Jump to content


Photo

Wells Fargo Phishing Pop-Up


  • Please log in to reply
9 replies to this topic

#1 smurf_inferno

smurf_inferno

    Active Member

  • Active Members
  • 42 posts

Posted 02 December 2011 - 06:35 AM

I logged into my Wells Fargo online banking accounts yesterday and got a pop-up that said "In order to provide you with extra security, we occasionally need to ask for additional information when you access your accounts online." It would not let me past without filling in info, which I did not want to do. Ticked off, I called Wells Fargo, where I was told that it wasn't theirs and that I'd "been hacked." The pop-up only occurs on the Wells Fargo site and it only occurs after the log-in page. I tried logging through both Firefox (8.0) and Internet Explorer (8.0). Same pop-up. I ran my system's Panda Endpoint Protection scan. The pop-up persists.

Any ideas?

Ran Malwarebytes' Anti-Malware, TFC, OTL, and Security Check. Logs below.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8285

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/1/2011 9:14:44 AM
mbam-log-2011-12-01 (09-14-44).txt

Scan type: Quick scan
Objects scanned: 207787
Time elapsed: 7 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 12/1/2011 11:51:33 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\rfindlay\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 57.66% Memory free
3.81 Gb Paging File | 2.85 Gb Available in Paging File | 74.78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 132.43 Gb Total Space | 66.61 Gb Free Space | 50.30% Space Free | Partition Type: NTFS

Computer Name: M700-09-205 | User Name: rfindlay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/01 23:50:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rfindlay\Desktop\OTL.exe
PRC - [2011/06/27 09:33:38 | 000,140,544 | ---- | M] (Panda Security) -- C:\Program Files\Panda Security\WaAgent\Scheduler\PavSched.exe
PRC - [2011/06/10 11:22:06 | 000,314,696 | ---- | M] (Panda Security) -- C:\Program Files\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
PRC - [2011/05/31 11:11:50 | 000,206,664 | ---- | M] (Panda Security) -- C:\Program Files\Panda Security\WaAgent\WasWD\WasWD.exe
PRC - [2011/05/31 11:09:52 | 000,322,376 | ---- | M] (Panda Security) -- C:\Program Files\Panda Security\WaAgent\WasAgent\WasAgent.exe
PRC - [2011/05/17 15:05:34 | 000,342,344 | ---- | M] (Panda Security) -- C:\Program Files\Panda Security\WAC\PsCtrlS.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/09/22 17:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/09/21 17:06:48 | 000,140,096 | ---- | M] (Panda Security) -- C:\Program Files\Panda Security\WAC\PsCtrlC.exe
PRC - [2010/08/16 13:32:48 | 000,027,968 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\WAC\psksvc.exe
PRC - [2010/07/27 11:24:34 | 000,087,360 | ---- | M] (Panda Security International) -- C:\Program Files\Panda Security\WAC\WEBPROXY.EXE
PRC - [2010/07/14 18:42:28 | 000,313,152 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\WAC\pavsrvx86.exe
PRC - [2010/06/25 11:36:28 | 000,107,328 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Security\WAC\PSIMSVC.EXE
PRC - [2010/05/28 11:42:34 | 000,225,088 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\WAC\avengine.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/12 18:23:02 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TTPDSRV.exe
PRC - [2007/11/01 15:11:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSODDCtl.exe
PRC - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/10/12 14:10:48 | 000,806,912 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
PRC - [2007/10/08 15:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/10/08 15:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/10/08 15:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/09/29 17:33:48 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2007/09/27 15:15:14 | 000,095,528 | ---- | M] () -- C:\WINDOWS\system32\WacomTouchService.exe
PRC - [2007/09/27 15:12:52 | 000,107,816 | ---- | M] () -- C:\WINDOWS\system32\WTouchUser.exe
PRC - [2007/09/07 17:11:28 | 000,531,072 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2007/08/28 17:09:56 | 001,464,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2007/08/28 17:09:52 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/08/28 17:09:46 | 000,121,368 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2007/08/22 19:26:00 | 000,258,048 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2007/07/19 17:27:18 | 004,765,184 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2007/05/22 11:50:02 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/04/13 20:16:16 | 000,311,296 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2007/04/09 20:07:02 | 000,159,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2007/01/09 15:23:04 | 000,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/08/09 21:48:08 | 000,344,144 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
PRC - [2006/07/20 21:49:32 | 000,327,680 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe
PRC - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/05/19 14:13:00 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
PRC - [2006/04/26 19:35:02 | 000,090,112 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMERzCtl.exe
PRC - [2006/04/10 20:14:52 | 000,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2006/03/16 15:58:00 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2005/12/14 14:00:32 | 000,126,976 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMESRV31.exe
PRC - [2005/11/29 22:45:36 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2005/06/28 22:43:00 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TouchED\TouchED.exe
PRC - [2005/05/17 13:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe
PRC - [2005/01/17 18:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 02:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/12/16 13:56:52 | 000,090,112 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
PRC - [2004/06/30 18:29:34 | 000,049,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe
PRC - [2004/02/24 17:57:32 | 000,077,824 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMETEMnu.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 19:19:27 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/12 19:19:25 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/12 19:17:05 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/12 19:16:59 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/12 19:16:47 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/12 17:11:40 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/12 17:11:24 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/12 17:05:55 | 001,855,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.0.3705\system\1.0.3300.0__b77a5c561934e089_a9ab4c1a\system.dll
MOD - [2011/10/12 17:05:46 | 003,301,376 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_5f1b90a4\mscorlib.dll
MOD - [2011/06/27 09:33:38 | 000,103,680 | ---- | M] () -- C:\Program Files\Panda Security\WaAgent\Common\MiniCrypto.dll
MOD - [2011/06/27 09:33:38 | 000,046,336 | ---- | M] () -- C:\Program Files\Panda Security\WaAgent\Common\APIcr.dll
MOD - [2010/06/03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2008/06/17 09:53:29 | 001,179,648 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.3300.0__b77a5c561934e089\system.dll
MOD - [2008/06/17 09:51:48 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC\SKLibrary\1.7.2600.5512__31bf3856ad364e35\SKLibrary.dll
MOD - [2008/06/17 09:51:48 | 000,012,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC\SoftKeyboardLogic\1.7.2600.5512__31bf3856ad364e35\SoftKeyboardLogic.dll
MOD - [2008/06/17 09:51:47 | 000,009,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.SoftKeyboardInterface\1.7.2600.5512__31bf3856ad364e35\Interop.SoftKeyboardInterface.dll
MOD - [2008/04/13 18:12:03 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/11/23 20:57:34 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\interop.tipcomponents\1.7.2600.2180__31bf3856ad364e35\interop.tipcomponents.dll
MOD - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2007/10/08 15:03:22 | 000,245,760 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/09/27 15:15:14 | 000,095,528 | ---- | M] () -- C:\WINDOWS\system32\WacomTouchService.exe
MOD - [2007/09/27 15:12:52 | 000,107,816 | ---- | M] () -- C:\WINDOWS\system32\WTouchUser.exe
MOD - [2007/07/19 17:27:18 | 004,765,184 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2007/06/18 13:04:32 | 000,165,424 | ---- | M] () -- C:\Program Files\Panda Security\WAC\MiniCrypto.dll
MOD - [2007/06/18 13:04:30 | 000,099,888 | ---- | M] () -- C:\Program Files\Panda Security\WAC\APIcr.dll
MOD - [2007/05/17 15:42:26 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
MOD - [2004/08/04 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/06/27 09:33:38 | 000,140,544 | ---- | M] (Panda Security) [Auto | Running] -- C:\Program Files\Panda Security\WaAgent\Scheduler\PavSched.exe -- (PavAt3Scheduler)
SRV - [2011/06/10 11:22:06 | 000,314,696 | ---- | M] (Panda Security) [Auto | Running] -- C:\Program Files\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe -- (PavWASLpMng)
SRV - [2011/05/31 11:11:50 | 000,206,664 | ---- | M] (Panda Security) [Auto | Running] -- C:\Program Files\Panda Security\WaAgent\WasWD\WasWD.exe -- (WASWD)
SRV - [2011/05/31 11:09:52 | 000,322,376 | ---- | M] (Panda Security) [Auto | Running] -- C:\Program Files\Panda Security\WaAgent\WasAgent\WasAgent.exe -- (WASAgent)
SRV - [2011/05/17 15:05:34 | 000,342,344 | ---- | M] (Panda Security) [Auto | Running] -- C:\Program Files\Panda Security\WAC\PsCtrlS.exe -- (Panda Software Controller)
SRV - [2010/08/16 13:32:48 | 000,027,968 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files\Panda Security\WAC\psksvc.exe -- (PskSvc)
SRV - [2010/07/14 18:42:28 | 000,313,152 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\WAC\pavsrvx86.exe -- (PavSrv)
SRV - [2010/06/25 11:36:28 | 000,107,328 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\WAC\PSIMSVC.EXE -- (PSImSvc)
SRV - [2009/12/07 12:51:13 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/03 13:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2007/11/12 18:23:02 | 000,073,728 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TTPDSRV.exe -- (TTPDSrv)
SRV - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/27 15:15:14 | 000,095,528 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\WacomTouchService.exe -- (WacomTouchService)
SRV - [2007/09/07 17:11:28 | 000,531,072 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2007/08/28 17:09:56 | 001,464,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel®
SRV - [2007/08/28 17:09:52 | 000,182,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel®
SRV - [2007/08/28 17:09:46 | 000,121,368 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/12/14 14:00:32 | 000,126,976 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2005/01/17 18:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Driver Services (SafeList) ==========

DRV - [2011/05/05 13:07:12 | 000,062,152 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\amm8651.sys -- (AmFSM)
DRV - [2008/07/03 09:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/11/06 17:25:36 | 000,101,888 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/11/01 16:38:56 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/09/26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/09/06 18:28:44 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/08/27 12:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/07/30 14:44:58 | 000,030,248 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wisdpen.sys -- (wisdpen)
DRV - [2007/07/12 12:41:52 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/04/27 12:19:00 | 000,021,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2007/04/16 11:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/03/26 14:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/03/09 17:23:18 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2007/02/22 17:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/22 14:55:10 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2007/02/21 20:20:36 | 000,435,072 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2007/02/19 14:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2007/02/15 18:44:00 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2007/01/24 16:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/23 05:13:26 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006/11/28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/23 18:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2004/06/16 13:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/09/13 00:48:50 | 000,008,832 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TBtnKey.sys -- (TBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "TenchisTV Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/Result-- The nicest hobby on Earth ;) --t.aspx?ctid=CT2411669&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.nytimes.com//?oref=login"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ece24dcf-8548-4655-b392-47a388721482}:3.7.0.6
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\rfindlay\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\rfindlay\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 22:26:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 22:26:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\rfindlay\Application Data\Move Networks [2010/01/22 08:17:06 | 000,000,000 | ---D | M]

[2009/08/24 15:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rfindlay\Application Data\Mozilla\Extensions
[2011/11/29 18:05:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rfindlay\Application Data\Mozilla\Firefox\Profiles\uodrzgum.default\extensions
[2010/04/27 07:16:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\rfindlay\Application Data\Mozilla\Firefox\Profiles\uodrzgum.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/29 18:05:14 | 000,000,000 | ---D | M] (TenchisTV Community Toolbar) -- C:\Documents and Settings\rfindlay\Application Data\Mozilla\Firefox\Profiles\uodrzgum.default\extensions\{ece24dcf-8548-4655-b392-47a388721482}
[2011/09/01 23:38:00 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\rfindlay\Application Data\Mozilla\Firefox\Profiles\uodrzgum.default\searchplugins\conduit.xml
[2011/11/09 22:26:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/05 00:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/04 21:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 21:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/05/05 10:32:39 | 000,236,669 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100-- The nicest hobby on Earth ;) --links.com
O1 - Hosts: 127.0.0.1 100-- The nicest hobby on Earth ;) --links.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8286 more lines...
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe (TOSHIBA)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [Panda Software Controller Client] C:\Program Files\Panda Security\WAC\PSCtrlC.exe (Panda Security)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TAcelMgr] C:\Program Files\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRot.exe] c:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA)
O4 - HKLM..\Run: [TSkrMain] C:\Program Files\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WTouchUser] C:\WINDOWS\system32\WTouchUser.exe ()
O4 - HKCU..\Run: [{991627DC-332F-D17D-0503-A24A66E8D3EC}] C:\Documents and Settings\rfindlay\Application Data\Syahbi\icetowy.exe ()
O4 - HKCU..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Panda Security\WAC\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Panda Security\WAC\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Panda Security\WAC\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Panda Security\WAC\pavlsp.dll (Panda Software International)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spa.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{833D61C5-4222-4DED-A90C-4D6AABF0AC6F}: DhcpNameServer = 192.168.0.1 205.171.2.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TosBtNP: DllName - (TosBtNP.dll) - C:\WINDOWS\System32\TosBtNP.dll (TOSHIBA CORPORATION)
O20 - Winlogon\Notify\TSigNP: DllName - (TSigNP.dll) - C:\WINDOWS\System32\TSigNP.dll (TOSHIBA)
O24 - Desktop WallPaper: C:\Documents and Settings\rfindlay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\rfindlay\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/23 20:59:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/01 23:49:49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rfindlay\Desktop\OTL.exe
[2011/12/01 23:29:10 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rfindlay\Desktop\TFC.exe
[2011/12/01 08:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rfindlay\Application Data\Malwarebytes
[2011/12/01 08:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/01 08:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/01 08:57:58 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/01 08:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/30 09:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rfindlay\My Documents\Stadium
[2011/11/27 15:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rfindlay\Application Data\Syahbi
[2011/11/27 15:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rfindlay\Application Data\Qywoom
[2011/11/11 08:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/03 11:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rfindlay\My Documents\Conferences
[2007/11/23 22:17:53 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\BrigthDL.dll
[2007/11/23 22:17:53 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\Thkemrun.exe
[1 C:\Documents and Settings\rfindlay\Desktop\*.tmp files -> C:\Documents and Settings\rfindlay\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/01 23:57:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/12/01 23:50:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rfindlay\Desktop\OTL.exe
[2011/12/01 23:43:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/01 23:41:51 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/01 23:38:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/01 23:29:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rfindlay\Desktop\TFC.exe
[2011/12/01 15:13:17 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\rfindlay\Application Data\Microsoft\Internet Explorer\Quick Launch\OneNote 2007.lnk
[2011/12/01 15:05:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/01 08:58:04 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/01 08:49:10 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\rfindlay\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/11/27 23:36:29 | 000,027,811 | ---- | M] () -- C:\Documents and Settings\rfindlay\My Documents\houstons-hope-gary-kubiak.jpg
[2011/11/26 13:23:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/25 11:43:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/09 22:26:59 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\rfindlay\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/09 15:59:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/06 05:38:54 | 000,467,430 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 05:38:54 | 000,080,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\Documents and Settings\rfindlay\Desktop\*.tmp files -> C:\Documents and Settings\rfindlay\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/01 08:58:04 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/27 23:36:06 | 000,027,811 | ---- | C] () -- C:\Documents and Settings\rfindlay\My Documents\houstons-hope-gary-kubiak.jpg
[2011/11/09 22:26:59 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\rfindlay\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/09 22:26:59 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2010/09/28 22:07:47 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/28 22:07:47 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD7020.DAT
[2010/08/19 20:23:52 | 000,056,264 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/21 11:42:14 | 000,000,004 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
[2010/06/22 22:17:48 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/12/07 12:24:42 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/10/23 15:17:02 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\rfindlay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/04 08:04:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2008/12/09 12:35:32 | 000,000,133 | ---- | C] () -- C:\WINDOWS\AdminIE.ini
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/15 14:10:21 | 000,167,936 | R--- | C] () -- C:\WINDOWS\System32\GBInf.dll
[2008/05/15 13:24:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/05 11:46:20 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2008/05/05 11:46:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2008/05/05 11:43:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/02 13:15:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/02 13:13:55 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2008/05/02 13:12:01 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2008/05/02 13:12:00 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2008/05/02 13:12:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2008/05/02 13:12:00 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2008/05/02 13:05:44 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/05/02 13:05:44 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/23 22:52:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/11/23 22:52:48 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/11/23 22:52:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/11/23 22:52:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/11/23 22:52:48 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/11/23 22:52:48 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/11/23 22:32:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2007/11/23 22:17:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2007/11/23 22:15:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/11/23 22:14:57 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2007/11/23 21:00:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/11/23 20:56:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/11/23 19:45:57 | 000,000,135 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2007/11/23 19:45:40 | 000,000,339 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/11/23 19:45:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\gtfirstboot.exe
[2007/11/23 19:41:44 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/11/23 19:41:38 | 000,467,430 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/11/23 19:41:38 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/11/23 19:41:38 | 000,080,480 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/11/23 19:41:38 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/11/23 19:41:36 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/11/23 19:41:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/11/23 19:41:32 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/11/23 19:41:22 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/11/23 19:41:22 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/11/23 19:41:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/11/23 19:40:55 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/11/23 12:54:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/11/23 12:53:46 | 001,677,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/05 15:05:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 23:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2000/02/25 20:08:33 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\rfindlay\Local Settings\Application Data\fusioncache.dat
[2000/01/01 08:58:32 | 000,107,816 | ---- | C] () -- C:\WINDOWS\System32\WTouchUser.exe
[2000/01/01 08:58:01 | 000,095,528 | ---- | C] () -- C:\WINDOWS\System32\WacomTouchService.exe

========== LOP Check ==========

[2008/05/15 14:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix GoBinder
[2009/08/24 15:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2011/04/30 08:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2010/06/28 06:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2011/06/21 23:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/25 15:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/11 09:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/06/27 14:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\CiscoCAA
[2010/09/27 12:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\CoreFTP
[2011/10/12 19:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Dropbox
[2010/10/15 11:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\HandBrake
[2009/09/21 11:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Inspiration Software
[2007/11/27 07:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\InterVideo
[2011/10/12 19:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Nvu
[2010/09/20 15:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\OpenOffice.org
[2011/12/01 15:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Qywoom
[2011/04/22 08:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Serif
[2011/11/27 15:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Syahbi
[2011/03/24 08:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\toshiba
[2007/11/23 22:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\WinBatch
[2009/08/27 07:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Windows Desktop Search
[2009/12/14 16:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rfindlay\Application Data\Windows Search
[2011/12/01 23:41:51 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C1A9365

< End of report >

OTL Extras logfile created on: 12/1/2011 11:51:33 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\rfindlay\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 57.66% Memory free
3.81 Gb Paging File | 2.85 Gb Available in Paging File | 74.78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 132.43 Gb Total Space | 66.61 Gb Free Space | 50.30% Space Free | Partition Type: NTFS

Computer Name: M700-09-205 | User Name: rfindlay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 10.0.12.0/24

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application.
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater.
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\rfindlay\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\rfindlay\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
"C:\Program Files\Panda Security\WaAgent\WasAgent\WasAgent.exe" = C:\Program Files\Panda Security\WaAgent\WasAgent\WasAgent.exe -- (Panda Security)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
"C:\Program Files\Vernier Software\LabQuest Emulator\NGIODevMgrX.exe" = C:\Program Files\Vernier Software\LabQuest Emulator\NGIODevMgrX.exe:*:Enabled:LabQuest Emulator
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\rfindlay\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\rfindlay\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
"C:\Program Files\Panda Security\WaAgent\WasAgent\WasAgent.exe" = C:\Program Files\Panda Security\WaAgent\WasAgent\WasAgent.exe -- (Panda Security)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{02418C87-F90C-4E47-8BA6-16226B35D9C3}" = Serif MoviePlus X3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0577A2AA-DEA0-4D40-8372-4211102D43E4}" = TOSHIBA Mic Effect
"{0759CACC-6CF9-4C3C-92C5-39668679AB16}" = Microsoft Ink Desktop
"{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{106F886B-A874-43DF-BCC4-01DB57E1F3C6}" = Windows Movie Maker 2 Winter Fun Pack
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14081443-583A-4605-BB91-83D38ADAC939}" = Microsoft Windows XP Tablet PC Edition 2005 Recognizer Pack
"{1759CACC-6CF9-4C3C-92C5-39668679AB17}" = Microsoft Ink Crossword
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BDC1AB0-2677-4593-8F94-329F7CA8F670}" = Adobe Creative Suite 3 Design Premium
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{2175F2B1-E91A-4FA8-98B4-1558D2E09A53}" = Calculator for Tablet PC
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24300A63-DD78-4AA5-A914-4D582C41D33A}" = TOSHIBA TouchPad On/Off Utility V2.5.1.0
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{2782822A-FC21-41A3-8D12-FA4F131A7A8A}" = My Font Tool for Tablet PC
"{27956219-3692-47F3-AAB7-11E5A29523B0}" = LoggerPro3
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{347D1603-FA83-4B2C-B504-8BC1FF59DB50}" = Digital Photography Winter Fun Pack
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{38F05DF0-0094-4FF7-A9BA-BCBF410A513B}" = Dictionary Tool for Tablet PC
"{3B8D9FA4-745C-47C9-962D-4ABE6ACE136B}" = TOSHIBA Mobile Extension3
"{3C26E039-BE18-4B5E-A723-45390C451819}" = Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Titles
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{4023F044-5120-4372-BCE4-0E226BAD3FAF}" = Power Paint Tool for Tablet PC
"{40FFC202-F842-44C7-ACBE-8B0EA690B1A3}" = Microsoft Education Pack for Windows XP Tablet PC Edition
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{49690597-1A6D-4E44-9060-DBDAFD2607C6}" = Microsoft Physics Illustrator for Tablet PC
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51AFB69C-1C54-4C77-A888-2860F8CD3E7D}" = Paint.NET v3.31
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B2029A4-1854-42BC-96B6-4ACE5F5414BD}" = ArtRage 2 Starter Edition
"{5CA11D9C-5434-497A-BB45-5DD21CAA1734}" = JumpingMinds TabletFlash
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A1F0A1A-474C-4151-8534-5F61832D88CD}" = Comic Life
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7049A7F0-6AD3-4233-A520-90F9C1BEE0D1}" = Thumbnail View
"{75418375-F957-468A-B5ED-FD3799434F5B}" = SPA Drive Z
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8853C080-7F5C-4020-B663-C57FE29BB858}" = Microsoft Snipping Tool 2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D7D72F7-4557-420B-9D1D-CF70CF2D2924}" = Writing Practice Tool For Tablet PC
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FBF2E93-C2CE-4F94-A1E2-94ACDB7AE1B2}" = Web Search Power Tool For Tablet PC
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A117C809-A34F-4D18-BFD1-917B20FC9F31}" = Panda Endpoint Protection
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6264FF6-C49D-4533-AF42-4875C38BB24C}" = Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Audio
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A973170F-E401-4498-BED0-A541C439885F}" = Tablet PC Composition Tool
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype? 5.5
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Fran?ais, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Fran?ais, Deutsch
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC971CEE-1480-479D-81AF-1CB4D10467B0}" = TOSHIBA Tablet Access Code Logon Utility
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"{C12EB29D-9D64-4ACA-84C2-33D8729AABD3}" = Microsoft Experience Pack for Tablet PC
"{C477AD8D-6695-47F5-AC6A-9C11045C97B5}" = Tic-Tac-Toe
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8BA6802-38DA-43F9-8ACB-73161C277C9A}" = Adobe Setup
"{C92A5A89-B218-46F7-8898-77C52113FFE0}" = Adobe Setup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE48AA2A-508F-45FD-BEEF-CD14447228AB}" = Panda Endpoint Agent
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0F136FF-8BD5-4650-9E79-17162D30C12D}" = Windows XP Creativity Fun Packs - Digital Photography
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6E83A9E-35A3-4994-B129-C6726E761D99}" = Art Tool for Tablet PC
"{D8A7DBA8-8466-490D-962B-6DB5C5FB13F2}" = Drawing Animator Toy for Tablet PC
"{DA2D4D11-1811-4A24-B719-BF9F048C6106}" = Windows XP Creativity Fun Packs - Windows Movie Maker 2
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF9A74FD-6C54-4B04-8D27-001AEE5A6476}" = TOSHIBA Rotation Utility
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9D35D9E-B417-4FFD-9725-5FC247A8BAE5}" = Word Search Game For Tablet PC
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F550C3E2-96CA-4054-87AA-873EAEEAA219}" = Writing Recognition Game
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6C2D09F-6C82-48BB-A9D5-6A0478F52BD6}" = Microsoft Media Transfer
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FC4C645F-8EBC-4F1E-A517-D1505B43A374}" = TOSHIBA Wireless Key Logon
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Across Lite 2.0" = Across Lite 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_498b43b77cac072081a5692bfc52804" = Add or Remove Adobe Creative Suite 3 Design Premium
"Adobe_bbef028176efa5abf0233d3e1747be8" = Adobe Fireworks CS3
"Audacity_is1" = Audacity 1.2.6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Core FTP LE 2.1" = Core FTP LE 2.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Insight 6.2" = Insight 6.2
"InstallShield_{27956219-3692-47F3-AAB7-11E5A29523B0}" = Logger Pro 3.7.0.1
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"InstallShield_{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
"InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MESOL" = Intel® Active Management Technology Device Software
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nvu_is1" = Nvu 1.0
"PCOP Agent" = Panda Endpoint Agent
"PCOP Endpoint" = Panda Endpoint Protection
"Picasa 3" = Picasa 3
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"Scratch" = Scratch
"Tablet Driver" = Wacom Tablet
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"TME" = Uninstall for TOSHIBA Mobile Extension3
"TOSHIBA Accelerometer Utilities" = TOSHIBA Accelerometer Utilities
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2011 1:23:01 AM | Computer Name = M700-09-205 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 12/2/2011 1:24:05 AM | Computer Name = M700-09-205 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 12/2/2011 1:24:38 AM | Computer Name = M700-09-205 | Source = UserInit | ID = 1000
Description = Could not execute the following script logon.vbs. The system cannot
find the file specified. .

Error - 12/2/2011 1:25:16 AM | Computer Name = M700-09-205 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for SPA\rfindlay failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 12/2/2011 1:37:46 AM | Computer Name = M700-09-205 | Source = UserInit | ID = 1000
Description = Could not execute the following script logoff.vbs. The system cannot
find the file specified. .

Error - 12/2/2011 1:39:59 AM | Computer Name = M700-09-205 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 12/2/2011 1:40:01 AM | Computer Name = M700-09-205 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 12/2/2011 1:43:33 AM | Computer Name = M700-09-205 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 12/2/2011 1:44:06 AM | Computer Name = M700-09-205 | Source = UserInit | ID = 1000
Description = Could not execute the following script logon.vbs. The system cannot
find the file specified. .

Error - 12/2/2011 1:44:51 AM | Computer Name = M700-09-205 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for SPA\rfindlay failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ OSession Events ]
Error - 2/1/2010 12:26:07 PM | Computer Name = M700-09-205 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7834
seconds with 1440 seconds of active time. This session ended with a crash.

Error - 6/25/2010 5:16:39 PM | Computer Name = M700-09-205 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 179
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/2/2010 12:34:43 PM | Computer Name = M700-09-205 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12920
seconds with 420 seconds of active time. This session ended with a crash.

Error - 9/21/2010 4:15:11 PM | Computer Name = M700-09-205 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22148
seconds with 600 seconds of active time. This session ended with a crash.

Error - 10/15/2010 6:11:19 PM | Computer Name = M700-09-205 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 215
seconds with 180 seconds of active time. This session ended with a crash.

Error - 11/17/2010 4:13:57 PM | Computer Name = M700-09-205 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 12465
seconds with 1200 seconds of active time. This session ended with a crash.

Error - 1/9/2011 1:43:03 AM | Computer Name = M700-09-205 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 51879
seconds with 15960 seconds of active time. This session ended with a crash.

Error - 3/29/2011 10:35:39 AM | Computer Name = M700-09-205 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 571
seconds with 480 seconds of active time. This session ended with a crash.

Error - 3/31/2011 12:24:17 PM | Computer Name = M700-09-205 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12128
seconds with 1140 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/2/2011 1:30:06 AM | Computer Name = M700-09-205 | Source = Service Control Manager | ID = 7034
Description = The Panda Endpoint Watchdog service terminated unexpectedly. It has
done this 1 time(s).

Error - 12/2/2011 1:30:06 AM | Computer Name = M700-09-205 | Source = Service Control Manager | ID = 7034
Description = The TOSHIBA Bluetooth Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 12/2/2011 1:30:06 AM | Computer Name = M700-09-205 | Source = Service Control Manager | ID = 7034
Description = The TOSHIBA Touch Pad Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 12/2/2011 1:30:06 AM | Computer Name = M700-09-205 | Source = Service Control Manager | ID = 7034
Description = The Panda Endpoint Communications Agent service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/2/2011 1:30:07 AM | Computer Name = M700-09-205 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 12/2/2011 1:37:10 AM | Computer Name = M700-09-205 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 12/2/2011 1:38:54 AM | Computer Name = M700-09-205 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain SPA due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 12/2/2011 1:39:02 AM | Computer Name = M700-09-205 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 12/2/2011 1:39:02 AM | Computer Name = M700-09-205 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 12/2/2011 1:54:05 AM | Computer Name = M700-09-205 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.


< End of report >

Results of screen317's Security Check version 0.99.28
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Java™ 6 Update 3
Java™ 6 Update 5
Java version out of date!
Adobe Flash Player 9 Flash Player out of date!
Adobe Flash Player ( 10.3.183.7) Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (8.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
Windows Defender MsMpEng.exe
Windows Defender MSASCui.exe
``````````End of Log````````````


#2 sempai

sempai

    3 stars and a sun

  • Admin
  • 1,043 posts

Posted 02 December 2011 - 11:11 AM

Hi,


Please go to http://virscan.org/
  • Navigate the following file path into the "Suspicious files to scan" box on the top of the page:

    C:\Documents and Settings\rfindlay\Application Data\Syahbi\icetowy.exe
    C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.



#3 smurf_inferno

smurf_inferno

    Active Member

  • Active Members
  • 42 posts

Posted 02 December 2011 - 02:44 PM

Thank you. Ran the scan on the first file only. Was not able to locate the second file when I browsed the All Users/Application data folder. Here are the scan results:

VirSCAN.org Scanned Report :
Scanned time : 2011/12/02 08:33:05 (CST)
Scanner results: 22% Scanner(s) (8/36) found malware!
File Name : icetowy.exe
File Size : 135168 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 9ff5e34bad7f735ec0387a6228822710
SHA1 : b00efdd4bb49b7c0bf077ad6ab9b903223484362
Online report : http://r.virscan.org...e7250604a5d55b0

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20111202222541 2011-12-02 0.97 -
AhnLab V3 2011.12.01.02 2011.12.01 2011-12-01 9.75 -
AntiVir 8.2.6.128 7.11.18.199 2011-12-02 0.28 -
Antiy 2.0.18 20111202.14674698 2011-12-02 0.02 -
Arcavir 2011 201112020243 2011-12-02 3.22 -
Authentium 5.1.1 201112012341 2011-12-01 1.59 -
AVAST! 4.7.4 111202-0 2011-12-02 0.02 Win32:Malware-gen
AVG 10.0.1405 2090/4052 2011-12-02 0.06 Generic26.FCN
BitDefender 7.90123.7827122 7.40010 2011-12-02 4.64 Gen:Variant.Graftor.6036
ClamAV 0.97.1 14062 2011-12-02 0.04 -
Comodo 5.1 10810 2011-12-02 7.79 -
CP Secure 1.3.0.5 2011.12.02 2011-12-02 0.07 -
Dr.Web 5.0.2.3300 2011.12.02 2011-12-02 16.60 Trojan.PWS.Panda.1490
F-Prot 4.6.2.117 20111201 2011-12-01 0.94 -
F-Secure 7.02.73807 2011.12.02.04 2011-12-02 0.48 -
Fortinet 4.2.257 14.932 2011-12-01 0.42 -
GData 22.2934 20111202 2011-12-02 8.45 Gen:Variant.Graftor.6036 [Engine:A]
ViRobot 20111202 2011.12.02 2011-12-02 0.79 -
Ikarus T3.1.32.20.0 2011.12.02.79921 2011-12-02 5.80 -
JiangMin 13.0.900 2011.11.26 2011-11-26 2.23 -
Kaspersky 5.5.10 2011.12.02 2011-12-02 0.19 -
KingSoft 2009.2.5.15 2011.12.2.18 2011-12-02 0.86 -
McAfee 5400.1158 6547 2011-12-01 11.30 -
Microsoft 1.7903 2011.12.02 2011-12-02 4.25 PWS:Win32/Zbot
NOD32 3.0.21 6677 2011-12-02 0.01 Win32/Spy.Zbot.YW trojan
Panda 9.05.01 2011.12.02 2011-12-02 8.43 -
Trend Micro 9.500-1005 8.618.05 2011-12-02 0.08 -
Quick Heal 11.00 2011.12.01 2011-12-01 3.33 -
Rising 20.0 23.86.04.02 2011-12-02 3.24 -
Sophos 3.25.1 4.71 2011-12-02 4.40 -
Sunbelt 3.9.2515.2 11190 2011-12-01 10.15 -
Symantec 1.3.0.24 20111201.018 2011-12-01 0.09 -
nProtect 20111202.01 11822474 2011-12-02 1.55 Trojan/W32.Agent.135168.AWV
The Hacker 6.7.0.1 v00352 2011-12-01 0.61 -
VBA32 3.12.16.4 20111201.0756 2011-12-01 9.47 -
VirusBuster 5.4.0.10 14.1.95.0/6907135 2011-12-02 0.00 -


#4 sempai

sempai

    3 stars and a sun

  • Admin
  • 1,043 posts

Posted 02 December 2011 - 03:13 PM

Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    CODE
    :OTL
    O4 - HKCU..\Run: [{991627DC-332F-D17D-0503-A24A66E8D3EC}] C:\Documents and Settings\rfindlay\Application Data\Syahbi\icetowy.exe ()
    [2010/07/21 11:42:14 | 000,000,004 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
    [2011/11/27 15:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rfindlay\Application Data\Syahbi


    :Files
    ipconfig /flushdns /c

    :Commands
    [EMPTYTEMP]

  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.



#5 smurf_inferno

smurf_inferno

    Active Member

  • Active Members
  • 42 posts

Posted 02 December 2011 - 03:52 PM

Here's the OTL report:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{991627DC-332F-D17D-0503-A24A66E8D3EC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{991627DC-332F-D17D-0503-A24A66E8D3EC}\ not found.
C:\Documents and Settings\rfindlay\Application Data\Syahbi\icetowy.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat moved successfully.
C:\Documents and Settings\rfindlay\Application Data\Syahbi folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\rfindlay\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\rfindlay\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 1792 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: rfindlay
->Temp folder emptied: 623562 bytes
->Temporary Internet Files folder emptied: 3058476 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 76780078 bytes
->Flash cache emptied: 3277 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18000 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 77.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12022011_093645

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\rfindlay\Local Settings\Temp\~DFA22B.tmp not found!
C:\Documents and Settings\rfindlay\Local Settings\Temporary Internet Files\Content.Word\~WRF{F37B19B7-9BB3-4978-94DD-13868F362BF1}.tmp moved successfully.
C:\Documents and Settings\rfindlay\Local Settings\Temporary Internet Files\Content.Word\~WRS{44A3C5FD-B745-43DB-9F1C-933D6F8F9DDA}.tmp moved successfully.
C:\Documents and Settings\rfindlay\Local Settings\Temporary Internet Files\Content.Word\~WRS{85ACF692-8390-475A-8624-15A4C7CCE6EC}.tmp moved successfully.
C:\Documents and Settings\rfindlay\Local Settings\Temporary Internet Files\Content.Word\~WRS{9255B76A-8E11-4DD5-A193-49C9DC693E09}.tmp moved successfully.
C:\Documents and Settings\rfindlay\Local Settings\Temporary Internet Files\Content.Word\~WRS{9AD9F413-30C5-426E-9728-F5116B35F5AF}.tmp moved successfully.
C:\Documents and Settings\rfindlay\Local Settings\Temporary Internet Files\Content.Word\~WRS{B4BD1895-3445-4818-A5EE-8EDEED64E206}.tmp moved successfully.

Registry entries deleted on Reboot...


#6 sempai

sempai

    3 stars and a sun

  • Admin
  • 1,043 posts

Posted 03 December 2011 - 03:49 AM

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    QUOTE
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, but make sure you copy the logfile first.
  • Now click on:
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


#7 smurf_inferno

smurf_inferno

    Active Member

  • Active Members
  • 42 posts

Posted 03 December 2011 - 07:18 PM

Okay. I want to do this right. But I'm a little confused. I went to the instructions for disabling my anti-virus, and I have two questions:

1. I use Panda Endpoint Protection. Instructions for disabling it do not appear in the list on the Bleepingcomputer web site. And when I bring up the Panda help menu, it does not make it clear how to disable the software (installed by our tech guys at school; I have a computer for school/personal use). So how do I disable it?

2. I am not aware of any other specific anti-virus software running on my computer. Not using AVG or WSE, as far as I know. Do any of the scans I've sent suggest otherwise?

Thank you.

#8 smurf_inferno

smurf_inferno

    Active Member

  • Active Members
  • 42 posts

Posted 03 December 2011 - 07:23 PM

A third question:

I checked on my Wells Fargo situation, and the pop-up is gone. Does this mean we've already eliminated the problem? Or are we still in the process of cleaning up problematic malware?

Thanks!

#9 sempai

sempai

    3 stars and a sun

  • Admin
  • 1,043 posts

Posted 04 December 2011 - 04:22 PM

Please try the instruction here on how to disable Panda Antivirus: http://www.techsuppo...ons-490111.html


QUOTE
Do any of the scans I've sent suggest otherwise?
No


QUOTE
Does this mean we've already eliminated the problem? Or are we still in the process of cleaning up problematic malware?
We already removed the malware/culprit of the pop-up, we are looking for a possible malware remnant just to be sure that we didn't miss anything.

#10 smurf_inferno

smurf_inferno

    Active Member

  • Active Members
  • 42 posts

Posted 24 December 2011 - 08:54 PM

Sorry for the delay. Lots happened. First, for general interest, it was next to impossible to temporarily disable Panda. The web site I was directed to suggests you open Task Manager, select the Panda items running and End Task. However, it did NOT explain how to identify which of the arcane file names might be Panda.

Then, I lost connection to the Internet. Had to roll back my restore date and then run unintall Panda and load Microsoft Security Essentials. Ran a full scan with that and things came out fine.

But now I have a new issue. So I want to close this thread and post a new one, starting from scratch. Thanks for all the help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users