ComboFix 10-04-21.01 - TOSHIBA 04/26/2010 6:56.3.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.1103 [GMT 8:00] Running from: c:\users\TOSHIBA\Desktop\ComboFix.exe SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604} SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_RKHIT ((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 ))))))))))))))))))))))))))))))) . 2010-04-25 23:04 . 2010-04-25 23:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-04-25 22:49 . 2010-04-25 22:49 -------- dc----w- C:\Device 2010-04-25 22:47 . 2010-04-25 23:04 -------- d-----w- c:\users\TOSHIBA\AppData\Local\temp 2010-04-25 11:18 . 2010-04-25 11:26 117760 ----a-w- c:\users\TOSHIBA\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-04-25 11:18 . 2010-04-25 11:18 52224 ----a-w- c:\users\TOSHIBA\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-04-25 11:18 . 2010-04-25 11:18 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-04-25 03:07 . 2010-04-25 13:01 -------- d-----w- c:\program files\SpywareBlaster 2010-04-24 23:59 . 2010-04-24 23:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-04-24 23:59 . 2010-04-24 23:59 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\SUPERAntiSpyware.com 2010-04-24 23:58 . 2010-04-24 23:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-04-24 21:53 . 2010-04-24 21:53 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-04-24 21:50 . 2010-03-29 16:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-24 21:50 . 2010-04-24 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-24 21:50 . 2010-03-29 16:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-24 21:46 . 2010-04-24 21:46 -------- d-----w- c:\program files\ERUNT 2010-04-24 14:32 . 2010-04-24 14:32 -------- d-----w- c:\windows\element 2010-04-23 02:51 . 2010-04-23 02:51 -------- d-----w- c:\program files\Common Files\Adobe 2010-04-23 01:38 . 2010-04-23 01:42 -------- d-----w- c:\program files\Windows Live Safety Center 2010-04-23 01:20 . 2010-04-11 13:53 79872 ----a-w- c:\users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\v5f5tlai.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll 2010-04-23 01:20 . 2010-04-11 13:53 33280 ----a-w- c:\users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\v5f5tlai.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINCE\components\WeaveCrypto.dll 2010-04-23 01:05 . 2010-04-23 01:05 -------- d-----w- c:\programdata\COMODO 2010-04-23 00:59 . 2010-04-23 01:02 -------- d-----w- c:\program files\Comodo 2010-04-23 00:59 . 2009-10-14 11:08 32000 ----a-w- c:\windows\system32\drivers\tap0901.sys 2010-04-23 00:59 . 2010-04-23 00:59 5542592 ----a-w- c:\programdata\Comodo Downloader\hopsurf.exe 2010-04-23 00:59 . 2010-04-23 00:59 1510584 ----a-w- c:\programdata\Comodo Downloader\trustconnectclient.exe 2010-04-23 00:58 . 2010-04-23 00:59 -------- d-----w- c:\programdata\Comodo Downloader 2010-04-22 13:36 . 2010-04-22 13:36 -------- d-----w- c:\programdata\Agnitum 2010-04-22 11:40 . 2010-04-22 11:40 -------- d-----w- c:\program files\Common Files\Skype 2010-04-22 09:29 . 2010-04-22 09:29 -------- d-----w- c:\program files\FileHippo.com 2010-04-21 23:48 . 2010-04-21 23:48 -------- d-----w- c:\windows\BDOSCAN8 2010-04-17 04:09 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-17 04:09 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-16 21:00 . 2010-04-17 14:35 -------- d-----w- c:\windows\system32\MpEngineStore 2010-04-15 17:39 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll 2010-04-15 17:39 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-15 17:39 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-15 17:39 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-15 00:03 . 2010-04-15 00:03 -------- d-----w- c:\users\TOSHIBA\AppData\Local\Yahoo! 2010-04-13 21:52 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-04-13 21:52 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll 2010-04-12 21:39 . 2010-02-23 06:04 1664256 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll 2010-04-09 10:53 . 2005-01-04 18:43 4682 ----a-w- c:\windows\system32\npptNT2.sys 2010-04-09 10:51 . 2010-04-09 10:51 -------- d-----w- c:\program files\Common Files\INCA Shared 2010-04-08 17:26 . 2010-04-08 17:26 277240 ----a-w- c:\windows\system32\guard32.dll 2010-04-08 17:25 . 2010-04-08 17:25 74408 ----a-w- c:\windows\system32\drivers\inspect.sys 2010-04-08 17:25 . 2010-04-08 17:25 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2010-04-08 17:25 . 2010-04-08 17:25 218560 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2010-04-08 17:25 . 2010-04-08 17:25 16744 ----a-w- c:\windows\system32\drivers\cmderd.sys 2010-04-08 09:36 . 2010-04-08 09:36 -------- d-----w- c:\windows\system32\Wat 2010-04-06 08:56 . 2010-04-06 08:56 -------- dc----w- C:\$AVG 2010-04-03 02:31 . 2009-05-18 05:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-04-03 02:31 . 2008-04-17 04:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2010-04-03 02:31 . 2010-04-03 02:31 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-03 02:29 . 2010-04-03 02:29 -------- d-----w- c:\program files\Apple Software Update 2010-04-01 08:12 . 2010-04-01 08:12 -------- d-----w- c:\users\TOSHIBA\AppData\Local\OLYMPUS 2010-04-01 08:11 . 2010-04-01 08:11 -------- d-----w- c:\program files\OLYMPUS 2010-03-31 03:29 . 2010-04-05 21:02 -------- d-----w- c:\programdata\Apple Computer 2010-03-31 03:29 . 2010-03-31 03:29 -------- d-----w- c:\program files\Safari 2010-03-31 03:29 . 2010-04-05 21:02 -------- d-----w- c:\program files\Common Files\Apple 2010-03-31 03:28 . 2010-03-31 03:28 -------- d-----w- c:\programdata\Apple 2010-03-31 02:25 . 2010-04-03 03:29 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Apple Computer 2010-03-31 00:15 . 2010-04-03 02:30 -------- d-----w- c:\program files\QuickTime 2010-03-30 21:37 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll 2010-03-30 13:17 . 2010-03-30 13:17 -------- d-----w- c:\program files\Bonjour 2010-03-30 02:28 . 2010-03-30 02:28 1232496 ----a-w- c:\programdata\Google\Google Toolbar\Component\GoogleCld_D9AEC8D4D1915047.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-25 16:46 . 2010-01-24 17:53 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\TeraCopy 2010-04-25 12:57 . 2010-02-05 13:10 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\uTorrent 2010-04-23 03:53 . 2009-09-17 00:08 -------- d-----w- c:\program files\Google 2010-04-23 01:00 . 2010-03-03 02:30 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Comodo 2010-04-22 22:31 . 2009-09-17 00:13 -------- d-----w- c:\program files\Microsoft Silverlight 2010-04-22 11:42 . 2010-02-15 18:21 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Skype 2010-04-22 11:41 . 2010-02-15 18:23 56 ---ha-w- c:\programdata\ezsidmv.dat 2010-04-22 11:41 . 2010-02-15 18:23 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\skypePM 2010-04-22 11:40 . 2010-02-15 18:21 -------- d-----r- c:\program files\Skype 2010-04-21 23:22 . 2010-03-04 11:10 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-17 14:37 . 2009-09-17 00:20 -------- d-----w- c:\programdata\Microsoft Help 2010-04-12 21:39 . 2010-03-04 11:10 -------- d-----w- c:\programdata\AVG Security Toolbar 2010-04-09 14:33 . 2010-01-02 04:41 109208 ----a-w- c:\users\TOSHIBA\AppData\Local\GDIPFONTCACHEV1.DAT 2010-04-09 01:53 . 2010-03-04 05:12 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2010-04-09 01:52 . 2010-03-04 05:11 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2010-04-08 05:10 . 2010-03-15 05:38 -------- d-----w- c:\program files\SMART BRO 2010-04-01 22:39 . 2010-03-17 06:03 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2010-03-29 04:24 . 2009-09-17 00:06 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-03-28 00:33 . 2010-03-17 06:04 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2010-03-28 00:32 . 2010-03-17 06:03 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2010-03-28 00:29 . 2010-03-04 05:11 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-03-27 13:20 . 2009-09-17 00:08 -------- d-----w- c:\programdata\Partner 2010-03-27 07:16 . 2010-03-20 16:00 -------- d-----w- c:\programdata\Steam 2010-03-27 07:16 . 2010-03-14 06:41 -------- d-----w- c:\programdata\PopCap Games 2010-03-25 07:22 . 2010-03-25 07:22 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Autodesk 2010-03-25 06:05 . 2009-09-17 00:07 -------- d-----w- c:\programdata\Norton 2010-03-20 00:49 . 2010-03-20 00:49 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Zen of Sudoku 2010-03-18 10:59 . 2010-03-18 10:59 -------- d-----w- c:\programdata\McAfee 2010-03-15 21:07 . 2010-03-15 21:07 -------- d-----w- c:\programdata\Ulead Systems 2010-03-15 20:58 . 2010-03-15 20:58 -------- d-----w- c:\program files\Common Files\Ulead Systems 2010-03-15 20:58 . 2010-03-15 20:58 -------- d-----w- c:\program files\Corel 2010-03-15 12:05 . 2010-03-15 12:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-15 12:05 . 2010-03-04 11:10 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-15 12:05 . 2010-03-04 11:10 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-13 03:44 . 2009-09-17 00:07 -------- d-----w- c:\programdata\Toshiba 2010-03-13 03:44 . 2009-09-17 00:06 -------- d-----w- c:\program files\TOSHIBA 2010-03-04 18:04 . 2009-09-17 00:27 -------- d-----w- c:\program files\Microsoft SQL Server 2010-03-04 11:10 . 2010-03-04 11:10 -------- d-----w- c:\program files\AVG 2010-03-04 11:10 . 2010-03-04 11:10 -------- d-----w- c:\programdata\avg9 2010-03-04 10:32 . 2009-09-17 00:11 -------- d-----w- c:\program files\Microsoft 2010-03-04 10:32 . 2010-03-04 10:32 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2010-03-04 10:31 . 2009-09-17 00:11 -------- d-----w- c:\program files\Windows Live 2010-03-04 10:31 . 2010-03-04 10:31 -------- d-----w- c:\program files\Microsoft Sync Framework 2010-03-04 10:31 . 2010-03-04 10:31 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-03-04 10:24 . 2010-03-04 10:24 -------- d-----w- c:\program files\ltmoh 2010-03-04 10:02 . 2010-01-02 04:12 -------- d-----w- c:\program files\Realtek WLAN Driver 2010-03-04 09:59 . 2010-01-02 04:11 -------- d-----w- c:\program files\Realtek 2010-03-04 09:45 . 2010-01-02 04:11 -------- d--h--w- c:\program files\Temp 2010-03-04 09:38 . 2010-03-04 09:38 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\InstallShield 2010-03-04 05:58 . 2010-03-04 05:58 2771728 ----a-w- c:\programdata\Toshiba\TSS\Plugins\SwUpdates\Packages\9b62b774-1719-469f-b061-f0ae76b502c4\135431_16.37.40.os2009430a_130.exe 2010-03-03 20:00 . 2010-03-03 20:00 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe 2010-03-03 18:57 . 2010-03-03 02:32 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat 2010-03-03 02:16 . 2010-03-02 16:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-02-27 19:30 . 2010-02-27 19:30 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Malwarebytes 2010-02-27 19:30 . 2010-02-27 19:30 -------- d-----w- c:\programdata\Malwarebytes 2010-02-26 13:21 . 2010-02-26 13:21 -------- d-----w- c:\program files\Enigma Software Group 2010-02-26 06:59 . 2010-02-26 06:59 -------- d-----w- c:\programdata\Grisoft 2010-02-26 05:43 . 2010-02-26 05:43 0 ----a-w- c:\windows\nsreg.dat 2010-02-24 02:16 . 2010-01-03 04:57 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-12 03:46 . 2010-02-12 03:46 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-02-12 03:46 . 2010-02-12 03:46 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-02-08 18:06 . 2010-02-08 18:06 0 ----a-w- c:\windows\PowerReg.dat 2010-02-02 07:45 . 2010-02-24 13:54 2048 ----a-w- c:\windows\system32\tzres.dll 2010-01-29 05:00 . 2010-01-29 05:00 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb132D.tmp.exe 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2010-01-02 04:39 . 2010-01-02 04:39 14 --sh--r- c:\windows\System32\drivers\fbd.sys 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-02-23 06:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632] "NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256] "FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-03-03 155648] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-08 2029456] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 07:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\guard32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS] @="Service" [HKLM\~\startupfolder\C:^Users^TOSHIBA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain] 2009-08-05 22:04 738616 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 08:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-09-02 22:41 174104 ----a-w- c:\windows\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-09-02 22:41 141848 ----a-w- c:\windows\System32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2010-03-29 16:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTOSHIBA] 2009-08-06 16:13 259952 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder] 2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-09-02 22:41 151064 ----a-w- c:\windows\System32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2009-07-29 05:12 7625248 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-04-05 18:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] 2009-07-28 22:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2010-03-30 02:27 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2009-07-21 01:46 1545512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation] 2009-08-17 18:48 1294136 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify] 2009-08-03 15:17 611672 ----a-w- c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain] 2009-08-05 22:18 476512 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera] 2009-08-11 19:37 2446648 ----a-w- c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] 2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [2009-10-10 81920] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 135664] R3 GarenaPEngine;GarenaPEngine;c:\users\TOSHIBA\AppData\Local\Temp\HCE69D1.tmp [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-18 3753224] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872] R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 111960] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-08 1343400] R3 XDva300;XDva300;c:\windows\system32\XDva300.sys [x] R3 XDva309;XDva309;c:\windows\system32\XDva309.sys [x] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-15 216200] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-21 242896] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-04-08 218560] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-04-08 30112] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-15 308064] S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-28 859136] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] --- Other Services/Drivers In Memory --- *Deregistered* - ztbcaud [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F793D123-07BD-4B44-9B97-3D6338B9DB37}] 2009-08-06 16:13 259952 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe . Contents of the 'Scheduled Tasks' folder 2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 02:27] 2010-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 02:27] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSZZ&bmod=TSZZ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab FF - ProfilePath - c:\users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\v5f5tlai.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\v5f5tlai.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\TOSHIBA\AppData\Local\Yahoo!\BrowserPlus\2.7.0\Plugins\npybrowserplus_2.7.0.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) MSConfigStartUp-SpybotSD TeaTimer - c:\windows\Spybot - Search & Destroy\TeaTimer.exe AddRemove-TOSHIBA Software Modem - c:\windows\agrsmdel [HKEY_LOCAL_MACHINE\system\ControlSet001\services\GarenaPEngine] "ImagePath"="\??\c:\users\TOSHIBA\AppData\Local\Temp\HCE69D1.tmp" [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ztbcaud] . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2010-04-26 07:07:44 ComboFix-quarantined-files.txt 2010-04-25 23:07 Pre-Run: 49,906,782,208 bytes free Post-Run: 49,819,951,104 bytes free - - End Of File - - 9B907A87D7EFF5548F9D96FFF8478873