Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I think is a bagle

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I think is a bagle

Unread postby LUPRI » January 2nd, 2011, 12:22 am

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:10:33 AM, on 1/2/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Autorun Eater\oldmcdonald.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Autorun Eater\billy.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Users\Priscilla\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CBL5QTQN\HijackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://*.bitdefender.com
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7831 bytes
LUPRI
Active Member
 
Posts: 13
Joined: January 2nd, 2011, 12:17 am
Advertisement
Register to Remove

Re: I think is a bagle

Unread postby deltalima » January 3rd, 2011, 8:43 am

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I think is a bagle

Unread postby deltalima » January 3rd, 2011, 8:52 am

Hi LUPRI,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your malware issue.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.

Please give a full description of the symptoms and why you think it is bagle.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I think is a bagle

Unread postby LUPRI » January 3rd, 2011, 11:26 am

Hi deltalima ,
Thanks for your time. I can't download any online scanner or open the page of any antivirus, when I do the message is not valid Win32 shows up.I running the combofix by CD yesterday and after that all programs were damaged.I couldn t access any program just the documents files.I got the message all had been deleted.So I restored the computer but still have the same problem.I can t download scanner or programs from antivirus.I got just the log from Hijackthis I didn t save it but I saved the log.The internet is falling only on my computer all other are working well.I m sending the log from combofix hope that helps.
2011-01-01 15:20:05 . 2011-01-01 15:20:05 886 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-TPwrMain.reg.dat
2011-01-01 15:20:05 . 2011-01-01 15:20:05 896 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SmoothView.reg.dat
2011-01-01 15:19:53 . 2011-01-01 15:19:53 160 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-00TCrdMain.reg.dat
2011-01-01 15:19:53 . 2011-01-01 15:19:53 160 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-HSON.reg.dat
2010-12-25 19:48:54 . 2010-12-25 19:48:54 570 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-PEVSystemStart.reg.dat
2010-12-25 19:48:54 . 2010-12-25 19:48:54 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfRd.reg.dat
2010-12-25 19:48:54 . 2010-12-25 19:48:54 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfPf.reg.dat
2009-12-20 23:13:46 . 2011-01-02 17:23:43 5,717 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-12-20 20:10:05 . 2009-12-20 20:10:05 820 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-NDSTray.reg.dat
2009-12-20 20:10:04 . 2009-12-20 20:10:04 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-MCODS.reg.dat
2009-12-20 20:10:04 . 2009-12-20 20:10:04 546 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-mcmscsvc.reg.dat
2009-12-20 19:51:52 . 2011-01-02 17:14:11 1,130 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-05-08 04:10:23 . 2009-05-08 04:10:24 61,224 ----a-w- C:\Qoobox\Quarantine\C\Users\Priscilla\GoToAssistDownloadHelper.exe.vir
2007-11-07 10:03:18 . 2007-11-07 10:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir
2007-01-05 23:16:26 . 2007-01-05 23:16:26 524,288 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\ntuser.dat{0dd9af65-9d0b-11db-8678-0016d42a45f8}.TMContainer00000000000000000001.regtrans-ms.vir
2007-01-05 23:16:25 . 2007-01-05 23:16:25 524,288 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\ntuser.dat{0dd9af55-9d0b-11db-8678-0016d42a45f8}.TMContainer00000000000000000001.regtrans-ms.vir
2006-06-23 00:27:12 . 2006-06-23 00:27:12 32,768 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\XP\EBLib.dll.vir
2006-06-23 00:27:12 . 2006-06-23 00:27:12 11,264 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\XP\TPwSav.sys.vir

that s the quarantine logs
ComboFix 10-12-31.02 - Priscilla 01/02/2011 15:14:11.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.383 [GMT -2:00]
Running from: c:\users\Priscilla\Desktop\ComboFix.exe
AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-02 to 2011-01-02 )))))))))))))))))))))))))))))))
.

2011-01-02 17:27 . 2011-01-02 17:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-01-02 17:27 . 2011-01-02 17:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-01 14:49 . 2011-01-01 14:49 318976 ----a-w- c:\windows\system32\CF8732.exe
2010-12-31 09:54 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7ED5353-93EC-44E6-ABF5-610A1147498E}\mpengine.dll
2010-12-29 18:39 . 2010-12-29 18:40 -------- d-----w- c:\users\Priscilla\AppData\Roaming\QuickScan
2010-12-29 10:25 . 2010-12-29 10:25 -------- d-----w- c:\windows\BDOSCAN8
2010-12-15 21:31 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-15 21:26 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-15 21:26 . 2010-11-02 06:03 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2010-12-15 21:26 . 2010-11-02 06:01 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-15 21:26 . 2010-11-02 05:57 743424 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2010-12-15 21:15 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-15 21:15 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 21:15 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 21:15 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 21:15 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-15 21:14 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-15 21:14 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-15 21:14 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-15 21:14 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-15 21:14 . 2010-10-28 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 21:14 . 2010-10-28 13:27 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 21:14 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-11 10:48 . 2010-12-19 13:48 -------- d-----w- c:\users\Priscilla\AppData\Local\ElevatedDiagnostics
2010-12-11 10:24 . 2010-12-11 10:44 -------- d-----w- c:\program files\Microsoft ATS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-01 01:18 . 2010-12-01 01:18 15256 ----a-w- c:\users\Priscilla\AppData\Roaming\Microsoft\IdentityCRL\ppcrlconfig.dll
2010-11-12 20:53 . 2010-11-09 01:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 12:41 . 2009-10-03 16:28 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2006-07-20 151552]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2008-11-27 501768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Priscilla^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Priscilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 06:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2007-02-06 21:39 622592 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2006-07-19 17:51 65536 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-09-01 01:47 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 03:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
2006-11-01 16:06 413696 ----a-w- c:\program files\Toshiba\Utilities\HWSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 03:13 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-30 00:10 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2006-11-07 01:14 34352 ----a-w- c:\program files\Toshiba\Utilities\KeNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2005-12-16 10:41 188416 ----a-w- c:\program files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacrokeyManager]
2008-01-22 13:50 1969824 ----a-w- c:\windows\System32\WTMKM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2010-10-20 17:32 2192752 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 18:01 319488 ----a-w- c:\windows\PixArt\PAC7302\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-30 00:12 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 03:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 16:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2006-11-09 18:57 3784704 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2004-06-10 19:48 286720 ----a-w- c:\windows\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 12:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2006-01-19 00:06 421888 ----a-w- c:\program files\Toshiba\Utilities\SVPWUTIL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-401546728-4045782884-3945891537-1000]
"EnableNotificationsRef"=dword:00000002

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-01 30192]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-07-26 8576]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
R4 WTService;WTService;c:\windows\system32\atwtusb.exe [2008-02-18 368288]
S1 aswSP;avast! Self Protection; [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-01-02 c:\windows\Tasks\User_Feed_Synchronization-{A4C8891C-4705-44B1-8F5B-2C02C97C98E0}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.toshiba.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: aol.com\free
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-02 15:28
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-01-02 15:31:44
ComboFix-quarantined-files.txt 2011-01-02 17:31
ComboFix2.txt 2011-01-01 15:21
ComboFix3.txt 2010-12-27 01:33
ComboFix4.txt 2010-12-26 13:03
ComboFix5.txt 2011-01-02 17:12

Pre-Run: 69,352,996,864 bytes free
Post-Run: 69,384,601,600 bytes free

- - End Of File - - 45AB4F51A46F86A99A3D8B6F2782E1D8
LUPRI
Active Member
 
Posts: 13
Joined: January 2nd, 2011, 12:17 am

Re: I think is a bagle

Unread postby deltalima » January 3rd, 2011, 12:17 pm

Hi LUPRI,

ExeFix

Please download exefix_vista from Here and save to the desktop.
  • Unzip/extract the file to its own folder.
  • Right click on exefix_vista.reg and merge the information with the registry.

Now please try to run HijackThis and post an uninstall list.

You have run Combofix several times, please give me a full history of what has happened, when did you first run Combofix?

What was the original symptom?

Did someone give you instructions to run Combofix?

When did the not valid Win32 error start? (The HijackThis log you posted is dated 2nd Jan so after that?)

Please post the contents of the file C:\qoobox\ComboFix3.txt

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I think is a bagle

Unread postby LUPRI » January 3rd, 2011, 12:52 pm

Hi deltalima,
My computer is used for home only.We have wirelles at home and is working well to my brother and my dad'computer.
The message starts before 2nd Jan, I was looking for some help over the internet and i got the Hijackthis so I did.The original symptom is - can t download or open any online scanner, the message - not valid win32 error for all antivirus or scanner, the internet is taking to long to open any page or falling down, my msn is falling down all time.
I download the exefix and copy the contents of the file you asked.But I didn t get .. I have to download the Hijijack from where? to tend micro website?
LUPRI
Active Member
 
Posts: 13
Joined: January 2nd, 2011, 12:17 am

Re: I think is a bagle

Unread postby LUPRI » January 3rd, 2011, 12:55 pm

Sorry I forgot the log you asked for
ComboFix 09-05-05.05 - Priscilla 12/26/2010 23:28.6 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.221 [GMT -2:00]
Running from: c:\users\Priscilla\Desktop\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2010-11-27 to 2010-12-27 )))))))))))))))))))))))))))))))
.

2010-12-15 21:26 . 2010-10-18 13:37 81920 ----a-w c:\windows\system32\consent.exe
2010-12-15 21:26 . 2010-11-02 06:01 916480 ----a-w c:\windows\system32\wininet.dll
2010-12-15 21:15 . 2010-10-18 13:31 2038272 ----a-w c:\windows\system32\win32k.sys
2010-12-15 21:15 . 2010-11-04 18:55 601600 ----a-w c:\windows\system32\schedsvc.dll
2010-12-15 21:14 . 2010-11-04 18:55 352768 ----a-w c:\windows\system32\taskschd.dll
2010-12-15 21:14 . 2010-11-04 18:56 345600 ----a-w c:\windows\system32\wmicmiplugin.dll
2010-12-15 21:14 . 2010-11-04 16:34 171520 ----a-w c:\windows\system32\taskeng.exe
2010-12-15 21:14 . 2010-11-04 18:55 270336 ----a-w c:\windows\system32\taskcomp.dll
2010-12-15 21:14 . 2010-10-28 13:27 292352 ----a-w c:\windows\system32\atmfd.dll
2010-12-15 21:14 . 2010-10-28 15:44 34304 ----a-w c:\windows\system32\atmlib.dll
2010-12-15 21:14 . 2010-06-16 15:30 72704 ----a-w c:\windows\system32\fontsub.dll
2010-12-11 10:48 . 2010-12-19 13:48 -------- d-----w c:\users\Priscilla\AppData\Local\ElevatedDiagnostics
2010-12-11 10:24 . 2010-12-11 10:44 -------- d-----w c:\program files\Microsoft ATS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-25 12:57 . 2009-08-01 05:12 -------- d-----w c:\program files\Windows Live Safety Center
2010-12-22 10:50 . 2009-05-14 22:26 -------- d-----w c:\program files\Microsoft Silverlight
2010-12-15 22:07 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2010-11-18 00:28 . 2009-05-09 00:45 -------- d-----w c:\program files\Windows Live
2010-11-18 00:12 . 2010-11-18 00:12 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2010-11-11 16:48 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2010-11-11 16:48 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2010-11-11 16:43 . 2010-11-02 21:27 -------- d-----w c:\program files\Nokia
2010-11-09 17:30 . 2010-09-11 21:04 116 ----a-w c:\users\Priscilla\AppData\Roaming\wklnhst.dat
2010-11-09 01:03 . 2007-01-05 23:14 -------- d-----w c:\program files\Common Files\Java
2010-11-09 01:00 . 2010-11-09 01:02 472808 ----a-w c:\windows\system32\deployJava1.dll
2010-11-09 01:00 . 2007-01-05 23:14 -------- d-----w c:\program files\Java
2010-11-08 02:36 . 2007-01-12 00:23 -------- d-----w c:\program files\Microsoft Money 2007
2010-11-07 20:14 . 2010-11-07 19:47 -------- d-----w c:\program files\ForCoach
2010-11-07 18:30 . 2010-11-07 18:30 -------- d-----w c:\program files\Sportplan Animator
2010-11-07 15:58 . 2010-11-07 15:56 -------- d-----w c:\program files\Bing Bar Installer
2010-11-07 15:57 . 2009-05-09 00:47 -------- d-----w c:\program files\Microsoft
2010-11-07 15:57 . 2010-11-07 15:57 -------- d-----w c:\program files\MSN Toolbar
2010-11-04 15:19 . 2010-11-02 22:16 -------- d-----w c:\program files\Common Files\Nokia
2010-11-04 01:05 . 2010-11-04 01:05 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-11-04 00:50 . 2010-11-04 00:50 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-11-04 00:08 . 2007-01-05 23:22 -------- d-----w c:\program files\TOSHIBA Games
2010-11-04 00:03 . 2010-11-02 22:06 -------- d-----w c:\program files\DIFX
2010-11-04 00:03 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstor.dat
2010-11-03 23:56 . 2010-11-03 23:56 -------- d-----w c:\program files\Common Files\PCSuite
2010-11-02 23:10 . 2010-11-02 23:10 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-11-02 22:23 . 2009-05-08 00:50 86032 ----a-w c:\users\Priscilla\AppData\Local\GDIPFONTCACHEV1.DAT
2010-11-02 22:20 . 2010-11-02 22:20 36030 ----a-w c:\windows\inf\Ovi Player\0009\tmpABC9.tmp
2010-11-02 22:20 . 2010-11-02 22:20 36030 ----a-w c:\windows\inf\Ovi Player\0000\tmpABC9.tmp
2010-11-02 22:20 . 2010-11-02 22:20 1657 ----a-w c:\windows\inf\Ovi Player\tmpABE9.tmp
2010-11-02 05:57 . 2010-12-15 21:25 43520 ----a-w c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-15 21:25 71680 ----a-w c:\windows\system32\iesetup.dll
2010-11-02 05:57 . 2010-12-15 21:25 109056 ----a-w c:\windows\system32\iesysprep.dll
2010-11-02 04:26 . 2010-12-15 21:25 133632 ----a-w c:\windows\system32\ieUnatt.exe
2010-10-28 13:20 . 2010-12-15 21:25 2048 ----a-w c:\windows\system32\tzres.dll
2010-10-19 12:41 . 2009-10-03 16:28 222080 ------w c:\windows\system32\MpSigStub.exe
2009-05-12 06:41 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot_2010-12-25_19.43.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-01-05 22:24 . 2010-12-27 00:32 84846 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2010-12-25 11:51 59858 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-12-27 00:32 59858 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-05-08 02:30 . 2010-12-27 00:32 16344 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-401546728-4045782884-3945891537-1000_UserData.bin
+ 2009-05-08 01:42 . 2010-12-27 01:20 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-08 01:42 . 2010-12-25 19:39 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-08 01:42 . 2010-12-25 19:39 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-08 01:42 . 2010-12-27 01:20 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-08 01:42 . 2010-12-27 01:20 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-08 01:42 . 2010-12-25 19:39 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-08 06:10 . 2010-12-26 21:42 4812 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-05-08 06:10 . 2010-12-25 03:46 4812 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2010-12-25 11:49 . 2010-12-25 11:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-27 00:30 . 2010-12-27 00:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-25 11:49 . 2010-12-25 11:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-27 00:30 . 2010-12-27 00:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-08 02:16 . 2010-12-26 23:21 291478 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 12:47 . 2010-12-15 22:11 326368 c:\windows\System32\FNTCACHE.DAT
+ 2006-11-02 12:47 . 2010-12-26 11:06 326368 c:\windows\System32\FNTCACHE.DAT
- 2009-05-14 03:44 . 2010-12-18 16:17 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-05-14 03:44 . 2010-12-27 01:04 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-10-26 01:25 . 2010-12-27 00:29 314216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-10-26 01:25 . 2010-12-25 03:46 314216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-07 04:29 . 2010-12-27 00:29 2916248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-11-07 04:29 . 2010-12-25 03:46 2916248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-10-26 01:25 . 2010-12-27 00:29 4474264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-401546728-4045782884-3945891537-1000-8192.dat
- 2010-10-26 01:25 . 2010-12-25 03:46 4474264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-401546728-4045782884-3945891537-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
2010-09-23 02:16 393600 ----a-w c:\program files\Windows Live\Companion\companioncore.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dcb7100-df86-4384-8842-8fa844297b3f}"= "c:\program files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll" [2010-09-22 612616]

[HKEY_CLASSES_ROOT\clsid\{8dcb7100-df86-4384-8842-8fa844297b3f}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w c:\windows\system32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-15 530552]
"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2006-07-20 151552]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2008-11-27 501768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Priscilla^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Priscilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):2e,7a,d3,c0,68,e5,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-401546728-4045782884-3945891537-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C071C503-85A9-42F0-89E4-54CCD6A59C42}"= Disabled:UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{80F569EC-A2A1-49D7-8D8C-5AFC373C2891}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{62287C3C-54B3-438F-9CA9-EDDA07791123}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{43E11F9C-81D0-4820-A48A-F65025DA4621}c:\\users\\priscilla\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= UDP:c:\users\priscilla\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"UDP Query User{553F2B2C-A47B-421F-AB32-B3794F3A78DA}c:\\users\\priscilla\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= TCP:c:\users\priscilla\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"{96E5F764-9A0B-47AF-8CFF-A9F973594282}"= Disabled:UDP:c:\program files\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{5A30DD2B-3838-4C6A-B120-5A6D64724DB5}"= Disabled:TCP:c:\program files\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"TCP Query User{217F1CF8-55CF-4180-8E54-7DD50D8B5A40}c:\\program files\\toshiba games\\jeopardy\\jeopardy!.exe"= UDP:c:\program files\toshiba games\jeopardy\jeopardy!.exe:JEOPARDY!
"UDP Query User{B4F80CE4-802D-4867-B742-6FB7741DE03B}c:\\program files\\toshiba games\\jeopardy\\jeopardy!.exe"= TCP:c:\program files\toshiba games\jeopardy\jeopardy!.exe:JEOPARDY!
"{47CB65B3-C149-4966-BF44-64289EC0F8C4}"= c:\program files\Windows Live\Contacts\wlcomm.exe:Windows Live Communications Platform
"{098E5F0D-FF7E-4FC2-B4CF-50B799579B2C}"= UDP:2869:LocalSubnet:LocalSubnet:Windows Live Communications Platform (UPnP)
"{3505BFD3-F8D7-4262-B75F-270C194FB126}"= TCP:1900:LocalSubnet:LocalSubnet:Windows Live Communications Platform (SSDP)
"{592187B8-333A-4B84-86BF-641207C3E91D}"= c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{7EE17A10-C352-490F-9ACC-CBA832E5A142}"= c:\program files\Windows Live\Mesh\MOE.exe:Windows Live Mesh

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]
"{9A20D066-3FCA-4E85-BC17-FDAD15039145}"= UDP:33701|%ProgramFiles%\Windows Live\Mesh\wlcrasvc.exe|Svc=wlcrasvc:@%ProgramFiles%\Windows Live\Mesh\WLRemoteServiceResource.dll,-103

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [10/22/2009 3:30 PM 114768]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [9/6/2009 7:06 AM 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [10/22/2009 3:30 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [10/22/2009 3:29 PM 53328]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [5/11/2009 1:03 AM 21504]
R3 vhidmini;Root Enumerated Hid Device;c:\windows\System32\drivers\walvhid.sys [9/11/2010 7:40 PM 5504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [11/17/2010 10:27 PM 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [9/23/2010 12:21 AM 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/5/2007 9:24 PM 30192]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [7/26/2010 12:24 PM 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [7/26/2010 12:24 PM 8576]
S3 PAC7302;PC Camera;c:\windows\System32\drivers\PAC7302.SYS [6/13/2009 1:06 AM 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63da696c-fd2a-11df-9f0c-0016d49627c5}]
\shell\AutoRun\command - E:\urDrive.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7eeed216-ed93-11df-aa42-0016d49627c5}]
\shell\AutoRun\command - E:\NokiaPCIA_Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba2a9ce8-3c13-11df-a4c0-0016d49627c5}]
\shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2010-12-26 c:\windows\Tasks\User_Feed_Synchronization-{A4C8891C-4705-44B1-8F5B-2C02C97C98E0}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.toshiba.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: {{0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\Windows Live\Companion\companioncore.dll
Trusted Zone: aol.com\free
Trusted Zone: bitdefender.com
TCP: {65662E2E-651C-42AB-879C-6FA9DACE8229} = 200.175.182.139,200.175.5.139
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-26 23:29
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5380)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_por-br.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
Completion time: 2010-12-27 23:33
ComboFix-quarantined-files.txt 2010-12-27 01:33
ComboFix2.txt 2010-12-26 13:03
ComboFix3.txt 2010-12-25 19:51
ComboFix4.txt 2010-01-21 12:05
ComboFix5.txt 2010-12-27 01:27

Pre-Run: 76,258,734,080 bytes free
Post-Run: 76,151,283,712 bytes free

258 --- E O F --- 2010-12-24 09:19
LUPRI
Active Member
 
Posts: 13
Joined: January 2nd, 2011, 12:17 am

Re: I think is a bagle

Unread postby deltalima » January 3rd, 2011, 1:42 pm

Hi LUPRI,

The Combofix log shows that you were running an old version from May 2009, did you have a malware issue back then? And was it resolved?

I download the exefix and copy the contents of the file you asked.But I didn t get


Please let me know exactly what happened when you did this.

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

.. I have to download the Hijijack from where? to tend micro website?


  • Download HJTInstall.exe to your Desktop.
  • Remove the old version by clicking Start >> Control Panel >> Add and Remove Programs and select HijackThis then click Remove
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I think is a bagle

Unread postby LUPRI » January 3rd, 2011, 3:15 pm

the log from exehelp

exeHelper by Raktor
Build 20100414
Run at 17:04:58 on 01/03/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

and the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:48 PM, on 1/3/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Autorun Eater\oldmcdonald.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Autorun Eater\billy.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7306 bytes
LUPRI
Active Member
 
Posts: 13
Joined: January 2nd, 2011, 12:17 am

Re: I think is a bagle

Unread postby deltalima » January 3rd, 2011, 3:50 pm

Hi LUPRI,

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.

Rkill

Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • A notepad windows will open, please post the contents in your next reply
  • This log can also be found at C:\rkill.log
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I think is a bagle

Unread postby LUPRI » January 3rd, 2011, 9:38 pm

Hi Deltalima,
uninstall_list


Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop CS
Adobe Photoshop Elements 8.0
Adobe Photoshop.com Inspiration Browser
Adobe Photoshop.com Inspiration Browser
Adobe Reader 9.4.1
Adobe Shockwave Player
Atheros Driver Installation Program
Autorun Eater v2.3
avast! Antivirus
Bing Bar
Bing Bar Platform
Bluetooth Stack for Windows by Toshiba
Brother MFL-Pro Suite
Cavalaria Real das Princesas, da Disney
CD/DVD Drive Acoustic Silencer
Clifford Pensando & Aprendendo
Concentration
D3DX10
Disney Peter Pan Aventuras na Terra do Nunca
Double Play - The Family Feud Bundle
DVD MovieFactory for TOSHIBA
Fiction Fixers Adventures in Wonderland
FindyKill
Google Desktop
Great Adventures - Lost in Mountains
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Internet Offers
Java(TM) 6 Update 22
Java(TM) SE Runtime Environment 6
Junk Mail filter update
Love and Death - Bitten
Magic Encyclopedia
Magic Encyclopedia - Illusions
Magic Encyclopedia - Moon Light
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Kingdom for the Princess
My Kingdom for the Princess 2
Mystery Masterpiece - The Moonstone
Mystery P.I. - The London Caper
Nokia Connectivity Cable Driver
Nokia Ovi Player
Nokia Ovi Suite
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia PC Internet Access
Nokia PC Internet Access
Nokia PC Suite
Nokia PC Suite
Nokia_Multimedia_Common_Components_2_5
OGA Notifier 2.0.0048.0
Ovi Desktop Sync Engine
OviMPlatform
PaperPort Image Printer
PC Camera
PC Connectivity Solution
Pen Pad Driver with Macro Key Manager
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Roads of Rome
ScanSoft PaperPort 11
SCRABBLE
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
The Wizard's Pen
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Trivia Machine
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Voobys
WildTangent Games
Windows 7 Upgrade Advisor
Windows Driver Package - Nokia Modem (06/09/2010 4.5)
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
WinDVD for TOSHIBA
WinRAR archiver
Word Symphony
Word Up
XP Codec Pack
LUPRI
Active Member
 
Posts: 13
Joined: January 2nd, 2011, 12:17 am

Re: I think is a bagle

Unread postby LUPRI » January 3rd, 2011, 9:52 pm

rkill log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/03/2011 at 23:50:29.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 01/03/2011 at 23:50:36.
LUPRI
Active Member
 
Posts: 13
Joined: January 2nd, 2011, 12:17 am

Re: I think is a bagle

Unread postby LUPRI » January 3rd, 2011, 10:45 pm

Hi Deltalima,
I did all ...
the problem was only when I restart the system , It was logging forever and didn t finish correctly
and now the windows shows up the message it blocked startup programs .The program it s blocked - malwarebytes anti malware
here is the log from malware
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5450

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

1/4/2011 12:09:24 AM
mbam-log-2011-01-04 (00-09-24).txt

Scan type: Quick scan
Objects scanned: 144202
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\priscilla\favorites\mp3 download free.url (Rogue.Link) -> Quarantined and deleted successfully.
LUPRI
Active Member
 
Posts: 13
Joined: January 2nd, 2011, 12:17 am

Re: I think is a bagle

Unread postby deltalima » January 4th, 2011, 7:03 am

Hi LUPRI,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Right click the .exe file and select: Run as Administrator.. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I think is a bagle

Unread postby LUPRI » January 4th, 2011, 8:57 am

Hi Deltalima,
the log
OTL logfile created on: 1/4/2011 10:46:47 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Priscilla\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 310.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 63.32 Gb Free Space | 57.39% Space Free | Partition Type: NTFS

Computer Name: PRISCILLA-PC | User Name: Priscilla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Priscilla\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated)
PRC - C:\Program Files\Autorun Eater\billy.exe (Old McDonald's Farm)
PRC - C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Toshiba\IVP\ISM\pinger.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Priscilla\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\odbc32.dll (Microsoft Corporation)
MOD - C:\Program Files\Windows Journal\NBMapTIP.dll (Microsoft Corporation)
MOD - C:\Windows\System32\mfc42u.dll (Microsoft Corporation)
MOD - C:\Windows\System32\odbcint.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (WTService) -- C:\Windows\System32\atwtusb.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (hwusbdev) -- C:\Windows\System32\DRIVERS\ewusbdev.sys File not found
DRV - (hwdatacard) -- C:\Windows\System32\DRIVERS\ewusbmdm.sys File not found
DRV - (catchme) -- C:\Users\PRISCI~1\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (vhidmini) -- C:\Windows\System32\drivers\walvhid.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (KR3NPXP) -- C:\Windows\system32\drivers\kr3npxp.sys (TOSHIBA CORPORATION)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (snpstd) -- C:\Windows\System32\drivers\snpstd.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-401546728-4045782884-3945891537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
IE - HKU\S-1-5-21-401546728-4045782884-3945891537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/11/04 13:17:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/11/04 13:17:20 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/01/01 13:15:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll File not found
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe (TOSHIBA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: UacDisableNotify = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-401546728-4045782884-3945891537-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-401546728-4045782884-3945891537-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe File not found
O15 - HKU\S-1-5-21-401546728-4045782884-3945891537-1000\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-401546728-4045782884-3945891537-1000\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Toshiba-1.JPG
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Toshiba-1.JPG
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 19:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/04 10:44:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Priscilla\Desktop\OTL.exe
[2011/01/04 00:01:40 | 000,000,000 | ---D | C] -- C:\Users\Priscilla\AppData\Roaming\Malwarebytes
[2011/01/04 00:01:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/04 00:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/04 00:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/04 00:01:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/04 00:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/03 23:55:30 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Priscilla\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/03 17:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/03 17:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/01/03 17:09:13 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Priscilla\Desktop\HJTInstall.exe
[2011/01/03 14:37:30 | 000,000,000 | ---D | C] -- C:\Users\Priscilla\Desktop\exefix_vista
[2011/01/02 18:56:56 | 000,000,000 | ---D | C] -- C:\FindyKill
[2011/01/02 15:31:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/01/02 15:11:02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/01/01 13:21:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/01 12:55:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/01 12:49:17 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF8732.exe
[2010/12/29 16:39:08 | 000,000,000 | ---D | C] -- C:\Users\Priscilla\AppData\Roaming\QuickScan
[2010/12/29 08:25:13 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/12/26 19:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FindyKill
[2010/12/15 19:26:16 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/15 19:26:05 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/15 19:26:01 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/12/15 19:25:59 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/15 19:25:59 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/15 19:25:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/15 19:25:58 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/12/15 19:25:57 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/15 19:25:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/15 19:25:56 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/15 19:25:56 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/12/15 19:25:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/12/15 19:25:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/12/15 19:25:55 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/12/15 19:25:55 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/15 19:25:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/15 19:25:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/15 19:25:54 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/15 19:25:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/15 19:15:06 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/15 19:14:59 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/15 19:14:59 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/15 19:14:57 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/15 19:14:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/15 19:14:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/15 19:14:34 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/11 08:48:57 | 000,000,000 | ---D | C] -- C:\Users\Priscilla\AppData\Local\ElevatedDiagnostics
[2010/12/11 08:24:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2004/11/24 16:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
[2004/05/25 21:21:08 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll
[2004/02/16 17:59:50 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll
[3 C:\Users\Priscilla\Desktop\*.tmp files -> C:\Users\Priscilla\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/04 10:44:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Priscilla\Desktop\OTL.exe
[2011/01/04 10:20:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/04 10:20:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/04 10:20:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/04 00:52:31 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A4C8891C-4705-44B1-8F5B-2C02C97C98E0}.job
[2011/01/04 00:01:29 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/03 23:55:30 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Priscilla\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/03 23:42:54 | 000,780,283 | ---- | M] () -- C:\Users\Priscilla\Desktop\rkill.scr
[2011/01/03 23:32:03 | 000,001,845 | ---- | M] () -- C:\Users\Priscilla\Desktop\HijackThis.lnk
[2011/01/03 17:09:14 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Priscilla\Desktop\HJTInstall.exe
[2011/01/03 17:02:26 | 000,000,632 | ---- | M] () -- C:\Users\Priscilla\Desktop\exefix_vista.zip
[2011/01/01 13:15:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/01 12:55:29 | 004,012,301 | R--- | M] () -- C:\Users\Priscilla\Desktop\ComboFix.exe
[2011/01/01 12:53:40 | 000,621,596 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/01 12:53:39 | 000,111,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/01 12:49:00 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF8732.exe
[2010/12/30 07:34:36 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/12/27 01:38:54 | 000,023,844 | ---- | M] () -- C:\Users\Priscilla\Documents\Bolo de abacaxi com recheio de doce de leite.docx
[2010/12/26 22:15:16 | 000,070,837 | ---- | M] () -- C:\Users\Priscilla\Desktop\Setup.exe
[2010/12/26 09:06:23 | 000,326,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/24 09:05:51 | 000,014,024 | ---- | M] () -- C:\Users\Priscilla\Documents\Planejamento anual 2011 Educação Física 2 Grau.docx
[2010/12/23 18:17:54 | 000,029,696 | ---- | M] () -- C:\Users\Priscilla\Desktop\cardapio.doc
[2010/12/23 17:03:23 | 000,015,736 | ---- | M] () -- C:\Users\Priscilla\Documents\2011.docx
[2010/12/22 21:19:58 | 000,002,423 | ---- | M] () -- C:\Users\Priscilla\Application Data\Microsoft\Internet Explorer\Quick Launch\Nokia Ovi Player.lnk
[2010/12/22 17:49:56 | 000,027,481 | ---- | M] () -- C:\Users\Priscilla\Documents\2010.docx
[2010/12/21 01:14:08 | 000,242,176 | ---- | M] () -- C:\Users\Priscilla\Desktop\notasdobimestre.doc
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/20 17:44:11 | 000,000,162 | -H-- | M] () -- C:\Users\Priscilla\Desktop\~$tasdobimestre.doc
[2010/12/20 17:26:32 | 000,186,880 | ---- | M] () -- C:\Users\Priscilla\Desktop\notas.doc
[2010/12/20 16:18:25 | 000,000,162 | -H-- | M] () -- C:\Users\Priscilla\Desktop\~$notas.doc
[2010/12/19 10:36:11 | 000,001,717 | ---- | M] () -- C:\Users\Priscilla\Desktop\Fix it - Microsoft ATS.lnk
[2010/12/18 09:56:59 | 000,054,784 | ---- | M] () -- C:\Users\Priscilla\Desktop\Chamada 1...xls
[2010/12/18 09:31:26 | 000,072,618 | ---- | M] () -- C:\Users\Priscilla\Documents\conteudo 1a.docx
[2010/12/16 15:57:41 | 000,052,736 | ---- | M] () -- C:\Users\Priscilla\Desktop\1ACHAMADA.xls
[2010/12/16 12:44:33 | 000,052,736 | ---- | M] () -- C:\Users\Priscilla\Desktop\Chamadaartes.xls
[2010/12/16 10:34:43 | 000,068,096 | ---- | M] () -- C:\Users\Priscilla\Desktop\Conteudo ...doc
[2010/12/15 22:31:46 | 000,030,896 | ---- | M] () -- C:\Users\Priscilla\Documents\prova de recu.docx
[2010/12/15 14:55:12 | 000,019,419 | ---- | M] () -- C:\Users\Priscilla\Documents\conteudo 2a.docx
[2010/12/15 10:09:58 | 003,289,088 | ---- | M] () -- C:\Users\Priscilla\Documents\My Money.mny
[2010/12/14 14:31:36 | 000,026,266 | ---- | M] () -- C:\Users\Priscilla\Documents\COLÉGIO ESTADUAL ALMIRANTE TAMANDARÉ.docx
[2010/12/09 00:43:08 | 004,325,096 | ---- | M] () -- C:\Users\Priscilla\Documents\praec.docx
[2010/12/06 23:56:12 | 000,059,392 | ---- | M] () -- C:\Users\Priscilla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\Users\Priscilla\Desktop\*.tmp files -> C:\Users\Priscilla\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/04 00:01:29 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/03 23:42:47 | 000,780,283 | ---- | C] () -- C:\Users\Priscilla\Desktop\rkill.scr
[2011/01/03 17:10:21 | 000,001,845 | ---- | C] () -- C:\Users\Priscilla\Desktop\HijackThis.lnk
[2011/01/03 14:35:32 | 000,000,632 | ---- | C] () -- C:\Users\Priscilla\Desktop\exefix_vista.zip
[2010/12/30 07:32:10 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/12/27 00:38:17 | 000,023,844 | ---- | C] () -- C:\Users\Priscilla\Documents\Bolo de abacaxi com recheio de doce de leite.docx
[2010/12/26 22:15:14 | 000,070,837 | ---- | C] () -- C:\Users\Priscilla\Desktop\Setup.exe
[2010/12/26 19:24:24 | 001,227,755 | ---- | C] () -- C:\Users\Priscilla\Desktop\FindyKill.exe
[2010/12/25 17:40:26 | 004,012,301 | R--- | C] () -- C:\Users\Priscilla\Desktop\ComboFix.exe
[2010/12/24 09:05:15 | 000,014,024 | ---- | C] () -- C:\Users\Priscilla\Documents\Planejamento anual 2011 Educação Física 2 Grau.docx
[2010/12/23 18:17:49 | 000,029,696 | ---- | C] () -- C:\Users\Priscilla\Desktop\cardapio.doc
[2010/12/23 10:20:03 | 000,015,736 | ---- | C] () -- C:\Users\Priscilla\Documents\2011.docx
[2010/12/20 17:44:11 | 000,000,162 | -H-- | C] () -- C:\Users\Priscilla\Desktop\~$tasdobimestre.doc
[2010/12/20 16:18:25 | 000,000,162 | -H-- | C] () -- C:\Users\Priscilla\Desktop\~$notas.doc
[2010/12/20 16:01:54 | 000,242,176 | ---- | C] () -- C:\Users\Priscilla\Desktop\notasdobimestre.doc
[2010/12/20 15:38:09 | 000,186,880 | ---- | C] () -- C:\Users\Priscilla\Desktop\notas.doc
[2010/12/19 10:36:11 | 000,001,717 | ---- | C] () -- C:\Users\Priscilla\Desktop\Fix it - Microsoft ATS.lnk
[2010/12/16 12:47:58 | 000,052,736 | ---- | C] () -- C:\Users\Priscilla\Desktop\1ACHAMADA.xls
[2010/12/15 20:04:49 | 000,030,896 | ---- | C] () -- C:\Users\Priscilla\Documents\prova de recu.docx
[2010/12/15 19:43:17 | 000,052,736 | ---- | C] () -- C:\Users\Priscilla\Desktop\Chamadaartes.xls
[2010/12/15 14:55:11 | 000,019,419 | ---- | C] () -- C:\Users\Priscilla\Documents\conteudo 2a.docx
[2010/12/15 11:04:05 | 000,072,618 | ---- | C] () -- C:\Users\Priscilla\Documents\conteudo 1a.docx
[2010/12/15 10:30:50 | 000,054,784 | ---- | C] () -- C:\Users\Priscilla\Desktop\Chamada 1...xls
[2010/12/15 10:30:19 | 000,068,096 | ---- | C] () -- C:\Users\Priscilla\Desktop\Conteudo ...doc
[2010/12/13 22:47:01 | 000,026,266 | ---- | C] () -- C:\Users\Priscilla\Documents\COLÉGIO ESTADUAL ALMIRANTE TAMANDARÉ.docx
[2010/09/11 19:39:13 | 000,180,224 | ---- | C] () -- C:\Windows\System32\ATWTINK.DLL
[2010/09/11 19:39:12 | 000,008,798 | ---- | C] () -- C:\Windows\System32\Vista.ini
[2010/09/11 19:39:12 | 000,008,467 | ---- | C] () -- C:\Windows\System32\XP_2000.ini
[2010/09/11 19:39:12 | 000,000,574 | ---- | C] () -- C:\Windows\System32\MKProfile.ini
[2010/09/11 19:39:11 | 000,006,991 | ---- | C] () -- C:\Windows\aiptbl.ini
[2010/09/11 19:04:16 | 000,000,116 | ---- | C] () -- C:\Users\Priscilla\AppData\Roaming\wklnhst.dat
[2010/07/31 22:45:32 | 000,000,100 | ---- | C] () -- C:\Windows\CBP.INI
[2010/07/19 03:15:53 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2010/07/14 18:10:04 | 000,002,469 | ---- | C] () -- C:\Windows\disney.ini
[2010/07/14 18:09:52 | 000,000,205 | ---- | C] () -- C:\Windows\disneysy.ini
[2010/03/26 11:56:15 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/03/26 11:56:15 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/03/26 11:53:47 | 000,000,212 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/03/26 11:53:47 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/03/26 11:43:09 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/01/08 14:58:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/20 21:49:31 | 000,157,696 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/12/20 21:49:28 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2009/10/18 15:43:41 | 000,000,680 | ---- | C] () -- C:\Users\Priscilla\AppData\Local\d3d9caps.dat
[2009/08/03 20:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/13 01:06:57 | 000,000,323 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2009/06/13 01:06:49 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2009/06/04 20:29:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/07 23:00:53 | 000,059,392 | ---- | C] () -- C:\Users\Priscilla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/02/12 00:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/01/05 21:35:18 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/01/05 20:59:02 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/01/05 20:59:02 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/01/05 20:59:02 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/01/05 20:59:02 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/01/05 20:59:02 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/01/05 20:59:02 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/01/05 20:35:11 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/01/05 20:35:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/01/05 20:35:11 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/01/05 20:35:11 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2006/11/29 03:12:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2006/11/24 13:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/02 10:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/31 23:37:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/08/10 21:00:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll
[2006/03/09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/23 20:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/23 03:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2004/10/12 03:40:58 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2004/10/12 03:39:48 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2004/10/12 03:39:08 | 000,110,592 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2004/10/09 03:40:16 | 000,454,144 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2004/10/05 05:16:08 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2004/10/03 14:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
[2004/06/17 20:26:08 | 000,330,880 | ---- | C] () -- C:\Windows\System32\drivers\snpstd.sys
[2004/05/06 15:22:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsnpstd.dll
[2003/01/17 21:34:40 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini

< End of report >

OTL Extras logfile created on: 1/4/2011 10:46:47 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Priscilla\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 310.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 63.32 Gb Free Space | 57.39% Space Free | Partition Type: NTFS

Computer Name: PRISCILLA-PC | User Name: Priscilla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-401546728-4045782884-3945891537-1000]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{098E5F0D-FF7E-4FC2-B4CF-50B799579B2C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0D64B463-8A4D-4202-85DC-E5FBE4BE69A8}" = lport=445 | protocol=6 | dir=in | app=system |
"{0D969C7F-3D2F-4754-9B67-9F68611CD4D3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{0E3A84BD-EA3B-4CAC-9EFE-ACBFCECD42C7}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |
"{130BCABF-2DEE-4B90-BB9D-DCE6EF1294FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{180CCA58-61B3-4C01-93FF-7FEE7A8AEDE8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1E9BBBA0-0ED2-4C6B-BF19-B0953129525C}" = lport=80 | protocol=6 | dir=in | name=windows remote management - compatibility mode (http-in) |
"{2E189CFF-F94F-4DA2-8B8B-99FC622524A3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{3505BFD3-F8D7-4262-B75F-270C194FB126}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3B91C151-6CEF-4D99-891D-08F10C0C7487}" = lport=445 | protocol=6 | dir=in | app=system |
"{3E24A4FF-4D1D-4608-8768-5E6558876500}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4B32E56D-88B0-4FB3-9D31-0645F500B3C8}" = lport=1701 | protocol=17 | dir=in | app=system |
"{4F68FF90-625E-411E-B3FE-178DD38614B0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{5E000032-8595-4828-9225-0CA060CFFC12}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6015F051-DE9D-4CEF-B687-B15E72065D5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6466960D-1B26-4C0B-A29A-0A60B21AD961}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{6476C264-D412-44B3-9804-A7656D605F74}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |
"{6F0E6A4C-59C5-4095-AA46-86A0A519203D}" = lport=443 | protocol=6 | dir=in | app=system |
"{788966F4-562C-4705-A069-DDA9E92DCD10}" = lport=5985 | protocol=6 | dir=in | app=system |
"{7EEA7A0C-0103-445A-BB7C-7455FE2F2294}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{88A8424D-DF9B-4DF7-B022-702BC1DF0805}" = lport=1723 | protocol=6 | dir=in | app=system |
"{91D2F3A6-8DFC-4CC9-B7BC-438FA97DFBE3}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe |
"{AA836401-0156-4988-89EC-1435129A1BB9}" = rport=1723 | protocol=6 | dir=out | app=system |
"{B08D002A-EB9A-47A5-B838-0AAAD0EF1FEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C4D74B34-ED04-4474-9435-E581D850A8F2}" = rport=1701 | protocol=17 | dir=out | app=system |
"{C7EC4B50-1C47-4E00-B002-15C13CA42193}" = lport=445 | protocol=6 | dir=in | app=system |
"{D673824E-BC82-4283-9E39-412124C3752B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F789FD9F-B40B-491B-B5F0-B54ECFD244D5}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe |
"{FE45C72D-69CD-4E34-BD02-0C0C3A8F2E4F}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{087A9F9D-0B4D-49C9-AD57-39AED8312828}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{15DA8E6C-BF90-40DC-95CF-365437D88F5C}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{3CF9C7BF-1684-465E-9278-647725E00433}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{47CB65B3-C149-4966-BF44-64289EC0F8C4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{592187B8-333A-4B84-86BF-641207C3E91D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{62287C3C-54B3-438F-9CA9-EDDA07791123}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7627BE6A-8E58-4112-9AD0-F30E2F0C5D76}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{7EE17A10-C352-490F-9ACC-CBA832E5A142}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{80F569EC-A2A1-49D7-8D8C-5AFC373C2891}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8935EA50-AAE2-4D10-9532-21D7C72FC8A8}" = protocol=6 | dir=out | app=system |
"{B2AA8CC8-36A9-492C-87A4-DBB78395D02E}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{F13A98B3-3D81-4C27-88A8-C01077C7113F}" = protocol=6 | dir=out | app=system |
"{F94876B4-DFB1-46A8-9815-C741FEFBA978}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"TCP Query User{103C835A-6494-459E-B0E8-825C2440DF86}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{EA50698C-553A-4A75-8879-C5D97DA12CE3}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{F72511FC-D0CB-4EA3-8F76-66E9289E5C64}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{FFC766E4-E139-49F3-97CD-DE87EE864611}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{30BC3B96-A6EF-4884-BF55-41267001D630}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{676A47AA-8C27-4DB2-805A-00DE591E1940}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{C3B70263-8D14-4762-83B9-9EF144AC1476}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{F1EDA838-888A-4CA2-AD94-7C4EFE30A699}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1226B9A5-FBFD-4120-9AED-08CABCDAF3AB}" = Nokia Ovi Player
"{1245703E-0A41-4C00-BF3B-24273105DA32}" = Nokia PC Internet Access
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2387D970-F42D-4278-AA40-7B727F9721FC}" = Cavalaria Real das Princesas, da Disney
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{395A57A6-E0E1-C599-3A28-19A96682B4C6}" = Adobe Photoshop.com Inspiration Browser
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F651796-EC48-4A33-87D9-6866D3022052}" = Nokia Connectivity Cable Driver
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC Camera
"{A6B0E526-D1E8-11D5-AA2E-0008C760B784}" = Disney Peter Pan Aventuras na Terra do Nunca
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B72257D6-189D-4CB0-9CDC-26A93536C34B}" = Voobys
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4423F16-0E98-4855-BFF4-3EF016C55D67}" = Nokia_Multimedia_Common_Components_2_5
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = TOSHIBA Software Modem
"Autorun Eater_is1" = Autorun Eater v2.3
"avast!" = avast! Antivirus
"Clifford Pensando" = Clifford Pensando & Aprendendo
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Internet Offers from Toshiba" = Internet Offers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2007b" = Microsoft Money Essentials
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Internet Access" = Nokia PC Internet Access
"Nokia PC Suite" = Nokia PC Suite
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Rmtablet" = Pen Pad Driver with Macro Key Manager
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WT015809" = SCRABBLE
"WTA-0bfddcfa-407e-4a56-9a3e-d1fd71105d42" = Word Symphony
"WTA-0fc0b6c9-a2a9-47a3-a444-9e1503f74c34" = Concentration
"WTA-341ee816-6e48-49a6-bf1a-6f502bedd6a8" = Magic Encyclopedia - Illusions
"WTA-39a5a014-740b-4f85-b709-5b9fac666124" = Great Adventures - Lost in Mountains
"WTA-3d746fe7-f520-4941-8b39-498c7ab29bcd" = Double Play - The Family Feud Bundle
"WTA-72f7a990-99b4-47e1-ab54-c8166298906e" = Fiction Fixers Adventures in Wonderland
"WTA-85c3b241-c2fa-481f-afb5-8a3652f2b498" = Trivia Machine
"WTA-9285d7a8-9fc9-4693-9af5-309f508c1cc8" = Word Up
"WTA-95c51a9d-cf4e-4e36-8023-6a61dce7b201" = Mystery Masterpiece - The Moonstone
"WTA-a9ec5f71-55c2-44b6-aedb-858672c1f6a6" = Magic Encyclopedia - Moon Light
"WTA-b5a169ea-5912-4af5-8f96-d29979b68e0d" = My Kingdom for the Princess 2
"WTA-b68ce683-b8a2-4cce-9a75-dbd864de80f1" = Mystery P.I. - The London Caper
"WTA-dba1f752-8e52-4bcd-aa27-f95bf112f1f5" = Roads of Rome
"WTA-dc540705-5616-4bd9-a3b3-050c598409f3" = Love and Death - Bitten
"WTA-e048856a-2b36-4377-a723-d4686fdd7ba9" = Magic Encyclopedia
"WTA-fc5ebe87-71dc-43c7-98b2-30aac6be6b24" = The Wizard's Pen
"WTA-fe4dd5d8-f0f5-4521-9f62-5c8805619404" = My Kingdom for the Princess
"XP Codec Pack" = XP Codec Pack

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 7/23/2010 10:11:26 PM | Computer Name = Priscilla-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\2007-09-18 viagem ao brasil 2007 setembro\viagem ao brasil 2007 setembro 030.JPG
failed, 00000017.

Error - 7/23/2010 10:13:40 PM | Computer Name = Priscilla-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\2007-09-18 viagem ao brasil 2007 setembro\viagem ao brasil 2007 setembro 031.JPG
failed, 00000017.

Error - 7/23/2010 10:15:43 PM | Computer Name = Priscilla-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\2007-09-18 viagem ao brasil 2007 setembro\viagem ao brasil 2007 setembro 032.JPG
failed, 00000017.

Error - 7/23/2010 10:17:42 PM | Computer Name = Priscilla-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\2007-09-18 viagem ao brasil 2007 setembro\viagem ao brasil 2007 setembro 033.JPG
failed, 00000017.

Error - 7/23/2010 10:19:57 PM | Computer Name = Priscilla-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\2007-09-18 viagem ao brasil 2007 setembro\viagem ao brasil 2007 setembro 034.JPG
failed, 00000017.

Error - 8/9/2010 11:15:48 PM | Computer Name = Priscilla-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Autorun Eater\billy.exe failed, 0000000D.

Error - 8/19/2010 5:22:40 PM | Computer Name = Priscilla-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.

Error - 11/2/2010 12:34:58 PM | Computer Name = Priscilla-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\quartz.dll failed, 00000005.

Error - 12/27/2010 10:34:54 PM | Computer Name = Priscilla-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Autorun Eater\billy.exe failed, 0000000D.

Error - 12/29/2010 9:40:58 PM | Computer Name = Priscilla-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Autorun Eater\billy.exe failed, 0000000D.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
LUPRI
Active Member
 
Posts: 13
Joined: January 2nd, 2011, 12:17 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 291 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware