Jump to content


Photo

Strange Sound file on Laptop


  • Please log in to reply
2 replies to this topic

#1 nubiwan

nubiwan

    Active Member

  • Active Members
  • 44 posts

Posted 30 March 2012 - 03:04 PM

MBAM gave me rootkit.0Access message so I quarantined the file. Message came up 5 times. Quarantined each time. I now have an annoying soundfile that plays intermittently on my computer. I ran MBAm and it found ab infected file. Cleaned the file, then ran it again. MBA was clean, but I still have the soundfile playing. Find my web browser is very sluggish.

My current MBAM log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.29.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Tonerama :: TONERAMA-PC [administrator]

30/03/2012 7:48:07 AM
mbam-log-2012-03-30 (07-48-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185507
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

My Extras Log:

OTL Extras logfile created on: 3/30/2012 11:04:52 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Tonerama\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 68.65% Memory free
5.85 Gb Paging File | 4.99 Gb Available in Paging File | 85.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 583.51 Gb Total Space | 472.45 Gb Free Space | 80.97% Space Free | Partition Type: NTFS

Computer Name: TONERAMA-PC | User Name: Tonerama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.? AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel? Rapid Storage Technology
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel? Management Engine Components
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}" = TOSHIBA Bulletin Board
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B894522E-C079-4DC8-A305-30BA6E2F4459}" = TOSHIBA ReelTime
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DF29A0E2-DF76-4932-98A9-34B441F40486}" = Auction Sentry
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype? 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel? Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CryptoMite" = CryptoMite V.3
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashGet" = FlashGet 1.9.6.1073
"FlashGet 3.7" = FlashGet 3.7
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}" = TOSHIBA Bulletin Board
"InstallShield_{B894522E-C079-4DC8-A305-30BA6E2F4459}" = TOSHIBA ReelTime
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088702" = Plants vs. Zombies
"WT088703" = Build-a-lot 2
"WT088710" = Zuma's Revenge
"WT088739" = FATE
"WT088750" = Jewel Quest - Heritage
"WT088759" = Polar Bowler
"WT088760" = Virtual Villagers 4 - The Tree of Life
"WT088761" = Wheel of Fortune 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ACFinder" = SancMedia

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/11/2012 10:50:34 AM | Computer Name = Tonerama-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: FlashGetHook.dll_unloaded, version:
0.0.0.0, time stamp: 0x4cfdb46b Exception code: 0xc0000005 Fault offset: 0x02d4e9d8
Faulting
process id: 0x1550 Faulting application start time: 0x01ccff961ae02ecf Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: FlashGetHook.dll
Report
Id: 8debce81-6b89-11e1-b795-00266c99880e

Error - 3/11/2012 10:50:34 AM | Computer Name = Tonerama-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: mshtml.dll, version: 8.0.7601.17744,
time stamp: 0x4eeaf73c Exception code: 0xc0000005 Fault offset: 0x001cf80d Faulting
process id: 0xe60 Faulting application start time: 0x01ccff95e7c78828 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 8deba771-6b89-11e1-b795-00266c99880e

Error - 3/14/2012 9:24:43 AM | Computer Name = Tonerama-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: jccatch.dll, version: 1.8.4.1007, time
stamp: 0x4683881f Exception code: 0xc0000005 Fault offset: 0x00007859 Faulting process
id: 0x1400 Faulting application start time: 0x01cd017c822c30e6 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Program
Files\FlashGet\jccatch.dll Report Id: 0f2b5734-6dd9-11e1-b795-00266c99880e

Error - 3/15/2012 9:24:57 AM | Computer Name = Tonerama-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: mshtml.dll, version: 8.0.7601.17744,
time stamp: 0x4eeaf73c Exception code: 0xc0000005 Fault offset: 0x001cf80d Faulting
process id: 0x1354 Faulting application start time: 0x01cd02ae375c0e96 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 4208ea9e-6ea2-11e1-808a-00266c99880e

Error - 3/16/2012 6:35:39 PM | Computer Name = Tonerama-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WINWORD.EXE, version: 12.0.6545.5000, time
stamp: 0x4c653e57 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e2111c0 Exception code: 0xc06d007f Fault offset: 0x0000d36f Faulting
process id: 0x1c50 Faulting application start time: 0x01cd03c5070646fc Faulting application
path: C:\Program Files\Microsoft Office\Office12\WINWORD.EXE Faulting module path:
C:\windows\system32\KERNELBASE.dll Report Id: 5a87f0e0-6fb8-11e1-808a-00266c99880e

Error - 3/17/2012 12:04:19 AM | Computer Name = Tonerama-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 172c Start
Time: 01cd0307a380bf79 Termination Time: 0 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 3/17/2012 12:41:04 AM | Computer Name = Tonerama-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: urlmon.dll, version: 8.0.7601.17744,
time stamp: 0x4eeaf7da Exception code: 0xc0000005 Fault offset: 0x00023c05 Faulting
process id: 0x18c8 Faulting application start time: 0x01cd03f3a28d0da7 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\windows\system32\urlmon.dll
Report
Id: 66f38105-6feb-11e1-808a-00266c99880e

Error - 3/17/2012 4:33:56 PM | Computer Name = Tonerama-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: jccatch.dll, version: 1.8.4.1007, time
stamp: 0x4683881f Exception code: 0xc0000005 Fault offset: 0x00007859 Faulting process
id: 0x55c Faulting application start time: 0x01cd0441bf9fe7f9 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Program
Files\FlashGet\jccatch.dll Report Id: 847c4bb0-7070-11e1-808a-00266c99880e

Error - 3/22/2012 12:59:23 PM | Computer Name = Tonerama-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: AcroIEHelper.dll_unloaded, version:
0.0.0.0, time stamp: 0x4b302e93 Exception code: 0xc0000005 Fault offset: 0x6d41556c
Faulting
process id: 0xfec Faulting application start time: 0x01cd07bae94cc5c1 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: AcroIEHelper.dll
Report
Id: 5fa68128-7440-11e1-854c-00266c99880e

Error - 3/26/2012 2:42:01 PM | Computer Name = Tonerama-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: mshtml.dll, version: 8.0.7601.17744,
time stamp: 0x4eeaf73c Exception code: 0xc0000005 Fault offset: 0x001cf80d Faulting
process id: 0x11dc Faulting application start time: 0x01cd0b7ababb40e5 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 5fae9f51-7773-11e1-85f3-00266c99880e

[ OSession Events ]
Error - 3/16/2012 6:35:38 PM | Computer Name = Tonerama-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 35
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/12/2012 9:05:36 PM | Computer Name = Tonerama-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 3/14/2012 9:48:48 PM | Computer Name = Tonerama-PC | Source = Service Control Manager | ID = 7031
Description = The Norton Internet Security service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.

Error - 3/20/2012 7:01:51 AM | Computer Name = Tonerama-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:01:24 AM on ?20/?03/?2012 was unexpected.

Error - 3/20/2012 7:09:36 PM | Computer Name = Tonerama-PC | Source = DCOM | ID = 10010
Description =

Error - 3/21/2012 5:57:14 PM | Computer Name = Tonerama-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/21/2012 5:57:23 PM | Computer Name = Tonerama-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/21/2012 5:57:35 PM | Computer Name = Tonerama-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/21/2012 5:57:43 PM | Computer Name = Tonerama-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/22/2012 12:59:21 PM | Computer Name = Tonerama-PC | Source = DCOM | ID = 10016
Description =

Error - 3/23/2012 5:09:53 PM | Computer Name = Tonerama-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.


< End of report >


MY OTL

OTL logfile created on: 3/30/2012 12:12:37 PM - Run 4
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Tonerama\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 75.82% Memory free
5.85 Gb Paging File | 5.11 Gb Available in Paging File | 87.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 583.51 Gb Total Space | 472.38 Gb Free Space | 80.95% Space Free | Partition Type: NTFS

Computer Name: TONERAMA-PC | User Name: Tonerama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/22 08:50:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\OTL.exe
PRC - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/20 09:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/03/17 20:26:22 | 000,189,808 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2010/03/14 23:26:38 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/03/03 19:12:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel? Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 19:11:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel? Management Engine Components\LMS\LMS.exe
PRC - [2010/03/03 18:44:52 | 000,742,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2010/01/28 21:14:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/11/06 02:34:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/07/28 20:13:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/03/10 23:21:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2010/03/03 18:44:58 | 000,016,184 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
MOD - [2010/03/03 18:44:56 | 000,016,184 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
MOD - [2010/03/03 18:44:32 | 008,783,160 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009/11/03 17:56:26 | 000,058,680 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009/07/25 15:37:12 | 000,058,704 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2009/06/22 20:08:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2009/03/12 23:38:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AdfuUd.dll -- (zpcollector)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\YCNTZNENZ.exe -- (YCNTZNENZ)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\transbaseservice.dll -- (nwlnkspx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wlluc48.dll -- (LwUsbHid)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\LQUMIP.exe -- (LQUMIP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s716mgmt.dll -- (isdrv120)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvs.dll -- (Hardlock)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ulcdrhlp.dll -- (bwcsrv)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\BQPFU.exe -- (BQPFU)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\BPLGQPF.exe -- (BPLGQPF)
SRV - [2012/03/29 12:38:36 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/09/17 03:00:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/10/12 15:29:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/17 20:26:22 | 000,189,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2010/03/14 23:26:08 | 000,172,032 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/03/03 19:12:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel? Management Engine Components\UNS\UNS.exe -- (UNS) Intel?
SRV - [2010/03/03 19:11:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel? Management Engine Components\LMS\LMS.exe -- (LMS) Intel?
SRV - [2010/02/23 22:23:32 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2010/02/05 22:11:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010/01/28 21:14:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/11/06 02:34:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/10/06 13:51:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/07/28 20:13:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 22:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/10 23:21:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/12/10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 07:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 07:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/04/27 05:52:42 | 001,011,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/03/31 19:19:52 | 000,517,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/03/14 23:35:44 | 005,340,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010/03/14 22:30:44 | 000,152,064 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/02/22 22:33:32 | 000,066,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/02/10 19:31:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/03 10:06:34 | 000,232,960 | ---- | M] (Intel? Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel?
DRV - [2010/02/01 14:59:46 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/09/17 17:24:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel?
DRV - [2009/07/30 22:15:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/14 19:58:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 19:43:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/07 13:23:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/22 21:34:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/20 00:01:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...amp;rlz=1I7TSCA
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...TSCA_en___CA449
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/30 15:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}: C:\Users\Tonerama\AppData\Local\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}\ [2012/03/29 12:26:14 | 000,000,000 | ---D | M]

[2012/01/30 15:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tonerama\AppData\Roaming\Mozilla\Extensions
[2012/01/30 15:18:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/29 12:26:14 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\TONERAMA\APPDATA\LOCAL\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}
[2011/12/21 04:54:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 02:00:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 02:00:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/03/29 22:37:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [ACFinder] C:\Users\Tonerama\AppData\Local\AppCore\ACFinder\ACFinder.exe (CDIS)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 142.163.63.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81BA2DF6-ECBB-4EBF-AF3A-121A03E043B5}: DhcpNameServer = 192.168.2.1 142.163.63.129
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/30 11:12:02 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\Desktop\SecureFiles
[2012/03/30 10:53:06 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\OTL.exe
[2012/03/30 10:48:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\TFC.exe
[2012/03/29 22:42:19 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/03/29 22:37:25 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/29 22:35:52 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Local\temp
[2012/03/29 22:23:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/03/29 22:23:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/03/29 22:23:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/03/29 22:23:41 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/03/29 22:23:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/29 22:22:48 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Tonerama\Desktop\RootkitRevealer.exe
[2012/03/29 12:38:36 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/03/29 12:26:14 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Local\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}
[2012/03/29 12:03:09 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Local\AppCore
[2012/03/28 08:19:21 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/03/25 18:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/25 18:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/03/22 08:10:44 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\Documents\P90
[2012/03/16 21:24:16 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Local\ElevatedDiagnostics
[2012/03/16 19:59:56 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\Documents\web pages
[2012/03/16 19:13:42 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\Documents\REI Books
[2012/03/14 09:16:35 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/03/14 09:16:34 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2012/03/14 09:16:24 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll
[2012/03/14 09:16:24 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll
[2012/03/14 09:16:24 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll
[2012/03/14 09:16:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdrmemptylst.exe

========== Files - Modified Within 30 Days ==========

[2012/03/30 12:07:25 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At25.job
[2012/03/30 12:05:25 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At26.job
[2012/03/30 12:04:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/30 11:34:39 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/30 11:34:39 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/30 11:31:57 | 000,628,460 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/03/30 11:31:57 | 000,110,612 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/03/30 11:27:29 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/03/30 11:27:17 | 2357,612,544 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/30 11:07:59 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At24.job
[2012/03/30 11:03:01 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At23.job
[2012/03/30 10:25:10 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At22.job
[2012/03/30 10:25:10 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At21.job
[2012/03/30 09:12:50 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At20.job
[2012/03/30 09:08:38 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At19.job
[2012/03/30 08:03:06 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At18.job
[2012/03/30 08:03:06 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At17.job
[2012/03/30 07:44:42 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At8.job
[2012/03/30 07:44:41 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At14.job
[2012/03/30 07:44:41 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At12.job
[2012/03/30 07:44:41 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At10.job
[2012/03/30 07:44:41 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At9.job
[2012/03/30 07:44:41 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At7.job
[2012/03/30 07:44:41 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At13.job
[2012/03/30 07:44:41 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At11.job
[2012/03/30 07:44:40 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At16.job
[2012/03/30 07:44:40 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At15.job
[2012/03/30 02:03:06 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At6.job
[2012/03/30 02:03:06 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At5.job
[2012/03/30 01:55:46 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At48.job
[2012/03/30 01:52:58 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At4.job
[2012/03/30 01:52:58 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At2.job
[2012/03/30 01:52:28 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At47.job
[2012/03/30 01:52:28 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At3.job
[2012/03/30 01:52:28 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At1.job
[2012/03/29 22:37:24 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/03/29 22:09:26 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At46.job
[2012/03/29 22:03:00 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At45.job
[2012/03/29 22:02:40 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At44.job
[2012/03/29 22:02:40 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At42.job
[2012/03/29 22:02:40 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At40.job
[2012/03/29 22:02:40 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At38.job
[2012/03/29 22:02:40 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At36.job
[2012/03/29 22:02:40 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At34.job
[2012/03/29 22:02:40 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At32.job
[2012/03/29 22:02:40 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At30.job
[2012/03/29 22:02:40 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At28.job
[2012/03/29 22:02:40 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At43.job
[2012/03/29 22:02:40 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At41.job
[2012/03/29 22:02:40 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At39.job
[2012/03/29 22:02:40 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At37.job
[2012/03/29 22:02:40 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At35.job
[2012/03/29 22:02:40 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At33.job
[2012/03/29 22:02:40 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At31.job
[2012/03/29 22:02:40 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At29.job
[2012/03/29 22:02:40 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At27.job
[2012/03/29 22:01:03 | 000,000,112 | ---- | M] () -- C:\ProgramData\GWV4LhQ.dat
[2012/03/29 21:47:00 | 000,099,328 | ---- | M] () -- C:\windows\System32\k5BF8M.com_
[2012/03/29 12:38:36 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/03/29 12:38:36 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/03/28 09:13:06 | 000,001,078 | ---- | M] () -- C:\Users\Tonerama\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/03/25 18:45:31 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/03/22 08:50:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\OTL.exe
[2012/03/22 03:48:17 | 000,879,714 | ---- | M] () -- C:\Users\Tonerama\Desktop\SecurityCheck.exe
[2012/03/15 08:37:42 | 000,409,752 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/03/09 00:45:40 | 000,005,632 | ---- | M] () -- C:\Users\Tonerama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/03/30 10:53:20 | 000,879,714 | ---- | C] () -- C:\Users\Tonerama\Desktop\SecurityCheck.exe
[2012/03/29 22:23:46 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/03/29 22:23:46 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/03/29 22:23:46 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/03/29 22:23:46 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/03/29 22:23:46 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/03/29 21:46:34 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At48.job
[2012/03/29 21:46:34 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At46.job
[2012/03/29 21:46:34 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At44.job
[2012/03/29 21:46:34 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At42.job
[2012/03/29 21:46:34 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At40.job
[2012/03/29 21:46:34 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At47.job
[2012/03/29 21:46:34 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At45.job
[2012/03/29 21:46:34 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At43.job
[2012/03/29 21:46:34 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At41.job
[2012/03/29 21:46:34 | 000,000,112 | ---- | C] () -- C:\ProgramData\GWV4LhQ.dat
[2012/03/29 21:46:33 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At38.job
[2012/03/29 21:46:33 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At36.job
[2012/03/29 21:46:33 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At34.job
[2012/03/29 21:46:33 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At32.job
[2012/03/29 21:46:33 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At30.job
[2012/03/29 21:46:33 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At28.job
[2012/03/29 21:46:33 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At39.job
[2012/03/29 21:46:33 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At37.job
[2012/03/29 21:46:33 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At35.job
[2012/03/29 21:46:33 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At33.job
[2012/03/29 21:46:33 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At31.job
[2012/03/29 21:46:33 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At29.job
[2012/03/29 21:46:33 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At27.job
[2012/03/29 21:46:32 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At26.job
[2012/03/29 21:46:32 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At24.job
[2012/03/29 21:46:32 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At22.job
[2012/03/29 21:46:32 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At20.job
[2012/03/29 21:46:32 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At18.job
[2012/03/29 21:46:32 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At16.job
[2012/03/29 21:46:32 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At25.job
[2012/03/29 21:46:32 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At23.job
[2012/03/29 21:46:32 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At21.job
[2012/03/29 21:46:32 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At19.job
[2012/03/29 21:46:32 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At17.job
[2012/03/29 21:46:32 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At15.job
[2012/03/29 21:46:31 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At8.job
[2012/03/29 21:46:31 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At6.job
[2012/03/29 21:46:31 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At4.job
[2012/03/29 21:46:31 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At14.job
[2012/03/29 21:46:31 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At12.job
[2012/03/29 21:46:31 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At10.job
[2012/03/29 21:46:31 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At9.job
[2012/03/29 21:46:31 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At7.job
[2012/03/29 21:46:31 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At5.job
[2012/03/29 21:46:31 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At3.job
[2012/03/29 21:46:31 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At13.job
[2012/03/29 21:46:31 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At11.job
[2012/03/29 21:46:30 | 000,099,328 | ---- | C] () -- C:\windows\System32\k5BF8M.com_
[2012/03/29 21:46:30 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At2.job
[2012/03/29 21:46:30 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At1.job
[2012/03/29 12:38:37 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/02/07 23:36:01 | 000,005,632 | ---- | C] () -- C:\Users\Tonerama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 18:01:28 | 000,000,292 | ---- | C] () -- C:\windows\System32\secustat.dat
[2011/12/10 23:26:23 | 000,000,598 | ---- | C] () -- C:\windows\System32\secushr.dat
[2011/12/10 23:03:55 | 000,000,025 | ---- | C] () -- C:\windows\libem.INI
[2011/09/29 09:16:12 | 000,000,094 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/09/16 09:35:50 | 000,034,817 | ---- | C] () -- C:\windows\System32\icmrreg.dll
[2011/09/14 19:35:42 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011/09/14 19:21:04 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe
[2010/07/06 23:32:45 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

========== LOP Check ==========

[2011/09/29 09:16:12 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\AuctionSentry
[2012/01/17 23:55:34 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\BAxBEx
[2012/03/14 23:16:02 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\BITS
[2011/12/10 23:03:28 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\FlashGet
[2011/12/10 23:03:25 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\FlashGetBHO
[2011/10/18 15:52:23 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\Toshiba
[2011/10/08 11:13:23 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\WildTangent
[2012/03/30 01:52:28 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At1.job
[2012/03/30 07:44:41 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At10.job
[2012/03/30 07:44:41 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At11.job
[2012/03/30 07:44:41 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At12.job
[2012/03/30 07:44:41 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At13.job
[2012/03/30 07:44:41 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At14.job
[2012/03/30 07:44:40 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At15.job
[2012/03/30 07:44:40 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At16.job
[2012/03/30 08:03:06 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At17.job
[2012/03/30 08:03:06 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At18.job
[2012/03/30 09:08:38 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At19.job
[2012/03/30 01:52:58 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At2.job
[2012/03/30 09:12:50 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At20.job
[2012/03/30 10:25:10 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At21.job
[2012/03/30 10:25:10 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At22.job
[2012/03/30 11:03:01 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At23.job
[2012/03/30 11:07:59 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At24.job
[2012/03/30 12:07:25 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At25.job
[2012/03/30 12:05:25 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At26.job
[2012/03/29 22:02:40 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At27.job
[2012/03/29 22:02:40 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At28.job
[2012/03/29 22:02:40 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At29.job
[2012/03/30 01:52:28 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At3.job
[2012/03/29 22:02:40 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At30.job
[2012/03/29 22:02:40 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At31.job
[2012/03/29 22:02:40 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At32.job
[2012/03/29 22:02:40 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At33.job
[2012/03/29 22:02:40 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At34.job
[2012/03/29 22:02:40 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At35.job
[2012/03/29 22:02:40 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At36.job
[2012/03/29 22:02:40 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At37.job
[2012/03/29 22:02:40 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At38.job
[2012/03/29 22:02:40 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At39.job
[2012/03/30 01:52:58 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At4.job
[2012/03/29 22:02:40 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At40.job
[2012/03/29 22:02:40 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At41.job
[2012/03/29 22:02:40 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At42.job
[2012/03/29 22:02:40 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At43.job
[2012/03/29 22:02:40 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At44.job
[2012/03/29 22:03:00 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At45.job
[2012/03/29 22:09:26 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At46.job
[2012/03/30 01:52:28 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At47.job
[2012/03/30 01:55:46 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At48.job
[2012/03/30 02:03:06 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At5.job
[2012/03/30 02:03:06 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At6.job
[2012/03/30 07:44:41 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At7.job
[2012/03/30 07:44:42 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\At8.job
[2012/03/30 07:44:41 | 000,000,346 | ---- | M] () -- C:\windows\Tasks\At9.job
[2009/07/14 02:23:46 | 000,018,746 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


My Checkup

Results of screen317's Security Check version 0.99.32
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 17
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
``````````End of Log````````````

Edited by nubiwan, 30 March 2012 - 03:05 PM.


#2 nubiwan

nubiwan

    Active Member

  • Active Members
  • 44 posts

Posted 30 March 2012 - 05:41 PM

Ran a full MBAM scan and found more rootkit files : See this:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.30.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Tonerama :: TONERAMA-PC [administrator]

Protection: Disabled

30/03/2012 1:04:26 PM
mbam-log-2012-03-30 (13-04-26).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 323557
Time elapsed: 1 hour(s), 23 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Qoobox\Quarantine\C\Windows\system32\cvsnt.dll.vir (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\system32\dlapoolm.dll.vir (RootKit.0Access.H) -> Quarantined and deleted successfully.

(end)

I still have the sound files playing - sounds like advert sounbits - fookin irritating as all hell....

Edited by nubiwan, 30 March 2012 - 05:42 PM.


#3 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • General Admin
  • 15,854 posts

Posted 05 April 2012 - 03:08 PM

The recent detects are in Combofix's quarantine . no reason to consider them part of the problem.

Other infections do show in the OTL logs.

When did you install and run Combofix?? If available, please post the Combofix log in this thread.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users