Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Backdoor Trojan associated with Adobe Flash Player 10

Started by Crysta Pebbles Rene , Aug 19 2011 05:29 PM

  • This topic is locked This topic is locked

#1
Crysta Pebbles Rene
Posted 19 August 2011 - 05:29 PM

Crysta Pebbles Rene

    New Member

  • Member
  • Pip
  • 9 posts
I caught this trojan by downloading Adobe Flash Player. I saved the file (Norton verified its validity) and went to execute it and it said could not be accessed or something like that. Then, I tried to download it again from the adobe website and a message popped up in the corner of my computer saying that it was a backdoor trojan (I don't remember which one) and that I needed to restart my computer to remove it and it had a button to click on. I DID NOT click the button (seeing as how it did not look like it was from Norton) and my computer preceeded to restart on its own and when I logged back in after reboot, a little bubble popped up saying that my computer had issues that needed to be resolved, I clicked on the symbol (it looked legit) and my computer restarted again. It made my computer continuously reboot (even when I was in safe mode). I had to restore to a previous date. But that only allowed me to reboot my computer in safe mode. I can't reboot my computer normally, and I have no idea which files I need to remove without removing important ones. I did however remove the files that were created when my computer got infected. I know I'm going to have to edit the registry and delete files from it and files from the computer. I even tried to bring up the task manager to quit the .exe's that was making my computer reboot but it was too fast. I can't run Norton (I think the Trojan deleted it or something), nor can I run any other Antivirus Program. I've run Windows Defender and nothing pops up on it. Should I use Norton Power Eraser? Or should I manually fix the registry. Since I last posted, I went through my system and found the files that were created at the time I caught the trojan and deleted all of them. I caught this trojan like 4 and a half hours ago. I would greatly appreciate anyone who can help me with this.

I'm running Vista Home Basic.

Edited by Crysta Pebbles Rene, 19 August 2011 - 05:35 PM.

  • 0

Advertisements

#2
Essexboy
Posted 20 August 2011 - 08:36 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if I can locate the problem

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
Crysta Pebbles Rene
Posted 20 August 2011 - 09:15 PM

Crysta Pebbles Rene

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Crysta [Admin rights]
Mode: Scan -- Date : 08/20/2011 22:13:01

Bad processes: 0

Registry Entries: 3
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#4
Crysta Pebbles Rene
Posted 20 August 2011 - 09:30 PM

Crysta Pebbles Rene

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL logfile created on: 8/20/2011 10:19:33 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Crysta\Documents\stuffers\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.38 Mb Total Physical Memory | 658.38 Mb Available Physical Memory | 64.97% Memory free
2.24 Gb Paging File | 1.98 Gb Available in Paging File | 88.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 23.30 Gb Free Space | 31.88% Space Free | Partition Type: NTFS

Computer Name: CRYSTA-LAPTOP | User Name: Crysta | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/20 22:18:29 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Crysta\Documents\stuffers\Downloads\OTL.com
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/25 19:50:26 | 000,063,096 | ---- | M] () [Auto | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 19:47:50 | 000,136,816 | ---- | M] () [Auto | Stopped] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/20 01:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 22:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/11/01 00:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/08/02 01:07:58 | 000,367,736 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110817.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/07/27 19:33:51 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 19:33:51 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/22 19:27:23 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110812.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/16 22:32:48 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/05 23:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/06/19 21:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/11/09 16:32:28 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 16:31:46 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/04 11:35:50 | 000,059,392 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 02:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/10/18 13:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/09/27 22:06:56 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/07/28 18:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2005/08/17 08:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 08:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 08:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 08:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/08/01 18:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3879742938-2129086624-2673314559-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-3879742938-2129086624-2673314559-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3879742938-2129086624-2673314559-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3879742938-2129086624-2673314559-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "bing.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {69d1a568-ffdf-4ef5-8919-7003582e0ee8}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {33A8946C-B859-4f7d-8382-ADAB29623DEE}:3.6
FF - prefs.js..extensions.enabledItems: {3A9F26B5-7451-4922-9E2F-CD83E7F454EF}:1.5
FF - prefs.js..extensions.enabledItems: {F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}:3.6
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Crysta\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Crysta\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Crysta\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/08/19 16:31:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2011/08/19 16:31:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/20 22:09:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 23:27:02 | 000,000,000 | ---D | M]

[2010/07/17 17:32:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crysta\AppData\Roaming\Mozilla\Extensions
[2011/08/16 20:07:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crysta\AppData\Roaming\Mozilla\Firefox\Profiles\36dzm85e.default\extensions
[2010/07/22 19:09:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Crysta\AppData\Roaming\Mozilla\Firefox\Profiles\36dzm85e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/18 22:00:55 | 000,000,000 | ---D | M] (GodofWar) -- C:\Users\Crysta\AppData\Roaming\Mozilla\Firefox\Profiles\36dzm85e.default\extensions\{3A9F26B5-7451-4922-9E2F-CD83E7F454EF}
[2011/08/01 01:10:09 | 000,000,000 | ---D | M] (Playdom Community Toolbar) -- C:\Users\Crysta\AppData\Roaming\Mozilla\Firefox\Profiles\36dzm85e.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}
[2011/08/16 20:07:00 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Crysta\AppData\Roaming\Mozilla\Firefox\Profiles\36dzm85e.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/08/01 01:10:11 | 000,000,000 | ---D | M] (SuperPoke Pets Community Toolbar) -- C:\Users\Crysta\AppData\Roaming\Mozilla\Firefox\Profiles\36dzm85e.default\extensions\{84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}
[2011/07/31 12:48:05 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Crysta\AppData\Roaming\Mozilla\Firefox\Profiles\36dzm85e.default\extensions\[email protected]
[2010/07/17 19:15:52 | 000,001,820 | ---- | M] () -- C:\Users\Crysta\AppData\Roaming\Mozilla\Firefox\Profiles\36dzm85e.default\searchplugins\bing.xml
[2011/08/10 20:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/17 18:08:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/28 15:24:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/23 17:33:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/10 20:10:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\CRYSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\36DZM85E.DEFAULT\EXTENSIONS\[email protected]
[2011/08/20 22:09:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3879742938-2129086624-2673314559-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3879742938-2129086624-2673314559-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3879742938-2129086624-2673314559-1000..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Crysta\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Crysta\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{06a7e2ca-b5af-11e0-ab43-001b38a9b6b2}\Shell - "" = AutoRun
O33 - MountPoints2\{06a7e2ca-b5af-11e0-ab43-001b38a9b6b2}\Shell\AutoRun\command - "" = D:\PcOptions.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/20 22:13:01 | 000,000,000 | ---D | C] -- C:\Users\Crysta\Desktop\RK_Quarantine
[2011/08/19 15:44:18 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/08/19 15:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/08/14 18:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/08/13 02:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\MyPublisher
[2011/08/13 02:24:38 | 000,000,000 | ---D | C] -- C:\Users\Crysta\AppData\Roaming\MyPublisher
[2011/08/12 23:52:08 | 000,000,000 | ---D | C] -- C:\Users\Crysta\Documents\Calibre
[2011/08/12 23:45:26 | 000,000,000 | ---D | C] -- C:\Users\Crysta\Calibre Library
[2011/08/12 23:43:41 | 000,000,000 | ---D | C] -- C:\Users\Crysta\AppData\Roaming\calibre
[2011/08/12 23:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2011/08/12 23:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2011/08/12 23:13:02 | 000,000,000 | ---D | C] -- C:\Users\Crysta\AppData\Roaming\vlc
[2011/08/12 23:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/08/12 23:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/08/11 15:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/08/11 15:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/08/11 05:54:50 | 000,000,000 | ---D | C] -- C:\Users\Crysta\Documents\My Barnes & Noble eBooks
[2011/08/11 05:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barnes & Noble
[2011/08/11 05:53:47 | 000,000,000 | ---D | C] -- C:\Users\Crysta\AppData\Roaming\Barnes & Noble
[2011/08/11 05:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Barnes & Noble
[2011/08/10 03:13:13 | 000,000,000 | ---D | C] -- C:\Users\Crysta\Documents\star wars
[2011/08/09 21:37:01 | 000,000,000 | ---D | C] -- C:\Users\Crysta\Documents\Convert to mobi
[2011/08/03 07:15:28 | 000,000,000 | ---D | C] -- C:\Users\Crysta\Documents\My Kindle Content
[2011/08/03 07:14:10 | 000,000,000 | ---D | C] -- C:\Users\Crysta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2011/08/03 07:13:32 | 000,000,000 | ---D | C] -- C:\Users\Crysta\AppData\Local\Amazon
[2011/08/03 06:14:29 | 000,000,000 | ---D | C] -- C:\Users\Crysta\Documents\Kindle (need to go thru and delete)
[2011/08/03 05:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Kindle eBook Converter
[2011/08/03 05:33:01 | 000,000,000 | ---D | C] -- C:\Users\Crysta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Auto Kindle eBook Converter
[2011/08/03 05:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Kindle Auto eBook Converter
[2011/08/03 03:04:50 | 000,000,000 | ---D | C] -- C:\Users\Crysta\Documents\My eBooks
[2011/08/03 03:04:50 | 000,000,000 | ---D | C] -- C:\Users\Crysta\AppData\Roaming\Mobipocket
[2011/08/03 03:02:04 | 000,000,000 | ---D | C] -- C:\Users\Crysta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobipocket.com
[2011/08/03 03:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mobipocket.com
[2011/07/23 19:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games
[2011/07/23 19:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent Games
[2011/07/22 21:47:15 | 000,000,000 | ---D | C] -- C:\Users\Crysta\AppData\Roaming\WinRAR
[2011/07/22 21:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/07/22 21:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param
[2011/07/22 21:28:58 | 000,000,000 | ---D | C] -- C:\Users\Crysta\Documents\Wondershare Video Converter Platinum
[2011/07/22 21:28:04 | 000,000,000 | ---D | C] -- C:\Users\Crysta\AppData\Local\Wondershare
[2011/07/22 21:28:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
[2011/07/22 21:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2011/07/22 21:27:27 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\System32\iconv.dll
[2011/07/22 21:27:23 | 000,000,000 | ---D | C] -- C:\Users\Crysta\AppData\Roaming\Wondershare
[2011/07/22 21:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare

========== Files - Modified Within 30 Days ==========

[2011/08/20 22:06:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/19 17:00:57 | 000,150,528 | ---- | M] () -- C:\Users\Crysta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/19 14:16:19 | 000,326,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/18 02:57:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3879742938-2129086624-2673314559-1000UA.job
[2011/08/18 02:48:48 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2A228E2B-7B6D-41B2-9158-99884D457D44}.job
[2011/08/18 02:11:47 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/18 02:11:47 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 17:57:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3879742938-2129086624-2673314559-1000Core.job
[2011/08/17 02:26:03 | 000,000,404 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Crysta.job
[2011/08/15 06:35:46 | 000,001,796 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/08/14 18:24:04 | 000,001,673 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/08/14 18:24:03 | 000,001,675 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/08/13 02:27:14 | 000,001,093 | ---- | M] () -- C:\Users\Crysta\Desktop\MyPublisher.lnk
[2011/08/13 00:01:29 | 000,128,000 | ---- | M] () -- C:\Users\Crysta\Documents\metadata.db
[2011/08/12 23:26:20 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011/08/12 22:16:45 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/12 22:16:45 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/12 08:14:47 | 000,002,621 | ---- | M] () -- C:\Users\Crysta\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobipocket Reader.lnk
[2011/08/11 05:53:57 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\NOOK for PC.lnk
[2011/08/09 18:04:50 | 000,002,058 | ---- | M] () -- C:\Users\Crysta\Desktop\Google Chrome.lnk
[2011/08/09 18:04:50 | 000,002,020 | ---- | M] () -- C:\Users\Crysta\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/04 13:23:45 | 000,002,056 | ---- | M] () -- C:\Users\Crysta\Desktop\Kindle.lnk
[2011/08/03 20:51:19 | 000,002,034 | ---- | M] () -- C:\Users\Crysta\Application Data\Microsoft\Internet Explorer\Quick Launch\Kindle.lnk
[2011/08/03 20:51:11 | 000,002,597 | ---- | M] () -- C:\Users\Crysta\Desktop\Mobipocket Reader.lnk
[2011/07/29 11:14:47 | 000,002,275 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
[2011/07/23 20:04:06 | 000,001,092 | ---- | M] () -- C:\WildTangent Games App - toshiba.lnk
[2011/07/23 13:52:31 | 000,000,268 | ---- | M] () -- C:\Users\Crysta\Desktop\Guild Wars.lnk
[2011/07/23 13:48:58 | 000,001,747 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2011/07/23 11:59:09 | 000,001,781 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/23 11:58:39 | 000,001,763 | ---- | M] () -- C:\Users\Public\Desktop\Voice & Video Calls.lnk
[2011/07/23 11:57:24 | 000,001,875 | ---- | M] () -- C:\Users\Crysta\Desktop\Microsoft Works.LNK
[2011/07/23 11:57:10 | 000,001,302 | ---- | M] () -- C:\Users\Crysta\Desktop\Photos.lnk
[2011/07/23 11:56:30 | 000,001,327 | ---- | M] () -- C:\Users\Crysta\Desktop\Music.lnk
[2011/07/23 11:55:28 | 000,001,681 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/07/23 11:54:19 | 000,001,028 | ---- | M] () -- C:\Users\Crysta\Desktop\Games.lnk
[2011/07/23 11:54:01 | 000,001,309 | ---- | M] () -- C:\Users\Crysta\Desktop\Documentsss.lnk

========== Files Created - No Company Name ==========

[2011/08/13 02:27:13 | 000,001,093 | ---- | C] () -- C:\Users\Crysta\Desktop\MyPublisher.lnk
[2011/08/13 02:27:11 | 000,001,123 | ---- | C] () -- C:\Users\Crysta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPublisher.lnk
[2011/08/12 23:51:01 | 000,128,000 | ---- | C] () -- C:\Users\Crysta\Documents\metadata.db
[2011/08/12 23:26:17 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011/08/12 23:08:57 | 000,001,796 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/08/11 15:50:06 | 000,001,673 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/08/11 15:50:03 | 000,001,675 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/08/11 05:53:56 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\NOOK for PC.lnk
[2011/08/03 20:51:19 | 000,002,034 | ---- | C] () -- C:\Users\Crysta\Application Data\Microsoft\Internet Explorer\Quick Launch\Kindle.lnk
[2011/08/03 20:51:11 | 000,002,621 | ---- | C] () -- C:\Users\Crysta\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobipocket Reader.lnk
[2011/08/03 07:14:11 | 000,002,056 | ---- | C] () -- C:\Users\Crysta\Desktop\Kindle.lnk
[2011/08/03 03:02:05 | 000,002,597 | ---- | C] () -- C:\Users\Crysta\Desktop\Mobipocket Reader.lnk
[2011/07/23 19:50:12 | 000,001,092 | ---- | C] () -- C:\WildTangent Games App - toshiba.lnk
[2011/07/23 19:47:43 | 000,002,275 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
[2011/07/22 21:52:10 | 000,158,720 | ---- | C] () -- C:\Windows\System32\WS_VideoConverterContextMenu.dll
[2011/07/22 21:47:13 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2011/07/22 21:27:27 | 000,675,840 | ---- | C] () -- C:\Windows\System32\ac3filter.ax
[2011/07/22 21:27:27 | 000,496,640 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2011/05/12 14:00:54 | 000,001,940 | ---- | C] () -- C:\Users\Crysta\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/22 23:44:40 | 000,121,305 | ---- | C] () -- C:\Windows\HPHins15.dat
[2011/03/22 23:44:40 | 000,002,885 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2010/11/24 12:40:48 | 000,000,104 | ---- | C] () -- C:\Users\Crysta\AppData\Roaming\wklnhst.dat
[2010/11/13 16:57:02 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/11/13 16:57:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/11/13 16:56:56 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/11/13 16:56:56 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/11/13 16:56:54 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/07/20 03:02:07 | 000,000,680 | ---- | C] () -- C:\Users\Crysta\AppData\Local\d3d9caps.dat
[2010/07/17 22:33:09 | 000,150,528 | ---- | C] () -- C:\Users\Crysta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/17 11:03:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/07/17 11:03:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/07/17 11:02:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/05/24 11:47:37 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/23 20:00:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/23 20:00:18 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/23 20:00:18 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/23 20:00:18 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/23 20:00:18 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/23 20:00:18 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/23 19:32:46 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2007/05/23 19:32:46 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/05/23 19:32:46 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2006/11/29 00:12:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2006/11/24 09:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,326,088 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/31 19:37:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/08/10 17:00:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/23 16:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 23:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/07/22 20:00:22 | 000,000,000 | ---D | M] -- C:\Users\Crysta\AppData\Roaming\acccore
[2011/08/11 05:53:47 | 000,000,000 | ---D | M] -- C:\Users\Crysta\AppData\Roaming\Barnes & Noble
[2011/08/12 23:52:43 | 000,000,000 | ---D | M] -- C:\Users\Crysta\AppData\Roaming\calibre
[2010/12/12 21:33:24 | 000,000,000 | ---D | M] -- C:\Users\Crysta\AppData\Roaming\Gygan
[2010/11/10 02:11:10 | 000,000,000 | ---D | M] -- C:\Users\Crysta\AppData\Roaming\InterVideo
[2011/08/03 03:08:44 | 000,000,000 | ---D | M] -- C:\Users\Crysta\AppData\Roaming\Mobipocket
[2011/08/13 02:24:38 | 000,000,000 | ---D | M] -- C:\Users\Crysta\AppData\Roaming\MyPublisher
[2010/11/24 12:40:51 | 000,000,000 | ---D | M] -- C:\Users\Crysta\AppData\Roaming\Template
[2010/12/25 00:06:02 | 000,000,000 | ---D | M] -- C:\Users\Crysta\AppData\Roaming\Tific
[2010/11/17 20:20:33 | 000,000,000 | ---D | M] -- C:\Users\Crysta\AppData\Roaming\TuneUp Software
[2011/08/19 16:31:32 | 000,000,000 | ---D | M] -- C:\Users\Crysta\AppData\Roaming\uTorrent
[2010/07/16 21:30:21 | 000,000,000 | ---D | M] -- C:\Users\Crysta\AppData\Roaming\WinBatch
[2011/07/22 21:27:23 | 000,000,000 | ---D | M] -- C:\Users\Crysta\AppData\Roaming\Wondershare
[2011/08/14 22:30:22 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/18 02:48:48 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2A228E2B-7B6D-41B2-9158-99884D457D44}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2010/07/17 01:45:22 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/07/17 01:45:20 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010/07/17 01:45:20 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010/07/17 02:41:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010/07/17 02:41:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2010/07/17 01:45:21 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< End of report >
  • 0

#5
Crysta Pebbles Rene
Posted 20 August 2011 - 09:31 PM

Crysta Pebbles Rene

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL Extras logfile created on: 8/20/2011 10:19:33 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Crysta\Documents\stuffers\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.38 Mb Total Physical Memory | 658.38 Mb Available Physical Memory | 64.97% Memory free
2.24 Gb Paging File | 1.98 Gb Available in Paging File | 88.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 23.30 Gb Free Space | 31.88% Space Free | Partition Type: NTFS

Computer Name: CRYSTA-LAPTOP | User Name: Crysta | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3879742938-2129086624-2673314559-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09557353-EFED-4298-969C-3C4C6C8EA901}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{28382B08-9516-40D0-9707-9AC8C3D1B85D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4970F3D8-202D-46BF-B8C6-0B8E5DE933EA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4BD5448E-BA6C-4BA4-B781-9049D0016BD0}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{5D2DE405-7A07-4225-AEEA-7678F0E5BAAB}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{7DF5104A-B442-45DF-9671-D73C2F8B727B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9129C1E5-9122-4529-A5C9-02C9161B019E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A10EA54F-0617-4753-A761-72A1B1F41F56}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A95972F3-B867-45CB-97E8-CA235057D5B7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B431514B-8740-4F3F-80B1-63BAD40DD92D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C116E19A-60C0-47F9-9BAB-6C6BDEF5E836}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{ED1BDF82-05B5-497B-8FCE-21555FF21B8D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FA0A0D30-13EE-4294-88DA-CEC4F0272AFB}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0E9C4531-58C4-4349-AD2F-A4D999E451EC}" = TOSHIBA Music
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 26
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{7EEE783B-C117-4DF5-B5BE-E94E99BE969B}" = calibre
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E0C18BB0-32CA-4679-B422-9B9FA825378F}" = HP Deskjet Printer Driver Software 9.0
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"BN_DesktopReader" = NOOK for PC
"Desktop Dialer" = Desktop Dialer
"Guild Wars" = Guild Wars
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Internet Offers from Toshiba" = Internet Offers
"Kindle Auto eBook Converter" = Kindle Auto eBook Converter 0.4.50
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Full)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"N360" = Norton Security Suite
"NSS" = Norton Security Scan
"Open Season Rabbit Splat" = Open Season Rabbit Splat Screen Saver
"Picasa2" = Picasa 2
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Wondershare Video Converter Platinum_is1" = Wondershare Video Converter Platinum(Build 5.1.1.0)
"WT022084" = Bejeweled 2 Deluxe
"WT022087" = Diner Dash - Flo on the Go
"WT022090" = Mah Jong Quest
"WT022091" = Penguins!
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3879742938-2129086624-2673314559-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/8/2011 9:45:50 PM | Computer Name = Crysta-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 8/8/2011 9:45:50 PM | Computer Name = Crysta-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 8/8/2011 9:45:51 PM | Computer Name = Crysta-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 8/8/2011 9:45:51 PM | Computer Name = Crysta-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 8/9/2011 12:48:03 AM | Computer Name = Crysta-Laptop | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022)

Error - 8/9/2011 10:28:40 AM | Computer Name = Crysta-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 8/9/2011 10:28:40 AM | Computer Name = Crysta-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 8/9/2011 10:28:40 AM | Computer Name = Crysta-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 8/9/2011 10:28:40 AM | Computer Name = Crysta-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 8/9/2011 10:28:41 AM | Computer Name = Crysta-Laptop | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 8/20/2011 11:07:25 PM | Computer Name = Crysta-Laptop | Source = DCOM | ID = 10005
Description =

Error - 8/20/2011 11:07:26 PM | Computer Name = Crysta-Laptop | Source = DCOM | ID = 10005
Description =

Error - 8/20/2011 11:07:45 PM | Computer Name = Crysta-Laptop | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 8/20/2011 11:08:13 PM | Computer Name = Crysta-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 8/20/2011 11:08:14 PM | Computer Name = Crysta-Laptop | Source = Service Control Manager | ID = 7026
Description =

Error - 8/20/2011 11:08:48 PM | Computer Name = Crysta-Laptop | Source = DCOM | ID = 10005
Description =

Error - 8/20/2011 11:10:31 PM | Computer Name = Crysta-Laptop | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 8/20/2011 11:10:32 PM | Computer Name = Crysta-Laptop | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 8/20/2011 11:10:33 PM | Computer Name = Crysta-Laptop | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 8/20/2011 11:19:19 PM | Computer Name = Crysta-Laptop | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.


< End of report >
Here you go! Thanks for the help so far!
  • 0

#6
Essexboy
Posted 21 August 2011 - 03:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nothing visible there so lets look at the driver area

Download and Install CombofixDownload ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
Crysta Pebbles Rene
Posted 21 August 2011 - 09:10 AM

Crysta Pebbles Rene

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I do not have Norton running although when I ran combofix it said I did. My computer only starts up in safe mode and the only icons in the bottom right hand corner are the speaker and the wireless connection symbols. Should I uninstall Norton and then try again?

Edited by Crysta Pebbles Rene, 21 August 2011 - 09:12 AM.

  • 0

#8
Essexboy
Posted 21 August 2011 - 09:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No accept the warning from Combofix and let it run
  • 0

#9
Crysta Pebbles Rene
Posted 22 August 2011 - 09:45 AM

Crysta Pebbles Rene

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
This is what popped up.

combofix pic.jpg
  • 0

#10
Essexboy
Posted 22 August 2011 - 10:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK different tool

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

Advertisements

#11
Essexboy
Posted 26 August 2011 - 10:00 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#12
Essexboy
Posted 26 August 2011 - 12:03 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you attach the entire zip folder please

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
Megaupload
  • 0

#13
Crysta Pebbles Rene
Posted 28 August 2011 - 09:02 PM

Crysta Pebbles Rene

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I'm running it right now, I ran it once before and nothing popped up, it said it was all clean. It might take a little while I know it took hours the other day when I ran it.
  • 0

#14
Crysta Pebbles Rene
Posted 28 August 2011 - 09:33 PM

Crysta Pebbles Rene

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Oo and it keeps saying that a .rar is password protected (it went off the screen before I could save the image.
  • 0

#15
Essexboy
Posted 29 August 2011 - 04:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you could click the link on the manual disinfection tab "AVPTool sysinfo.zip (open file manager)" it will then open a window with the zip file if you could attach that to your post I will be able to do the analysis
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP