Jump to content


Photo
- - - - -

internet trouble


  • Please log in to reply
22 replies to this topic

#1 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 18 January 2012 - 08:38 AM

Hi guestolo!
I am using a wireless internet connection on my laptop. Today in the morning the internet was working as usual but suddenly the internet was connected but I cant access the internet through IE or even sign in to my messengers or anything. I turned the wireless router/modem on and off and then for like 5 minutes I can access the internet but after that I can't although the internet seems to be connected. I get the ieframe.dll notification on the ie tab and then it goes to "ie cannot display the web page. And I have to turn the router on and off again. But i dont think its a problem with the IE as i cant even access skype or yahoo messenger.
Also if I'm on a website like facebook or this website I can access that particular website for some minutes but not any other new ones.

Please help me!!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:07:13 AM, on 19/01/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CleanUp!\flashget.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\CleanUp!\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4128.1656\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_82E8758A37DCD509.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\CleanUp!\getflash.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\CleanUp!\FlashGet.exe" /min
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\RunOnce: [] OSK.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] OSK.exe (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\CleanUp!\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\CleanUp!\jc_link.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsec...r/cascanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll c:\progra~1\google\google~1\goec62~1.dll
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11870 bytes

#2 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,192 posts

Posted 18 January 2012 - 08:58 AM

That's not showing any problems
Try the following however, it's a bit more detailed

Download OTL.exe by OldTimer to your Desktop.
  • Right click on OTL.exe and choose to "Run as Administrator"
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#3 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 18 January 2012 - 09:44 AM

OTL.txt
OTL logfile created on: 19/01/2012 1:38:32 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\EDE\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.87 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 37.57% Memory free
3.98 Gb Paging File | 2.32 Gb Available in Paging File | 58.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.06 Gb Total Space | 173.66 Gb Free Space | 60.28% Space Free | Partition Type: NTFS

Computer Name: NONONO-PC | User Name: EDE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/19 01:33:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\EDE\Desktop\OTL.exe
PRC - [2011/10/01 14:00:40 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10v_ActiveX.exe
PRC - [2011/08/22 02:18:08 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/08/12 11:50:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2009/07/21 19:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 21:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/11 16:57:48 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
PRC - [2009/04/11 16:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/02 18:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/10 07:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/19 01:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/02 18:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008/05/09 16:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/05/08 15:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/04/29 15:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/04/25 06:33:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 23:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/17 17:51:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 17:49:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 17:49:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 17:44:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 18:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/02/06 18:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2008/01/21 12:53:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 22:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/03 22:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/22 10:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/09/25 19:59:38 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files\CleanUp!\flashget.exe
PRC - [2006/10/05 14:40:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 21:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2002/04/17 15:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 15:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/22 02:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/08/22 02:18:06 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2010/08/06 22:28:26 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2009/08/16 22:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/05/08 15:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2008/03/06 15:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/12/25 17:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 02:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2007/09/11 21:51:34 | 001,327,184 | ---- | M] () -- C:\Program Files\CleanUp!\FGEMCORE.dll
MOD - [2007/09/11 21:51:34 | 000,626,688 | ---- | M] () -- C:\Program Files\CleanUp!\FGBTCORE.dll
MOD - [2006/10/11 05:14:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/08 05:27:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2002/04/17 15:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002/04/17 15:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/08/12 11:50:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2009/07/21 19:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 21:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/28 11:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/10 07:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/19 01:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 23:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 17:49:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/02/06 18:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/21 12:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 22:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/03 22:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/22 10:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 14:40:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 21:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2010/01/06 18:41:23 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2009/12/08 19:29:43 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/11 15:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/06 12:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/03/30 15:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/18 18:27:54 | 000,029,208 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (afw)
DRV - [2009/02/13 17:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/02/10 17:12:48 | 000,307,224 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/07/18 23:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 08:59:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/04/17 15:36:14 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/04/15 12:35:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/12/17 16:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/15 05:23:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 19:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 17:41:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/21 07:41:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2004/05/12 19:46:56 | 000,542,893 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\torususb.sys -- (TaurusUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2006/09/19 08:11:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\CleanUp!\jccatch.dll (www.flashget.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4128.1656\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_82E8758A37DCD509.dll File not found
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\CleanUp!\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [Flashget] C:\Program Files\CleanUp!\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Sidebar] File not found
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\CleanUp!\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\CleanUp!\JC_LINK.HTM ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsec...r/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32675EF0-751A-4CBA-B96D-A4CFD3F78CCD}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) -c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\goec62~1.dll) -c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Users\EDE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\EDE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c99d227-445b-11df-bfcd-001e3373d174}\Shell\AutoRun\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\winoper.exe
O33 - MountPoints2\{0c99d227-445b-11df-bfcd-001e3373d174}\Shell\open\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\winoper.exe
O33 - MountPoints2\{4c585651-299a-11df-a4b5-001e3373d174}\Shell - "" = AutoRun
O33 - MountPoints2\{4c585651-299a-11df-a4b5-001e3373d174}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4c585652-299a-11df-a4b5-001e3373d174}\Shell - "" = AutoRun
O33 - MountPoints2\{4c585652-299a-11df-a4b5-001e3373d174}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{87e6fcdc-460b-11de-9563-00216b244f28}\Shell\AutoRun\command - "" = E:\uhoxajc.cmd
O33 - MountPoints2\{87e6fcdc-460b-11de-9563-00216b244f28}\Shell\open\Command - "" = E:\uhoxajc.cmd
O33 - MountPoints2\{e0c4dc41-59ad-11df-9b6e-001e3373d174}\Shell\AutoRun\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\winoper.exe
O33 - MountPoints2\{e0c4dc41-59ad-11df-9b6e-001e3373d174}\Shell\open\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\winoper.exe
O33 - MountPoints2\{e4cab234-28c7-11df-9e74-001e3373d174}\Shell - "" = AutoRun
O33 - MountPoints2\{e4cab234-28c7-11df-9e74-001e3373d174}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e4cab251-28c7-11df-9e74-001e3373d174}\Shell - "" = AutoRun
O33 - MountPoints2\{e4cab251-28c7-11df-9e74-001e3373d174}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 01:33:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\EDE\Desktop\OTL.exe
[2012/01/19 00:24:25 | 018,005,296 | ---- | C] (Microsoft Corporation) -- C:\Users\EDE\Desktop\IE9-WindowsVista-x86-enu.exe
[2012/01/19 00:07:20 | 001,413,120 | ---- | C] (Option^Explicit Software Solutions) -- C:\Users\EDE\Desktop\winsockfix.exe
[2012/01/19 00:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2012/01/19 00:02:24 | 000,000,000 | ---D | C] -- C:\rei
[2012/01/19 00:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2012/01/15 23:25:50 | 000,000,000 | ---D | C] -- C:\Users\EDE\Desktop\New Folder
[2012/01/12 08:46:05 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/12 08:46:04 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/12 08:46:02 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/12 08:45:11 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/12 08:45:11 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011/12/29 09:21:26 | 000,267,424 | ---- | C] (Reimage®) -- C:\Users\EDE\Desktop\ReimageRepair.exe
[3 C:\Users\EDE\Desktop\*.tmp files -> C:\Users\EDE\Desktop\*.tmp -> ]
[2 C:\Users\EDE\Documents\*.tmp files -> C:\Users\EDE\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/19 01:33:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\EDE\Desktop\OTL.exe
[2012/01/19 00:59:39 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{759CA514-C29C-4392-91A0-AAF799080FB5}.job
[2012/01/19 00:53:15 | 000,000,134 | ---- | M] () -- C:\Users\EDE\Desktop\Internet Explorer Troubleshooting.url
[2012/01/19 00:45:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/19 00:45:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/19 00:45:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/19 00:44:58 | 2009,071,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/19 00:25:19 | 018,005,296 | ---- | M] (Microsoft Corporation) -- C:\Users\EDE\Desktop\IE9-WindowsVista-x86-enu.exe
[2012/01/19 00:25:11 | 000,000,216 | ---- | M] () -- C:\Users\EDE\Desktop\Ieframe.dll - Res Ieframe.dll Dnserror.htm - Ieframe.dll Not Found Error - Ieframe.dll Missing.url
[2012/01/19 00:08:36 | 001,413,120 | ---- | M] (Option^Explicit Software Solutions) -- C:\Users\EDE\Desktop\winsockfix.exe
[2012/01/19 00:03:58 | 000,000,272 | ---- | M] () -- C:\Windows\reimage.ini
[2012/01/19 00:02:26 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012/01/18 23:53:25 | 000,000,231 | ---- | M] () -- C:\Users\EDE\Desktop\Connect but can not access the internet HELP [Solved] Kioskea.net (2).url
[2012/01/18 23:51:43 | 000,000,231 | ---- | M] () -- C:\Users\EDE\Desktop\Connect but can not access the internet HELP [Solved] Kioskea.net.url
[2012/01/18 20:02:03 | 000,707,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/18 20:02:03 | 000,146,386 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/11 21:44:38 | 000,000,192 | ---- | M] () -- C:\Users\EDE\Desktop\YouTube to mp3 Converter.url
[2012/01/09 16:38:59 | 000,105,522 | ---- | M] () -- C:\Users\EDE\Desktop\照片n.jpg
[2011/12/29 09:21:26 | 000,267,424 | ---- | M] (Reimage®) -- C:\Users\EDE\Desktop\ReimageRepair.exe
[3 C:\Users\EDE\Desktop\*.tmp files -> C:\Users\EDE\Desktop\*.tmp -> ]
[2 C:\Users\EDE\Documents\*.tmp files -> C:\Users\EDE\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/19 00:55:16 | 000,000,424 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{759CA514-C29C-4392-91A0-AAF799080FB5}.job
[2012/01/19 00:53:13 | 000,000,134 | ---- | C] () -- C:\Users\EDE\Desktop\Internet Explorer Troubleshooting.url
[2012/01/19 00:25:10 | 000,000,216 | ---- | C] () -- C:\Users\EDE\Desktop\Ieframe.dll - Res Ieframe.dll Dnserror.htm - Ieframe.dll Not Found Error - Ieframe.dll Missing.url
[2012/01/19 00:03:14 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2012/01/19 00:02:26 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012/01/18 23:53:23 | 000,000,231 | ---- | C] () -- C:\Users\EDE\Desktop\Connect but can not access the internet HELP [Solved] Kioskea.net (2).url
[2012/01/18 23:51:43 | 000,000,231 | ---- | C] () -- C:\Users\EDE\Desktop\Connect but can not access the internet HELP [Solved] Kioskea.net.url
[2012/01/11 21:44:38 | 000,000,192 | ---- | C] () -- C:\Users\EDE\Desktop\YouTube to mp3 Converter.url
[2012/01/09 16:38:59 | 000,105,522 | ---- | C] () -- C:\Users\EDE\Desktop\照片n.jpg
[2010/04/04 11:27:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2010/04/04 11:27:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2010/04/04 11:27:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2010/04/04 11:27:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2010/04/04 11:27:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2010/04/04 11:27:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2010/04/04 11:22:07 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/04/04 11:22:07 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009/09/24 19:30:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/24 19:30:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 16:32:29 | 000,000,235 | ---- | C] () -- C:\Users\EDE\AppData\Roaming\devices.xml
[2009/09/16 16:32:29 | 000,000,012 | ---- | C] () -- C:\Users\EDE\AppData\Roaming\settings.xml
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/08 15:13:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/07 17:22:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/16 17:36:15 | 000,542,893 | ---- | C] () -- C:\Windows\System32\drivers\torususb.sys
[2009/06/16 17:36:15 | 000,036,864 | ---- | C] () -- C:\Windows\System32\stmclean.exe
[2009/04/19 19:25:03 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2009/04/19 19:21:59 | 000,128,512 | ---- | C] () -- C:\Users\EDE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/19 18:51:19 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/04/19 18:51:19 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/04/19 18:51:19 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/04/19 18:51:19 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/04/19 18:51:19 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/04/19 18:51:19 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/04/19 18:37:22 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/04/19 18:37:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/04/19 18:37:22 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/04/19 18:37:22 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009/04/19 18:35:05 | 000,000,680 | ---- | C] () -- C:\Users\EDE\AppData\Local\d3d9caps.dat
[2009/01/05 16:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/07/12 06:02:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/07/12 05:55:51 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/07/12 05:55:51 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/07/12 05:55:42 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/07/12 05:55:38 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/07/12 05:21:37 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/04/24 23:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 23:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 23:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 23:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 23:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 23:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2006/11/02 23:27:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 23:17:37 | 000,411,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 23:05:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 21:03:01 | 000,707,222 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 21:03:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 21:03:01 | 000,146,386 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 21:03:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:53:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 19:28:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 19:05:20 | 000,028,672 | ---- | C] () -- C:\Windows\System32\perfos.dll
[2006/11/02 18:49:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 18:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:55:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Extras.txt
OTL Extras logfile created on: 19/01/2012 1:38:32 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\EDE\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.87 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 37.57% Memory free
3.98 Gb Paging File | 2.32 Gb Available in Paging File | 58.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.06 Gb Total Space | 173.66 Gb Free Space | 60.28% Space Free | Partition Type: NTFS

Computer Name: NONONO-PC | User Name: EDE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{BBE2158E-4776-4FC8-9D21-9EA04BA735D6}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{E2890BC1-3973-4A35-9196-F34CC73F1583}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D0822EC-391F-4D67-A59A-F6EC1087C732}" = Seven Kingdoms Conquest
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = 3 Mobile Broadband
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{6F7ECD56-E224-4263-9B7E-158E5CECC43B}" = HP Photo and Imaging 2.1 - Scanjet 2400 Series
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BEE759C3-D111-470C-B815-36B647FA9EED}_is1" = Surprise Party v1.0
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE48D800-A3B5-43E3-B846-1CC556B8170D}" = SPSS 15.0 for Windows Evaluation Version
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agnitum Outpost Firewall_is1" = Outpost Firewall 2009
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Binverse_is1" = Binverse
"BLOX Forever Free Trial" = BLOX Forever Free Trial
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CleanUp!" = CleanUp!
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashGet" = FlashGet 1.9.6.1073
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"PROHYBRIDR" = 2007 Microsoft Office system
"Reimage Repair" = Reimage Repair
"SpywareBlaster_is1" = SpywareBlaster 4.3
"StmAdsl" = Prolink H8600 ADSL Modem
"Sveerz" = Sveerz
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo!7 Messenger" = Yahoo!7 Messenger
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/01/2012 9:04:46 PM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 17/01/2012 8:12:11 PM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/01/2012 5:11:06 AM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/01/2012 5:56:49 AM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/01/2012 6:02:06 AM | Computer Name = NoNoNo-PC | Source = System Restore | ID = 8209
Description =

Error - 18/01/2012 9:12:44 AM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/01/2012 9:19:39 AM | Computer Name = NoNoNo-PC | Source = System Restore | ID = 8209
Description =

Error - 18/01/2012 9:44:03 AM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/01/2012 10:16:13 AM | Computer Name = NoNoNo-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/01/2012 11:08:19 AM | Computer Name = NoNoNo-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.31.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 10c8 Start Time: 01ccd5f2655edf1e Termination Time: 15

[ OSession Events ]
Error - 24/02/2010 4:01:53 AM | Computer Name = NoNoNo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2942
seconds with 2040 seconds of active time. This session ended with a crash.

Error - 12/04/2010 4:57:12 AM | Computer Name = NoNoNo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 62
seconds with 60 seconds of active time. This session ended with a crash.

Error - 5/07/2011 8:53:12 AM | Computer Name = NoNoNo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11224
seconds with 4440 seconds of active time. This session ended with a crash.

Error - 24/08/2011 6:41:49 PM | Computer Name = NoNoNo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1039
seconds with 180 seconds of active time. This session ended with a crash.

Error - 24/09/2011 10:42:05 AM | Computer Name = NoNoNo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11165
seconds with 3300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 18/01/2012 10:22:54 AM | Computer Name = NoNoNo-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 18/01/2012 10:22:54 AM | Computer Name = NoNoNo-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 18/01/2012 10:23:04 AM | Computer Name = NoNoNo-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 18/01/2012 10:23:05 AM | Computer Name = NoNoNo-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 18/01/2012 10:23:05 AM | Computer Name = NoNoNo-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 18/01/2012 10:23:06 AM | Computer Name = NoNoNo-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 18/01/2012 10:23:06 AM | Computer Name = NoNoNo-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 18/01/2012 10:23:06 AM | Computer Name = NoNoNo-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 18/01/2012 10:28:28 AM | Computer Name = NoNoNo-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 00216B244F28 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 18/01/2012 11:02:13 AM | Computer Name = NoNoNo-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 00216B244F28 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

#4 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,192 posts

Posted 18 January 2012 - 10:10 AM

Can you do the following please
Download ComboFix from the following location

Link 1
Save it ONLY to your Desktop

--------------------------------------------------------------------
Temporarily Disable your AntiVirus/AntiSpyware/Firewall protections, usually via a right click on the System Tray icon. They may otherwise interfere with this tool


  • Double click on ComboFix.exe & follow the prompts.




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#5 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 18 January 2012 - 04:22 PM

ComboFix 12-01-18.04 - EDE 19/01/2012 8:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.1915.929 [GMT 10.5:30]
Running from: c:\users\EDE\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
c:\users\EDE\Documents\~WRL0003.tmp
c:\users\EDE\Documents\~WRL0004.tmp
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2011-12-18 to 2012-01-18 )))))))))))))))))))))))))))))))
.
.
2012-01-18 22:09 . 2012-01-18 22:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-18 19:40 . 2012-01-18 19:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2E734AA-A0A9-4472-A3F2-51EF39E461EC}\offreg.dll
2012-01-18 13:33 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2E734AA-A0A9-4472-A3F2-51EF39E461EC}\mpengine.dll
2012-01-18 13:32 . 2012-01-18 13:33 -------- d-----w- C:\rei
2012-01-18 13:32 . 2012-01-18 13:32 -------- d-----w- c:\program files\Reimage
2012-01-16 21:54 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-16 21:54 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-16 21:54 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-16 21:54 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-16 21:54 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-16 21:54 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-11 22:17 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 22:16 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 22:16 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 22:16 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 22:16 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 22:16 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 22:15 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 22:15 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:37 . 2011-12-15 07:31 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42 . 2011-12-15 07:31 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-27 08:01 . 2011-12-15 07:31 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01 . 2011-12-15 07:31 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56 . 2011-12-15 07:31 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-21 6276408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-12 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NDSTray.exe"="NDSTray.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-06 30192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-04-19 282624]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Flashget"="c:\program files\CleanUp!\FlashGet.exe" [2007-09-25 2007088]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009-04-28 1195008]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-18 c:\windows\Tasks\User_Feed_Synchronization-{759CA514-C29C-4392-91A0-AAF799080FB5}.job
- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Download All with FlashGet - c:\program files\CleanUp!\jc_all.htm
IE: &Download with FlashGet - c:\program files\CleanUp!\jc_link.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Sidebar - (no file)
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
AddRemove-FruitSmash - c:\program files\Electrotank\Fruit Smash\uninstall.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_56058B6BC444B348.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-19 08:39
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????v??Miz????>???>???>? >?H
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2385192607-1303760179-2482536860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4*‡e,g]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2385192607-1303760179-2482536860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4*‡e,g\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-19 08:45:06
ComboFix-quarantined-files.txt 2012-01-18 22:15
.
Pre-Run: 185,930,469,376 bytes free
Post-Run: 185,952,399,360 bytes free
.
- - End Of File - - 67ED23B70067F140498A24E8C41E7641

#6 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,192 posts

Posted 18 January 2012 - 04:53 PM

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, you will be prompted to Decline or use Trial version>>>Select DECLINE
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

With that log
Can you again, right click OTL.exe and choose to "Run as Admin"
Run a fresh scan, this time only one log will open
Post back it's contents please

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#7 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 19 January 2012 - 09:14 PM

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.19.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19088
EDE :: NONONO-PC [administrator]

20/01/2012 1:27:14 PM
mbam-log-2012-01-20 (13-27-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 184511
Time elapsed: 16 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,192 posts

Posted 19 January 2012 - 09:46 PM

Thanks for the log from MBAM
How are things running now?

Can you still do the following I asked earlier

Can you again, right click OTL.exe and choose to "Run as Admin"
Run a fresh scan, this time only one log will open
Post back it's contents please


Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#9 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 19 January 2012 - 09:55 PM

Thanks for the log from MBAM
How are things running now?

Can you still do the following I asked earlier


Things seem to be running smoothly now but in the morning today, (now its the afternoon)I had to restart the wireless modem. When I'm on yahoo messenger I can keep using it, or if Im on a web page I can use it but cant use new ones. At the moment its running well. Might change at night! Fingers crossed!!

I was in the process of running the OTL scan when I posted the earlier post :D And Here u go:
OTL logfile created on: 20/01/2012 1:48:59 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\EDE\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.87 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 35.19% Memory free
3.98 Gb Paging File | 2.39 Gb Available in Paging File | 60.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.06 Gb Total Space | 172.93 Gb Free Space | 60.03% Space Free | Partition Type: NTFS

Computer Name: NONONO-PC | User Name: EDE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/19 01:33:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\EDE\Desktop\OTL.exe
PRC - [2011/10/01 14:00:40 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10v_ActiveX.exe
PRC - [2011/08/22 02:18:08 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/08/12 11:50:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2009/07/21 19:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 21:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/11 16:57:48 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
PRC - [2009/04/11 16:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/02 18:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/10 07:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/19 01:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/02 18:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008/05/09 16:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/05/08 15:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/04/29 15:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/04/25 06:33:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 23:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/17 17:51:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 17:49:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 17:49:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 17:44:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 18:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/02/06 18:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2008/01/11 22:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/03 22:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/22 10:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/09/25 19:59:38 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files\CleanUp!\flashget.exe
PRC - [2006/10/05 14:40:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 21:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2002/04/17 15:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 15:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/22 02:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/08/22 02:18:06 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2010/08/06 22:28:26 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2009/08/16 22:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/05/08 15:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2008/03/06 15:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/12/25 17:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 02:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2007/09/11 21:51:34 | 001,327,184 | ---- | M] () -- C:\Program Files\CleanUp!\FGEMCORE.dll
MOD - [2007/09/11 21:51:34 | 000,626,688 | ---- | M] () -- C:\Program Files\CleanUp!\FGBTCORE.dll
MOD - [2006/11/02 20:16:12 | 000,028,672 | ---- | M] () -- C:\Windows\System32\perfos.dll
MOD - [2006/10/11 05:14:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/08 05:27:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2002/04/17 15:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002/04/17 15:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/08/12 11:50:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2009/07/21 19:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 21:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/28 11:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/10 07:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/19 01:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 23:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 17:49:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/02/06 18:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/21 12:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 22:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/03 22:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/22 10:53:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 14:40:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 21:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2010/01/06 18:41:23 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2009/12/08 19:29:43 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/11 15:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/06 12:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/03/30 15:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/18 18:27:54 | 000,029,208 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (afw)
DRV - [2009/02/13 17:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/02/10 17:12:48 | 000,307,224 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/07/18 23:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 08:59:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/04/17 15:36:14 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/04/15 12:35:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/12/17 16:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/15 05:23:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 19:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 17:41:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/21 07:41:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2004/05/12 19:46:56 | 000,542,893 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\torususb.sys -- (TaurusUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/01/19 08:39:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\CleanUp!\jccatch.dll (www.flashget.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4128.1656\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_82E8758A37DCD509.dll File not found
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\CleanUp!\getflash.dll (www.flashget.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Flashget] C:\Program Files\CleanUp!\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\CleanUp!\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\CleanUp!\JC_LINK.HTM ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\CleanUp!\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsec...r/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32675EF0-751A-4CBA-B96D-A4CFD3F78CCD}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll) -c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) -c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Users\EDE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\EDE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 23:50:47 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\EDE\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/19 16:26:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/19 08:45:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/19 08:18:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/19 08:17:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/19 08:17:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/19 08:17:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/19 08:17:24 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/19 08:17:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/19 08:10:09 | 004,387,138 | R--- | C] (Swearware) -- C:\Users\EDE\Desktop\ComboFix.exe
[2012/01/19 01:33:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\EDE\Desktop\OTL.exe
[2012/01/19 00:24:25 | 018,005,296 | ---- | C] (Microsoft Corporation) -- C:\Users\EDE\Desktop\IE9-WindowsVista-x86-enu.exe
[2012/01/19 00:07:20 | 001,413,120 | ---- | C] (Option^Explicit Software Solutions) -- C:\Users\EDE\Desktop\winsockfix.exe
[2012/01/19 00:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2012/01/19 00:02:24 | 000,000,000 | ---D | C] -- C:\rei
[2012/01/19 00:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2012/01/15 23:25:50 | 000,000,000 | ---D | C] -- C:\Users\EDE\Desktop\New Folder
[2012/01/12 08:46:05 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/12 08:46:04 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/12 08:46:02 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/12 08:45:11 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/12 08:45:11 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011/12/29 09:21:26 | 000,267,424 | ---- | C] (Reimage®) -- C:\Users\EDE\Desktop\ReimageRepair.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/20 13:57:59 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{759CA514-C29C-4392-91A0-AAF799080FB5}.job
[2012/01/20 13:23:15 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/20 13:06:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/20 13:06:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/20 13:06:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/20 13:06:00 | 2006,994,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/19 23:50:47 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\EDE\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/19 08:52:30 | 000,000,217 | ---- | M] () -- C:\Users\EDE\Desktop\internet trouble - TheTechGuide Forum.url
[2012/01/19 08:39:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/19 08:10:45 | 004,387,138 | R--- | M] (Swearware) -- C:\Users\EDE\Desktop\ComboFix.exe
[2012/01/19 07:29:04 | 000,707,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/19 07:29:04 | 000,146,386 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/19 01:33:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\EDE\Desktop\OTL.exe
[2012/01/19 00:53:15 | 000,000,134 | ---- | M] () -- C:\Users\EDE\Desktop\Internet Explorer Troubleshooting.url
[2012/01/19 00:25:19 | 018,005,296 | ---- | M] (Microsoft Corporation) -- C:\Users\EDE\Desktop\IE9-WindowsVista-x86-enu.exe
[2012/01/19 00:25:11 | 000,000,216 | ---- | M] () -- C:\Users\EDE\Desktop\Ieframe.dll - Res Ieframe.dll Dnserror.htm - Ieframe.dll Not Found Error - Ieframe.dll Missing.url
[2012/01/19 00:08:36 | 001,413,120 | ---- | M] (Option^Explicit Software Solutions) -- C:\Users\EDE\Desktop\winsockfix.exe
[2012/01/19 00:03:58 | 000,000,272 | ---- | M] () -- C:\Windows\reimage.ini
[2012/01/19 00:02:26 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012/01/18 23:53:25 | 000,000,231 | ---- | M] () -- C:\Users\EDE\Desktop\Connect but can not access the internet HELP [Solved] Kioskea.net (2).url
[2012/01/18 23:51:43 | 000,000,231 | ---- | M] () -- C:\Users\EDE\Desktop\Connect but can not access the internet HELP [Solved] Kioskea.net.url
[2012/01/18 11:20:13 | 000,000,183 | ---- | M] () -- C:\Users\EDE\Desktop\Yahoo!7 Registration Confirmation.url
[2012/01/11 21:44:38 | 000,000,192 | ---- | M] () -- C:\Users\EDE\Desktop\YouTube to mp3 Converter.url
[2012/01/09 16:38:59 | 000,105,522 | ---- | M] () -- C:\Users\EDE\Desktop\照片n.jpg
[2011/12/29 09:21:26 | 000,267,424 | ---- | M] (Reimage®) -- C:\Users\EDE\Desktop\ReimageRepair.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/20 01:23:25 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/19 08:18:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/19 08:17:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/19 08:17:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/19 08:17:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/19 08:17:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/19 02:20:08 | 000,000,217 | ---- | C] () -- C:\Users\EDE\Desktop\internet trouble - TheTechGuide Forum.url
[2012/01/19 00:55:16 | 000,000,424 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{759CA514-C29C-4392-91A0-AAF799080FB5}.job
[2012/01/19 00:53:13 | 000,000,134 | ---- | C] () -- C:\Users\EDE\Desktop\Internet Explorer Troubleshooting.url
[2012/01/19 00:25:10 | 000,000,216 | ---- | C] () -- C:\Users\EDE\Desktop\Ieframe.dll - Res Ieframe.dll Dnserror.htm - Ieframe.dll Not Found Error - Ieframe.dll Missing.url
[2012/01/19 00:03:14 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2012/01/19 00:02:26 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012/01/18 23:53:23 | 000,000,231 | ---- | C] () -- C:\Users\EDE\Desktop\Connect but can not access the internet HELP [Solved] Kioskea.net (2).url
[2012/01/18 23:51:43 | 000,000,231 | ---- | C] () -- C:\Users\EDE\Desktop\Connect but can not access the internet HELP [Solved] Kioskea.net.url
[2012/01/18 11:20:12 | 000,000,183 | ---- | C] () -- C:\Users\EDE\Desktop\Yahoo!7 Registration Confirmation.url
[2012/01/11 21:44:38 | 000,000,192 | ---- | C] () -- C:\Users\EDE\Desktop\YouTube to mp3 Converter.url
[2012/01/09 16:38:59 | 000,105,522 | ---- | C] () -- C:\Users\EDE\Desktop\照片n.jpg
[2010/04/04 11:27:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2010/04/04 11:27:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2010/04/04 11:27:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2010/04/04 11:27:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2010/04/04 11:27:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2010/04/04 11:27:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2010/04/04 11:22:07 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/04/04 11:22:07 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009/09/24 19:30:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/24 19:30:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 16:32:29 | 000,000,235 | ---- | C] () -- C:\Users\EDE\AppData\Roaming\devices.xml
[2009/09/16 16:32:29 | 000,000,012 | ---- | C] () -- C:\Users\EDE\AppData\Roaming\settings.xml
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/08 15:13:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/07 17:22:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/16 17:36:15 | 000,542,893 | ---- | C] () -- C:\Windows\System32\drivers\torususb.sys
[2009/06/16 17:36:15 | 000,036,864 | ---- | C] () -- C:\Windows\System32\stmclean.exe
[2009/04/19 19:25:03 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2009/04/19 19:21:59 | 000,128,512 | ---- | C] () -- C:\Users\EDE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/19 18:51:19 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/04/19 18:51:19 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/04/19 18:51:19 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/04/19 18:51:19 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/04/19 18:51:19 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/04/19 18:51:19 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/04/19 18:37:22 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/04/19 18:37:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/04/19 18:37:22 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/04/19 18:37:22 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009/04/19 18:35:05 | 000,000,680 | ---- | C] () -- C:\Users\EDE\AppData\Local\d3d9caps.dat
[2009/01/05 16:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/07/12 06:02:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/07/12 05:55:51 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/07/12 05:55:51 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/07/12 05:55:42 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/07/12 05:55:38 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/07/12 05:21:37 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/04/24 23:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 23:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 23:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 23:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 23:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 23:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2006/11/02 23:27:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 23:17:37 | 000,411,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 23:05:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 21:03:01 | 000,707,222 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 21:03:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 21:03:01 | 000,146,386 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 21:03:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:53:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 19:28:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 19:05:20 | 000,028,672 | ---- | C] () -- C:\Windows\System32\perfos.dll
[2006/11/02 18:49:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 18:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:55:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#10 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,192 posts

Posted 19 January 2012 - 10:00 PM

In your earlier OTL log, I seen some 033 entries that possibly pointed towards an
Autorun infection
Your thumbdrives or external harddrives may be infected

What drive letters represent your E: and F: drives?

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#11 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 19 January 2012 - 10:10 PM

In your earlier OTL log, I seen some 033 entries that possibly pointed towards an
Autorun infection
Your thumbdrives or external harddrives may be infected

What drive letters represent your E: and F: drives?



Ohh i see!! ur a genious guestolo!!! :D that makes sense since i dont have any connected at the moment but in the morning there might have been.

F drive is where the camera memory card goes in
E drive is the usb slot

#12 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,192 posts

Posted 19 January 2012 - 10:34 PM

Download Flash_Disinfector.exe and Save it to your Desktop.
  • Close any open browsers.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone.
  • Please do so and allow the utility to clean up all those drives.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

Scan the contents of those drives with your AV

Keep me informed how things are running please

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#13 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 20 January 2012 - 05:36 AM

I havent run the flash disinfecting tool yet but after I was connected to the internet for around 1 hour I wasnt able to access the internet again and had to restart the modem. The only things I had going on at that time was my windows media player, yahoo messenger and skype. But I was only using the windows media player. I didnt have any external drives connected to the laptop this time around. I will run the tool now.

Edit: I cant get the flash disinfectant to run? double cliecked it, redownloaded it but nothings happening?


Guestolo, something that worked for me meanwhile was using windows cleanup then restarting the laptop and the wirelss and not using windows media player. I wonder whether the problem has anything to do with either the windows media player or the mp3 files I play? I've used windows cleanup before when this happened previously but the problem continued to happen probably since I use windows media player alot. But this time since I didnt use windows media player the problem hasnt appeared for now.

#14 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 20 January 2012 - 06:53 AM

Nope its not the Windows media player! After like 4 hours it happened again.

#15 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,192 posts

Posted 20 January 2012 - 07:44 AM

Did you scan those external drives with your AntiVirus?

I'm assuming that Flash_Disinfector is not running because of interference from
Avira or Outpost
One, or both is flagging it as malware, but the tool is ok

Is it possible to temporarily disable your protections from both your AV and Firewall
and then try redownloading Flash_Disinfector and run it again

What versions of both AntiVir and Outpost are you running?

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#16 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 20 January 2012 - 07:39 PM

I scanned my laptop using Avira, malwarebites and spybot. Only avira found some viruses. The following is that log. I scanned theexternal drives and no viruses were ditected. Avira version 9.0.0.429. Outpost version 2009 ver. 6.5.1 (2725.381.0687). I disabled both av and outpost but I still cant get the flash disinfector to run.


Avira AntiVir Personal
Report file date: Saturday, 21 January 2012 04:17

Scanning for 3174701 virus strains and unwanted programs.

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : NONONO-PC

Version information:
BUILD.DAT : 9.0.0.429 21701 Bytes 6/10/2010 10:04:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 21/11/2009 09:32:00
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 06:28:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 07:05:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 06:28:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 09:31:59
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 02:43:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 10:21:18
VBASE003.VDF : 7.11.19.171 2048 Bytes 20/12/2011 10:21:18
VBASE004.VDF : 7.11.19.172 2048 Bytes 20/12/2011 10:21:19
VBASE005.VDF : 7.11.19.173 2048 Bytes 20/12/2011 10:21:19
VBASE006.VDF : 7.11.19.174 2048 Bytes 20/12/2011 10:21:20
VBASE007.VDF : 7.11.19.175 2048 Bytes 20/12/2011 10:21:20
VBASE008.VDF : 7.11.19.176 2048 Bytes 20/12/2011 10:21:21
VBASE009.VDF : 7.11.19.177 2048 Bytes 20/12/2011 10:21:21
VBASE010.VDF : 7.11.19.178 2048 Bytes 20/12/2011 10:21:21
VBASE011.VDF : 7.11.19.179 2048 Bytes 20/12/2011 10:21:22
VBASE012.VDF : 7.11.19.180 2048 Bytes 20/12/2011 10:21:22
VBASE013.VDF : 7.11.19.217 182784 Bytes 22/12/2011 10:29:05
VBASE014.VDF : 7.11.19.255 148480 Bytes 24/12/2011 13:32:13
VBASE015.VDF : 7.11.20.29 164352 Bytes 27/12/2011 04:19:59
VBASE016.VDF : 7.11.20.70 180224 Bytes 29/12/2011 04:25:02
VBASE017.VDF : 7.11.20.102 240640 Bytes 2/01/2012 05:07:05
VBASE018.VDF : 7.11.20.139 164864 Bytes 4/01/2012 07:05:59
VBASE019.VDF : 7.11.20.178 167424 Bytes 6/01/2012 07:08:08
VBASE020.VDF : 7.11.20.207 230400 Bytes 10/01/2012 09:02:41
VBASE021.VDF : 7.11.20.236 150528 Bytes 11/01/2012 09:02:37
VBASE022.VDF : 7.11.21.13 135168 Bytes 13/01/2012 10:58:04
VBASE023.VDF : 7.11.21.40 163840 Bytes 16/01/2012 12:47:29
VBASE024.VDF : 7.11.21.65 1001472 Bytes 17/01/2012 12:51:10
VBASE025.VDF : 7.11.21.66 2048 Bytes 17/01/2012 12:51:12
VBASE026.VDF : 7.11.21.67 2048 Bytes 17/01/2012 12:51:14
VBASE027.VDF : 7.11.21.68 2048 Bytes 17/01/2012 12:51:17
VBASE028.VDF : 7.11.21.69 2048 Bytes 17/01/2012 12:51:17
VBASE029.VDF : 7.11.21.70 2048 Bytes 17/01/2012 12:51:17
VBASE030.VDF : 7.11.21.71 2048 Bytes 17/01/2012 12:51:18
VBASE031.VDF : 7.11.21.95 233472 Bytes 19/01/2012 12:54:45
Engineversion : 8.2.8.28
AEVDF.DLL : 8.1.2.2 106868 Bytes 26/10/2011 12:24:06
AESCRIPT.DLL : 8.1.3.97 426363 Bytes 14/01/2012 10:59:23
AESCN.DLL : 8.1.7.2 127349 Bytes 22/11/2010 21:43:03
AESBX.DLL : 8.2.4.5 434549 Bytes 2/12/2011 23:09:58
AERDL.DLL : 8.1.9.15 639348 Bytes 9/09/2011 22:34:20
AEPACK.DLL : 8.2.16.1 799094 Bytes 18/01/2012 12:52:16
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 30/12/2011 04:27:39
AEHEUR.DLL : 8.1.3.18 4297079 Bytes 14/01/2012 10:59:16
AEHELP.DLL : 8.1.18.0 254327 Bytes 26/10/2011 12:22:43
AEGEN.DLL : 8.1.5.17 405877 Bytes 9/12/2011 13:19:56
AEEMU.DLL : 8.1.3.0 393589 Bytes 22/11/2010 21:42:43
AECORE.DLL : 8.1.24.3 201079 Bytes 29/12/2011 04:19:45
AEBB.DLL : 8.1.1.0 53618 Bytes 24/04/2010 07:50:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 04:17:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 10/09/2009 11:57:58
AVREP.DLL : 10.0.0.9 174120 Bytes 5/03/2011 13:05:43
AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 06:02:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 10:35:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 06:07:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 10:33:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/02/2009 03:51:33
NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 06:02:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 11:09:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 21/11/2009 09:31:57

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +SPR,

Start of the scan: Saturday, 21 January 2012 04:17

Starting search for hidden objects.
'132614' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned
Scan process 'CFSwMgr.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'igfxext.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'CEC_MAIN.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned
Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned
Scan process 'op_mon.exe' - '0' Module(s) have been scanned
Scan process 'flashget.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'traybar.exe' - '1' Module(s) have been scanned
Scan process 'TCrdMain.exe' - '1' Module(s) have been scanned
Scan process 'SmoothView.exe' - '1' Module(s) have been scanned
Scan process 'TPwrMain.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'NDSTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'osk.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SmartFaceVWatchSrv.exe' - '1' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'TosIPCSrv.exe' - '1' Module(s) have been scanned
Scan process 'TosCoSrv.exe' - '1' Module(s) have been scanned
Scan process 'TODDSrv.exe' - '1' Module(s) have been scanned
Scan process 'TNaviSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'BcmSqlStartupSvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '0' Module(s) have been scanned
Scan process 'SASCORE.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
79 processes with 79 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '51' files ).


Starting the file scan:

Begin scan in 'C:\' <S3A6609D003>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Users\EDE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\42cc9baf-7f72fa93
[0] Archive type: ZIP
--> vload.class
[DETECTION] Contains recognition pattern of the JAVA/Stutter.U Java virus
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/Stutter.K Java virus
C:\Users\EDE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\c6bd976-2c45b397
[0] Archive type: ZIP
--> pap.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.JJ Java virus
C:\Users\EDE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\ef1d97e-7aa9540a
[0] Archive type: ZIP
--> lort/border.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BN exploit
--> lort/cooter.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
--> menu/edit.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BL exploit
--> menu/file.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.BW exploit
--> menu/help.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.U exploit

Beginning disinfection:
C:\Users\EDE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\42cc9baf-7f72fa93
[NOTE] The file was moved to '4f7ce375.qua'!
C:\Users\EDE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\c6bd976-2c45b397
[NOTE] The file was moved to '4f7be379.qua'!
C:\Users\EDE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\ef1d97e-7aa9540a
[NOTE] The file was moved to '4f4ae3a9.qua'!


End of the scan: Saturday, 21 January 2012 08:27
Used time: 2:31:21 Hour(s)

The scan has been done completely.

26085 Scanned directories
523145 Files were scanned
8 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
523135 Files not concerned
3734 Archives were scanned
2 Warnings
5 Notes
132614 Objects were scanned with rootkit scan
0 Hidden objects were found

#17 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,192 posts

Posted 20 January 2012 - 08:09 PM

How are things now running?
Did you disable both Avira and outpost before redownloading Flash_Disinfector?

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#18 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 20 January 2012 - 08:12 PM

How are things now running?
Did you disable both Avira and outpost before redownloading Flash_Disinfector?


Yes, disabled both. At the momentthe internet is accessible but last night it wasnt after like 4 to 5 hours after being able to

#19 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,192 posts

Posted 20 January 2012 - 08:16 PM

Which wireless router do you have?
Are you right up to date on it's firmware?
Is it a seperate router/modem?

Is it always the same time of day that the wireless is inaccessible?
You could try rebooting in safe mode with networking during the troubled times, can you connect and stay connected?

Do you want to post your own HijackThis log?
Follow the instructions posted Here

Not required, but if you would like to donate to help my fight against malware
Click Here


#20 wormit

wormit

    Enthusiast

  • Members
  • PipPipPipPip
  • 138 posts

Posted 20 January 2012 - 08:23 PM

Which wireless router do you have?
Are you right up to date on it's firmware?
Is it a seperate router/modem?

Is it always the same time of day that the wireless is inaccessible?
You could try rebooting in safe mode with networking during the troubled times, can you connect and stay connected?


i think its a adsl wireless
Im not sure about it being upto date though.Sorry, its not mine so I'm not quite sure.
Yes seperate one that connects to the phone line i think.

I guess it goes off at different times and I have to use cleanup, reboot and restart the wireless after which im able to stay connected for some hours.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users