Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Vista issues...perhaps a redirect virus? [Closed]

Started by slravene , Jun 27 2012 07:47 AM

  • This topic is locked This topic is locked

#1
slravene
Posted 27 June 2012 - 07:47 AM

slravene

    Member

  • Member
  • PipPip
  • 34 posts
I am having an issue with my Windows Vista which I believe to be some sort of malware. It first started as a simple occasional redirect of my Google searches. The computer slowed to a crawl and then ALL searches were redirected (Google, Bing, etc) The sites that I was redirected to were not consistent.

Then it got to the point of not being able to connect to the internet at all. My computer is connected to the wireless network (as well as other computers in the house that connect and work), but the internet just will not work on this one.

Here is what I have run so far (well tried to run):
-System restore. Does not work, I get an error of “PROGRAM_ERROR_UPDATING”
-MalwareBytes. Cannot update, I get an error of “PROGRAM_ERROR_UPDATING”. It will run without the update, however I got a blue screen of death after about 35 mins of scanning. I’m not sure exactly where it freaked out…but it was in the "/Program Files" I believe…
The error info on the BSOD was:
\Minidump\Mini062612-01.dmp
\AppData\Local\Temp\WER-101010-0.sysdata.xml
\AppData\Local\Temp\WERE040.tmp.version.txt

This is where we stand. I gave up on it after the BSOD…

I have not run any other programs, as I am unsure what to do next. I have access to other computers to load a USB with combofix, hijackthis, whatever else we need to fix this. I have moved all of my files to an external hard drive…so all is safe.

I just purchased Norton a few weeks ago and it is running. I assume we will need to disable this in order to effectively run any further programs.


EDIT == I have tried the tutorial and it does not work either....
Thanks so much in advance.

Edited by slravene, 27 June 2012 - 08:27 AM.

  • 0

Advertisements

#2
Essexboy
Posted 27 June 2012 - 11:20 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi is this 32 bit or 64 bit ? Could you try to run OTL if it fails we may need to work outside of windows

Do you have a windows CD

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
slravene
Posted 28 June 2012 - 06:45 AM

slravene

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Thanks.

Here is the OTL.txt

OTL logfile created on: 6/27/2012 9:59:19 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Tiffany\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 59.13% Memory free
5.94 Gb Paging File | 4.94 Gb Available in Paging File | 83.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.93 Gb Total Space | 198.41 Gb Free Space | 68.43% Space Free | Partition Type: NTFS
Drive E: | 1015.73 Mb Total Space | 1006.42 Mb Free Space | 99.08% Space Free | Partition Type: FAT

Computer Name: TIFFANY-PC | User Name: Tiffany | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/27 21:46:51 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
PRC - [2012/06/27 10:16:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Tiffany\Desktop\OTL.exe
PRC - [2011/08/04 00:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Norton 360\Engine\4.4.0.12\ccsvchst.exe
PRC - [2009/09/14 14:53:32 | 000,279,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 14\RMTray.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/14 15:08:30 | 000,184,320 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2008/01/29 21:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/22 18:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/01/22 15:00:30 | 004,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/01/21 20:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/20 22:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008/01/17 20:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/09 18:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/12/29 13:06:02 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2007/12/25 17:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/25 17:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/12/13 23:52:00 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/10/25 21:41:18 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/09/28 20:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/09/28 20:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/06/16 01:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007/02/12 20:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/01/22 15:00:30 | 004,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2008/01/03 00:27:40 | 000,761,856 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/01/03 00:27:38 | 000,007,680 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll
MOD - [2007/12/29 13:06:02 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
MOD - [2007/12/25 16:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 01:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2007/12/15 01:28:38 | 004,726,784 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2006/12/01 21:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\TBS\NotifyTBS.dll
MOD - [2006/10/10 15:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 15:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tzontservice.dll -- (ZSMC301b)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acrsch2svc.dll -- (zebrceb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\svcwmu.dll -- (XTrapD12)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mstdc.dll -- (w550mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mafwboot.dll -- (vstor2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tandpl.dll -- (vrservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aeclienthostservice.dll -- (USR1806V)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WcesComm.dll -- (tgsrvc_smartagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\maya70docserver.dll -- (SWUMX20)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\secdrv.dll -- (snoopfreesvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dtsagntsvc.dll -- (smtpd32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tap0901.dll -- (smartscaps)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SunkFilt39.dll -- (siskp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\riomsc.dll -- (sfsync04)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USA49W2KP.dll -- (se58mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ovt519.dll -- (se2Cnd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WINIO.dll -- (SDdriver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wampapache.dll -- (scsk4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\axsaki.dll -- (s217unic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aeaudio.dll -- (s116nd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\athr.dll -- (rwbackupsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lgsnd_filter.dll -- (roxwatch)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sskbfd.dll -- (RIOUNIV)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rimmptsk.dll -- (regmon701)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\prevxagent.dll -- (razerusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\REVOSENS.dll -- (prism_a02)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rchost.dll -- (pdengine)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\icdsptsv.dll -- (oracleoradb10g_home1isql*plus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AVerBDA.dll -- (NVXBAR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\k750mdfl.dll -- (netrcacm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DELTA.dll -- (NetMsmqActivator)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\filemon701.dll -- (MREMP50)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\naiavfilter1.dll -- (mcupdmgr.exe)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ipfilterdriver.dll -- (mbmiodrvr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmudau.dll -- (lxrjd31s)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iomegaaccess.dll -- (lxcr_device)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WinVd32.dll -- (EpmShd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\StkAMini.dll -- (ELkbd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sgectl.dll -- (DNE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winpower.dll -- (dmboot)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\getPlusHelper.dll -- (dklogger)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\k750mgmt.dll -- (DC21x4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qcdonner.dll -- (db2jds)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GameConsoleService.dll -- (CTMFLT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mvdcodec.dll -- (comhost)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Cardex.dll -- (b57w2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avgmfx86.dll -- (AYDrvNT_ALYAC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wdmaud.dll -- (amon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\intcazaudaddservice.dll -- (ageresoftmodem)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pwisvc.dll -- (ADSMService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se45unic.dll -- (acermemusagecheckservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mvserver.dll -- (ac97intc)
SRV - [2012/05/04 21:17:20 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV - [2012/05/04 19:08:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/04 00:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Norton 360\Engine\4.4.0.12\ccSvcHst.exe -- (N360)
SRV - [2008/01/29 21:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/21 20:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/20 22:23:43 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\3combootp.dll -- (ofcpfwsvc)
SRV - [2008/01/20 22:23:43 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\pctavsvc.dll -- (iksysflt)
SRV - [2008/01/20 22:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008/01/17 20:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 17:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 21:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/28 20:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/24 21:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/09/12 22:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/02/12 20:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/05/16 19:58:24 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120518.048\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/16 19:58:24 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/16 19:58:24 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/16 19:58:24 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120518.048\NAVENG.SYS -- (NAVENG)
DRV - [2012/05/15 15:26:24 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120518.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/05/07 19:28:52 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120507.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/21 22:53:36 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0404000.00C\symtdiv.sys -- (SYMTDIv)
DRV - [2011/08/21 22:53:35 | 000,173,176 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0404000.00C\symefa.sys -- (SymEFA)
DRV - [2011/08/04 00:19:30 | 000,485,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0404000.00C\cchpx86.sys -- (ccHP)
DRV - [2010/11/26 14:35:02 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0404000.00C\ironx86.sys -- (SymIRON)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0404000.00C\srtsp.sys -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0404000.00C\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/10/14 23:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0404000.00C\symds.sys -- (SymDS)
DRV - [2008/11/17 19:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/02/01 15:46:08 | 000,187,904 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (CnxtHdAudAddService)
DRV - [2008/01/21 19:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/20 22:24:53 | 000,071,680 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2008/01/15 14:34:58 | 000,048,472 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007/12/17 15:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/09 18:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/18 02:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/09 20:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2006/11/09 17:32:28 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/09 17:31:46 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2006/10/23 20:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 15:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\..\SearchScopes,DefaultScope = {E605734C-D29E-45D6-B657-8F38FE87790C}
IE - HKLM\..\SearchScopes\{E605734C-D29E-45D6-B657-8F38FE87790C}: "URL" = http://www.google.co...ge={startPage};


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-169701618-2999733080-3481286927-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-169701618-2999733080-3481286927-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-169701618-2999733080-3481286927-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-169701618-2999733080-3481286927-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-169701618-2999733080-3481286927-1000\..\SearchScopes,DefaultScope = {E605734C-D29E-45D6-B657-8F38FE87790C}
IE - HKU\S-1-5-21-169701618-2999733080-3481286927-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...il&geo=US&ver=4
IE - HKU\S-1-5-21-169701618-2999733080-3481286927-1000\..\SearchScopes\{E605734C-D29E-45D6-B657-8F38FE87790C}: "URL" = http://www.google.co...&rlz=1I7TSHB_en
IE - HKU\S-1-5-21-169701618-2999733080-3481286927-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-169701618-2999733080-3481286927-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/02 15:31:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/08/12 03:24:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2012/06/27 21:52:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/02 15:31:52 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-169701618-2999733080-3481286927-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-169701618-2999733080-3481286927-1000..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\RMTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-169701618-2999733080-3481286927-1000..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKU\S-1-5-21-169701618-2999733080-3481286927-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-169701618-2999733080-3481286927-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17C686DA-A987-4703-8FD0-58542214D9C5}: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FA0178F-50F1-4F61-87EC-C9814918E4A8}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - C:\Windows\System32\FastUv32.dll ()
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: szserver - File not found
NetSvcs: se58mdm - %systemroot%\system32\USA49W2KP.dll File not found
NetSvcs: DC21x4 - %systemroot%\system32\k750mgmt.dll File not found
NetSvcs: db2jds - %systemroot%\system32\qcdonner.dll File not found
NetSvcs: ZSMC301b - %systemroot%\system32\tzontservice.dll File not found
NetSvcs: s116nd5 - %systemroot%\system32\aeaudio.dll File not found
NetSvcs: lxrjd31s - %systemroot%\system32\cmudau.dll File not found
NetSvcs: USR1806V - %systemroot%\system32\aeclienthostservice.dll File not found
NetSvcs: lxcr_device - %systemroot%\system32\iomegaaccess.dll File not found
NetSvcs: RIOUNIV - %systemroot%\system32\sskbfd.dll File not found
NetSvcs: s217unic - %systemroot%\system32\axsaki.dll File not found
NetSvcs: SWUMX20 - %systemroot%\system32\maya70docserver.dll File not found
NetSvcs: se2Cnd5 - %systemroot%\system32\ovt519.dll File not found
NetSvcs: ageresoftmodem - %systemroot%\system32\intcazaudaddservice.dll File not found
NetSvcs: netrcacm - %systemroot%\system32\k750mdfl.dll File not found
NetSvcs: dklogger - %systemroot%\system32\getPlusHelper.dll File not found
NetSvcs: zebrceb - %systemroot%\system32\acrsch2svc.dll File not found
NetSvcs: vstor2 - %systemroot%\system32\mafwboot.dll File not found
NetSvcs: ac97intc - %systemroot%\system32\mvserver.dll File not found
NetSvcs: ELkbd - %systemroot%\system32\StkAMini.dll File not found
NetSvcs: prism_a02 - %systemroot%\system32\REVOSENS.dll File not found
NetSvcs: ADSMService - %systemroot%\system32\pwisvc.dll File not found
NetSvcs: siskp - %systemroot%\system32\SunkFilt39.dll File not found
NetSvcs: oracleoradb10g_home1isql*plus - %systemroot%\system32\icdsptsv.dll File not found
NetSvcs: rwbackupsrv - %systemroot%\system32\athr.dll File not found
NetSvcs: EpmShd - %systemroot%\system32\WinVd32.dll File not found
NetSvcs: acermemusagecheckservice - %systemroot%\system32\se45unic.dll File not found
NetSvcs: pdengine - %systemroot%\system32\rchost.dll File not found
NetSvcs: regmon701 - %systemroot%\system32\rimmptsk.dll File not found
NetSvcs: XTrapD12 - %systemroot%\system32\svcwmu.dll File not found
NetSvcs: vrservice - %systemroot%\system32\tandpl.dll File not found
NetSvcs: iksysflt - C:\Windows\System32\pctavsvc.dll ()
NetSvcs: w550mgmt - %systemroot%\system32\mstdc.dll File not found
NetSvcs: razerusb - %systemroot%\system32\prevxagent.dll File not found
NetSvcs: DNE - %systemroot%\system32\sgectl.dll File not found
NetSvcs: mbmiodrvr - %systemroot%\system32\ipfilterdriver.dll File not found
NetSvcs: smartscaps - %systemroot%\system32\tap0901.dll File not found
NetSvcs: b57w2k - %systemroot%\system32\Cardex.dll File not found
NetSvcs: smtpd32 - %systemroot%\system32\dtsagntsvc.dll File not found
NetSvcs: MREMP50 - %systemroot%\system32\filemon701.dll File not found
NetSvcs: roxwatch - %systemroot%\system32\lgsnd_filter.dll File not found
NetSvcs: SDdriver - %systemroot%\system32\WINIO.dll File not found
NetSvcs: CTMFLT - %systemroot%\system32\GameConsoleService.dll File not found
NetSvcs: sfsync04 - %systemroot%\system32\riomsc.dll File not found
NetSvcs: NVXBAR - %systemroot%\system32\AVerBDA.dll File not found
NetSvcs: scsk4 - %systemroot%\system32\wampapache.dll File not found
NetSvcs: NetMsmqActivator - %systemroot%\system32\DELTA.dll File not found
NetSvcs: AYDrvNT_ALYAC - %systemroot%\system32\avgmfx86.dll File not found
NetSvcs: tgsrvc_smartagent - %systemroot%\system32\WcesComm.dll File not found
NetSvcs: dmboot - %systemroot%\system32\winpower.dll File not found
NetSvcs: comhost - %systemroot%\system32\mvdcodec.dll File not found
NetSvcs: snoopfreesvc - %systemroot%\system32\secdrv.dll File not found
NetSvcs: amon - %systemroot%\system32\wdmaud.dll File not found
NetSvcs: mcupdmgr.exe - %systemroot%\system32\naiavfilter1.dll File not found
NetSvcs: ofcpfwsvc - C:\Windows\System32\3combootp.dll ()
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/27 21:51:07 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Tiffany\Desktop\OTL.exe
[2012/06/27 21:51:07 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Tiffany\Desktop\GooredFix.exe
[2012/06/27 21:51:06 | 004,569,121 | ---- | C] (Swearware) -- C:\Users\Tiffany\Desktop\ComboFix.exe
[2012/06/27 21:51:05 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Tiffany\Desktop\TFC.exe
[2012/06/27 21:51:04 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Tiffany\Desktop\OTM.exe
[2012/06/26 23:14:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/06/26 22:32:10 | 000,000,000 | ---D | C] -- C:\Users\Tiffany\AppData\Roaming\Malwarebytes
[2012/06/26 22:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/26 22:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/26 22:32:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/26 22:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/26 22:31:30 | 001,413,120 | ---- | C] (Option^Explicit Software Solutions) -- C:\Users\Tiffany\Desktop\winsockfix.exe
[2012/06/26 22:31:26 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Tiffany\Desktop\spybotsd162.exe
[2012/06/26 22:31:23 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tiffany\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/31 22:09:58 | 000,000,000 | ---D | C] -- C:\Users\Tiffany\Documents\Music
[2012/05/31 22:04:32 | 000,000,000 | ---D | C] -- C:\Users\Tiffany\Documents\Hair Fashion Nails
[2012/05/31 21:50:24 | 000,000,000 | ---D | C] -- C:\Users\Tiffany\Documents\Pictures & Videos
[2012/05/31 21:44:20 | 000,000,000 | ---D | C] -- C:\Users\Tiffany\Documents\Creative
[2012/05/31 21:44:02 | 000,000,000 | ---D | C] -- C:\Users\Tiffany\Documents\Misc
[2 C:\Users\Tiffany\Desktop\*.tmp files -> C:\Users\Tiffany\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/27 22:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/27 21:53:56 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/27 21:53:56 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/27 21:49:46 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2012/06/27 21:47:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 21:47:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 21:47:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/27 21:47:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/27 21:47:02 | 3079,528,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/27 21:46:51 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2012/06/27 10:20:06 | 004,569,121 | ---- | M] (Swearware) -- C:\Users\Tiffany\Desktop\ComboFix.exe
[2012/06/27 10:19:28 | 001,402,880 | ---- | M] () -- C:\Users\Tiffany\Desktop\HiJackThis.msi
[2012/06/27 10:17:06 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Tiffany\Desktop\TFC.exe
[2012/06/27 10:16:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Tiffany\Desktop\OTL.exe
[2012/06/27 10:05:18 | 002,109,990 | ---- | M] () -- C:\Users\Tiffany\Desktop\tdsskiller.zip
[2012/06/27 10:04:58 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Tiffany\Desktop\GooredFix.exe
[2012/06/27 10:04:16 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Tiffany\Desktop\OTM.exe
[2012/06/26 23:14:58 | 416,382,967 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/26 22:32:05 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/26 22:21:14 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/26 09:50:04 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Tiffany\Desktop\spybotsd162.exe
[2012/06/26 09:48:30 | 001,413,120 | ---- | M] (Option^Explicit Software Solutions) -- C:\Users\Tiffany\Desktop\winsockfix.exe
[2012/06/26 09:46:46 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tiffany\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/14 23:10:45 | 000,005,632 | ---- | M] () -- C:\Users\Tiffany\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/14 22:57:20 | 000,002,609 | ---- | M] () -- C:\Users\Tiffany\Desktop\Microsoft Office Word 2003.lnk
[2012/06/08 17:35:38 | 000,000,949 | ---- | M] () -- C:\Users\Tiffany\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/06/04 18:33:49 | 000,002,607 | ---- | M] () -- C:\Users\Tiffany\Desktop\Microsoft Office Excel 2003.lnk
[2 C:\Users\Tiffany\Desktop\*.tmp files -> C:\Users\Tiffany\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/27 21:51:07 | 001,402,880 | ---- | C] () -- C:\Users\Tiffany\Desktop\HiJackThis.msi
[2012/06/27 21:51:05 | 002,109,990 | ---- | C] () -- C:\Users\Tiffany\Desktop\tdsskiller.zip
[2012/06/26 23:22:44 | 3079,528,448 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/26 23:14:25 | 416,382,967 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/26 22:32:05 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/08 17:35:38 | 000,000,949 | ---- | C] () -- C:\Users\Tiffany\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/05/20 22:50:01 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2012/05/20 22:46:53 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2012/05/04 22:20:55 | 000,105,324 | ---- | C] () -- C:\Windows\System32\itusbcore.dat
[2012/05/04 21:20:44 | 000,105,324 | ---- | C] () -- C:\Windows\System32\itldvupd.dat
[2012/05/04 21:20:44 | 000,000,197 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
[2012/05/04 21:17:20 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FastUv32.dll
[2011/10/17 19:47:55 | 000,002,416 | ---- | C] () -- C:\Windows\ipconfig.dat
[2011/05/18 21:50:34 | 000,001,940 | ---- | C] () -- C:\Users\Tiffany\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/13 19:06:22 | 000,049,156 | ---- | C] () -- C:\Windows\System32\certstore.dat
[2010/03/02 18:04:35 | 000,005,632 | ---- | C] () -- C:\Users\Tiffany\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/02 16:37:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/01 18:43:21 | 000,002,987 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2010/02/23 11:57:59 | 000,006,648 | ---- | C] () -- C:\Users\Tiffany\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/05/16 19:22:18 | 000,000,000 | ---D | M] -- C:\Users\Tiffany\AppData\Roaming\Tific
[2010/02/23 16:38:27 | 000,000,000 | ---D | M] -- C:\Users\Tiffany\AppData\Roaming\TMP
[2010/02/25 19:48:11 | 000,000,000 | ---D | M] -- C:\Users\Tiffany\AppData\Roaming\TOSHIBA
[2010/02/25 20:00:11 | 000,000,000 | ---D | M] -- C:\Users\Tiffany\AppData\Roaming\Ulead Systems
[2011/09/10 10:02:23 | 000,000,000 | ---D | M] -- C:\Users\Tiffany\AppData\Roaming\WildTangent
[2010/02/23 14:33:35 | 000,000,000 | ---D | M] -- C:\Users\Tiffany\AppData\Roaming\WinBatch
[2012/05/31 21:31:12 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< \md5start >

< services.* >

< explorer.exe >

< winlogin.exe >

< Userinit.exe >

< svchost.exe >

< /md5stop >
Invalid Switch: md5stop

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB8429$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 22528 bytes -> C:\Windows\System32\autochk.exe:BAK
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D287FACF

< End of report >
  • 0

#4
slravene
Posted 28 June 2012 - 06:46 AM

slravene

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Here is the Extras.txt

OTL Extras logfile created on: 6/27/2012 9:59:19 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Tiffany\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 59.13% Memory free
5.94 Gb Paging File | 4.94 Gb Available in Paging File | 83.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.93 Gb Total Space | 198.41 Gb Free Space | 68.43% Space Free | Partition Type: NTFS
Drive E: | 1015.73 Mb Total Space | 1006.42 Mb Free Space | 99.08% Space Free | Partition Type: FAT

Computer Name: TIFFANY-PC | User Name: Tiffany | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{95388B29-8407-4DB0-9A57-8D2A0DD6F564}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DAFE7DF0-2436-4239-8057-4EFA6ACF86AC}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08579F6B-6700-4190-9002-6DA74E991E3C}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\pcmservice.exe |
"{12149E57-C2AE-49B3-9006-13FED00AA462}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{160CB3B4-E196-4893-A2A0-2B73F4EFC774}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{21C0DAE0-25A7-403D-971B-37963B2F1FF1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{2419103D-9AC1-470D-834E-D069504C0BC4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2488475D-7E65-4CC7-A3A3-ADFD319AE357}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{28B4598D-4673-44E5-8524-316B662F8311}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2F15DD7C-4212-4599-AB51-D2EAF2F15470}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{46B5F643-B0CA-48CD-8AF9-E860B377AB30}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{481D965C-1570-483E-8972-7316E2253A3F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{49D08C4B-AE87-451D-A4C9-42DE77D4B623}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{4EF9770C-A6CC-49A2-A1A6-3D9732E0B356}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{4F1CAD37-0054-49CD-BC8E-337E08BDB8CA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{59BD2E37-4C53-4A4E-92DE-9179057EE515}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{6038AB3B-65FA-4CDF-AB0D-D3B5DCEF9412}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{629857F0-EF42-4271-AAAC-0D60BB00D322}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{6AE7AF20-9623-453F-BA9B-4635F2829E24}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{6F049CCD-9EE3-43CA-B9C7-460F61E6EBA5}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{85CC70CD-14F8-4AAE-935D-B1C4185944A9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{86094259-A039-4FCE-8855-B0C299FDC90A}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{8B5F940F-F001-4D73-A1C9-5BA61D708DC4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{8B960080-3A05-48B9-8DF3-E61F8B881C74}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8ECEDF7B-D87C-4886-94C0-85F12A00A340}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\powercinema.exe |
"{91C489F0-0BF2-4964-AC27-8512350E3629}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{96338ABD-940A-4530-B75F-A81AA80BC740}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{A87C5D9D-0434-4294-BF27-2950A8169709}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B47B1C81-FF1B-4A2A-969F-112B99ED0DA2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{B8478C87-4D7F-47E4-9B93-7FD605C3C433}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{CD495F6D-0588-4F61-BA5C-5FC018934303}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{E409A984-0762-448E-AE6F-540C1347AFC6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{E870A7AF-0814-498C-8EE5-53DFAD8BFDDC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{F3B40E02-4C99-4DCF-9A40-F25D0F5B6C46}" = dir=in | app=c:\program files\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{372B31CF-77FB-4E29-860C-A0EA2985AB7F}" = O2Micro Flash Memory Card Reader Driver (x86)
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton 360
"Norton Utilities_is1" = Norton Utilities
"Picasa2" = Picasa 2
"PROHYBRIDR" = 2007 Microsoft Office system
"Shop for HP Supplies" = Shop for HP Supplies
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-169701618-2999733080-3481286927-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/6/2012 12:31:47 PM | Computer Name = Tiffany-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2340

Error - 5/6/2012 12:31:48 PM | Computer Name = Tiffany-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/6/2012 12:31:48 PM | Computer Name = Tiffany-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3370

Error - 5/6/2012 12:31:48 PM | Computer Name = Tiffany-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3370

Error - 5/7/2012 7:06:10 AM | Computer Name = Tiffany-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/7/2012 7:06:10 AM | Computer Name = Tiffany-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 66865351

Error - 5/7/2012 7:06:10 AM | Computer Name = Tiffany-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 66865351

Error - 5/7/2012 7:06:11 AM | Computer Name = Tiffany-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/7/2012 7:06:11 AM | Computer Name = Tiffany-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 66866599

Error - 5/7/2012 7:06:11 AM | Computer Name = Tiffany-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 66866599

[ System Events ]
Error - 12/1/2010 10:43:29 PM | Computer Name = Tiffany-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 12/4/2010 2:55:27 PM | Computer Name = Tiffany-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 12/4/2010 2:55:27 PM | Computer Name = Tiffany-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 12/8/2010 9:04:22 PM | Computer Name = Tiffany-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume SQ004656V06.

Error - 12/8/2010 9:04:22 PM | Computer Name = Tiffany-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume SQ004656V06.

Error - 12/12/2010 4:02:39 PM | Computer Name = Tiffany-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 12/12/2010 4:02:39 PM | Computer Name = Tiffany-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume SQ004656V06.

Error - 12/15/2010 10:54:36 PM | Computer Name = Tiffany-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume SQ004656V06.

Error - 12/15/2010 10:54:36 PM | Computer Name = Tiffany-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 12/15/2010 11:04:39 PM | Computer Name = Tiffany-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >
  • 0

#5
slravene
Posted 28 June 2012 - 06:49 AM

slravene

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Also, it may be shown somewhere in those reports...but about 2/3 of the way through the scan this message popped up on the bottom tray of the computer. The scan continued and finished with this still on the screen...I dont know what this is:

OTL: OTL.exe - Corrupt File

"The file or directory C:\Users\Tiffany\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-169701618-2999733080-3481286927-1000 is corrupt and unreadable. Please run the Chkdsk utility"
  • 0

#6
Essexboy
Posted 28 June 2012 - 08:08 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You do have some drive problems, we will check that out first and then remove the redirector

Go to Windows Explorer
Right click the C drive and select Properties
In the Dialogue that opens select the Tools tab
By Error Checking press Check Now
In the next Check disc box that opens ensure both boxes are ticked
Press start

Posted Image

A dialogue will pop up saying the disc is locked perform on next boot, select yes to this
Reboot the computer and allow disc check to run

Once it has completed then

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
slravene
Posted 29 June 2012 - 07:13 AM

slravene

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
ok i will run these asap and report back...thanks
  • 0

#8
Essexboy
Posted 02 July 2012 - 10:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP