml
[2011/09/02 15:20:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/17 16:26:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/20 12:16:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/09/02 15:20:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/03/20 12:19:48 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/03/20 12:19:49 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/09/02 15:29:09 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN \FIREFOX\EXT
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/08 00:13:53 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2009/05/30 13:36:49 | 000,000,786 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 192.168.1.203 NPI14ACE8
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Freecause Toolbar BHO) - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\ swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MyPoints Toolbar 2.0) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MyPoints Toolbar 2.0) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [googletalk] C:\Users\Brianna\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Users\Brianna\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0}: DhcpNameServer = 10.3.17.20 10.4.18.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{3D727DAE-E9C3-493F-B8FE-222CE5289741}: DhcpNameServer = 68.87.71.230 68.87.73.246
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\D esktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\D esktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/05 02:24:49 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Brianna\Desktop\OTL.exe
[2011/09/02 19:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/09/02 19:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/02 19:23:17 | 003,480,352 | ---- | C] (Piriform Ltd) -- C:\Users\Brianna\Documents\ccsetup310.exe
[2011/09/02 19:20:33 | 006,965,840 | ---- | C] (Uniblue Systems Ltd ) -- C:\Users\Brianna\Documents\registrybooster.exe
[2011/09/02 19:07:42 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Brianna\Desktop\aswMBR.exe
[2011/09/02 18:39:39 | 000,000,000 | ---D | C] -- C:\Users\Brianna\AppData\Roaming\Spotify
[2011/09/02 18:39:39 | 000,000,000 | ---D | C] -- C:\Users\Brianna\AppData\Local\Spotify
[2011/09/02 18:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify
[2011/09/02 18:15:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/02 17:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/09/02 17:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/09/02 17:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/09/02 15:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/09/02 15:28:52 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/09/02 15:28:36 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/09/02 15:28:36 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/09/02 15:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/09/02 15:23:41 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/02 15:20:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/09/02 15:20:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/09/02 15:20:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/09/02 15:14:43 | 000,908,576 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Brianna\Documents\jxpiinstall.exe
[2011/09/02 15:13:46 | 003,088,032 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\Brianna\Documents\install_flash_player.ex e
[2011/09/02 15:13:26 | 000,683,792 | ---- | C] (RealNetworks, Inc.) -- C:\Users\Brianna\Documents\RealPlayer.exe
[2011/09/02 15:09:55 | 038,958,968 | ---- | C] (Apple Inc.) -- C:\Users\Brianna\Documents\QuickTimeInstaller.exe
[2011/09/02 00:38:12 | 000,000,000 | R--D | C] -- C:\Users\Brianna\Favorites
[2011/09/01 22:11:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Users\Brianna\taskmgr.exe
[2011/08/23 15:46:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/11 06:44:59 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/11 06:44:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/11 06:44:43 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/08/11 06:44:42 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/08/11 06:44:42 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/11 06:44:42 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/08/11 06:44:42 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/11 06:44:41 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/08/11 06:44:40 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/11 06:44:39 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/11 06:44:39 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/11 06:44:39 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/08/11 06:44:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/08/11 06:44:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/08/11 06:44:38 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/11 06:44:38 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/08/11 06:44:38 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/08/11 06:44:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/08/11 06:44:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/08/11 06:44:30 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/11 06:44:30 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Brianna\AppData\Local\*.tmp files -> C:\Users\Brianna\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/05 02:24:57 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Brianna\Desktop\OTL.exe
[2011/09/05 02:23:00 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/05 02:23:00 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/05 02:22:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/04 22:54:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/04 22:51:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/04 22:42:45 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/09/03 06:55:03 | 000,642,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/03 06:55:03 | 000,120,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/03 06:38:29 | 2009,067,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/02 22:39:15 | 000,023,040 | ---- | M] () -- C:\Users\Brianna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/02 20:04:00 | 000,000,512 | ---- | M] () -- C:\Users\Brianna\Documents\MBR.dat
[2011/09/02 19:43:13 | 000,128,128 | ---- | M] () -- C:\Users\Brianna\Documents\cc_20110902_193326.reg
[2011/09/02 19:23:27 | 003,480,352 | ---- | M] (Piriform Ltd) -- C:\Users\Brianna\Documents\ccsetup310.exe
[2011/09/02 19:20:44 | 006,965,840 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\Brianna\Documents\registrybooster.exe
[2011/09/02 19:07:49 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Brianna\Desktop\aswMBR.exe
[2011/09/02 18:39:07 | 005,340,600 | ---- | M] () -- C:\Users\Brianna\Documents\Spotify Installer.exe
[2011/09/02 17:29:38 | 038,958,968 | ---- | M] (Apple Inc.) -- C:\Users\Brianna\Documents\QuickTimeInstaller.exe
[2011/09/02 17:25:13 | 019,798,016 | ---- | M] () -- C:\Users\Brianna\Documents\AdbeRdrUpd945_all_incr. msp
[2011/09/02 17:15:24 | 003,814,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/02 15:28:52 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/09/02 15:28:36 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/09/02 15:28:36 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/09/02 15:28:35 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/09/02 15:23:41 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/02 15:14:48 | 000,908,576 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Brianna\Documents\jxpiinstall.exe
[2011/09/02 15:13:48 | 003,088,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Brianna\Documents\install_flash_player.ex e
[2011/09/02 15:13:27 | 000,683,792 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Brianna\Documents\RealPlayer.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Brianna\AppData\Local\*.tmp files -> C:\Users\Brianna\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/02 20:04:00 | 000,000,512 | ---- | C] () -- C:\Users\Brianna\Documents\MBR.dat
[2011/09/02 19:33:41 | 000,128,128 | ---- | C] () -- C:\Users\Brianna\Documents\cc_20110902_193326.reg
[2011/09/02 18:55:08 | 000,000,789 | ---- | C] () -- C:\Users\Brianna\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Spotify.lnk
[2011/09/02 18:38:41 | 005,340,600 | ---- | C] () -- C:\Users\Brianna\Documents\Spotify Installer.exe
[2011/09/02 15:01:02 | 019,798,016 | ---- | C] () -- C:\Users\Brianna\Documents\AdbeRdrUpd945_all_incr. msp
[2011/09/02 00:37:19 | 2009,067,520 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/19 15:37:10 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/19 15:37:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/06/24 22:10:39 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/10/26 19:15:03 | 000,000,021 | ---- | C] () -- C:\Windows\CS_SETUP.ini
[2009/10/20 19:58:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 19:58:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 18:25:02 | 000,000,680 | ---- | C] () -- C:\Users\Brianna\AppData\Local\d3d9caps.dat
[2009/09/09 00:59:29 | 000,000,095 | ---- | C] () -- C:\Users\Brianna\AppData\Local\fusioncache.dat
[2009/09/07 20:59:01 | 000,023,040 | ---- | C] () -- C:\Users\Brianna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/30 13:34:44 | 000,174,498 | ---- | C] () -- C:\Windows\hppins11.dat
[2009/05/30 13:34:44 | 000,006,091 | ---- | C] () -- C:\Windows\hppmdl11.dat
[2009/05/30 13:29:06 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/05/30 13:28:09 | 000,000,199 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2009/05/30 13:27:33 | 000,000,699 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2009/05/30 13:25:39 | 000,000,665 | ---- | C] () -- C:\Windows\System32\hppapr11.dat
[2009/04/28 02:00:21 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/04/28 02:00:18 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/03/06 11:03:45 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/03/06 11:03:45 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/03/06 11:03:45 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/03/06 11:03:45 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/09/30 15:36:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/09/30 15:25:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/09/30 15:25:14 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/09/30 15:25:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/09/30 15:25:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/09/30 15:25:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/09/30 15:25:14 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/09/30 14:37:15 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
[2008/09/30 14:03:20 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.b in
[2008/06/12 22:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/12 22:41:20 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/06/12 22:41:18 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/12 22:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 003,814,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,642,906 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,120,064 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

< End of report >
Reply With Quote
  #7  
Old September 7th, 2011, 11:54 AM
digmeout digmeout is offline
New Member
 
Join Date: Sep 2011
Posts: 9
Okay. I'm going on vacation for a week and won't have internet access, so if you reply you won't hear from me for a bit.
Reply With Quote
  #8  
Old September 7th, 2011, 03:59 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Aaravkmr,

Welcome to the Forums. I'm not sure what you mean. But if you have an issue with another system, please start your own topic and someone will help. We can only help one person at a time or things become very confusing.


digmeout,

Thanks for letting me know. I'll have a response for you when you return. Have fun on your vacation.


Mo
Reply With Quote
  #9  
Old September 15th, 2011, 01:34 AM
digmeout digmeout is offline
New Member
 
Join Date: Sep 2011
Posts: 9
Okay, I'm back now!
Reply With Quote
  #10  
Old September 15th, 2011, 05:23 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Hi,

Let me go back and review this thread to refresh my memory.

Mo
Reply With Quote
  #11  
Old September 21st, 2011, 05:07 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
As a start please uninstall these toolbars:
MyPoints Toolbar 2.0
CashCrate Toolbar
Reply With Quote
  #12  
Old September 21st, 2011, 05:12 AM
digmeout digmeout is offline
New Member
 
Join Date: Sep 2011
Posts: 9
Why? I installed both of those toolbars myself(and the Swagbucks one, and ChaCha). I doubt it's malware as I've used and been paid by these (legitimate) sites for years. Aside from that, are there other issues?
Reply With Quote
  #13  
Old September 21st, 2011, 06:27 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Quote:
Why? I installed both of those toolbars myself(and the Swagbucks one, and ChaCha).
Go over to the following site and look up those toolbar names. Then decide for yourself.

http://www.systemlookup.com/lists.php?list=1
Reply With Quote
  #14  
Old September 21st, 2011, 11:57 AM
digmeout digmeout is offline
New Member
 
Join Date: Sep 2011
Posts: 9
So are there any other issues?
Reply With Quote
  #15  
Old September 21st, 2011, 10:25 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Nothing malware related is showing.
---------------------------------------
I'm ignoring the plug-ins and toolbars you have installed. But I do hope you read what was said about them.

---------------------------------
Outdated software can contain security holes which malware can exploit to install itself in your system.

Please go here:
http://secunia.com/vulnerability_scanning/online

Press the red Start Scanner button.
This will scan your system for outdated programs and generate a result telling you what was found and where to go to update.
-------------------------------


Let's clean up a few leftovers and empty your temp folders. Run OTL.exe Do not run a scan.
Copy the contents of the code box and paste them into the Custom scans/fixes box at the bottom. Then click the Run Fix button. This is going to shut down everything and reboot the system. So before you do it, save all work so you don't lose it.

When you get back to Windows, a log will open. Please post the contents of that log here.

Code:
:OTL
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O1 - Hosts: 192.168.1.203 NPI14ACE8
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Brianna\AppData\Local\*.tmp files -> C:\Users\Brianna\AppData\Local\*.tmp -> ]

:commands

[EmptyTemp]
You have uniblue registry booster installed. Registry cleaners can go too far and sometimes render your system unbootable.

I never would use one or recommend that anyone else does either.
--------------------------------
You only need one Antimalware, 1 Anti Virus and 1 Firewall running in the background. You can either uninstall or disable any extra scanners and use them for second opinions.
------------------------------------------------------

Once you are set, and sure everything is in working order, you need to flush the system restore points and create a new one. Restoring using an infected Restore Point may re-establish the infection.

In Control Panel / System, click System Protection
Under automatic restore points, uncheck all the boxes in the list of disks available.

Confirm by clicking the Disable System Restore. All restore points will be deleted.
Click OK to close the window.
Click System Protection, recheck all the boxes in the list of available disks and then click OK.

Create a restore point by clicking the Create button.

-------------------

I would also run an online ESET scan for another opinion if this were my system.


Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser).
***For Users running Windows Vista and Windows 7, right click on the Internet Explorer shortcut and then click run as administrator to start a new instance of Internet Explorer. Use that browser session to go the the scan site. XP users, this doesn't apply. Just going to the site is enough.


Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Afer the scan is complete and you see scan completed in the window, there will be a link labeled List of found threats. You want to click it . When that next page opens, you have a choice of copying to clipboard or exporting to text file. choose export to text file. Name the file eset results.txt Save it on your desktop and post its contents into your next reply here.

Last edited by Mosaic1; September 21st, 2011 at 10:31 PM.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Can you eat this pie in only 15 bites?? The Dude Gaming 13 June 21st, 2018 04:09 AM
malware detected. want to make sure computer is clean of everything blue_70517 Malware Removal 11 May 26th, 2014 08:27 PM
clean up malware sharp Malware Removal 8 March 20th, 2012 05:18 PM
OK--I have one that really bites the big one! Magnum73 Windows 98 13 January 14th, 2008 05:54 AM
Malware infection, am I clean? NewWaveGodess Malware Removal 3 April 22nd, 2006 08:26 AM


All times are GMT +1. The time now is 06:13 PM.