TechSpot

Why do my programs keep closing? Virus?

Solved
By Georgebruv772
Apr 17, 2011
  1. Hi there,

    I have Windows Xp and for some reason my programs keep closing. Firefox and OpenOffice and IE are the main ones.

    It's really annoying as they just close without any warning.

    I would really appreciate some help with this as my virus checker shows nothing, but other users have told me that it probably is a virus.

    Any help is appreciated.

    Thanks

    George
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    [​IMG]
    (Image courtesy animationplayhouse.com)

    Welcome to this forum George. I'm sorry those who replied to your other thread didn't refer you to this: I have asked that that thread be close, so please use this thread for all information about this problem

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    I can't giver you an answer to the question without information to go on. The logs from these scan will help.
    I note 2 of the programs closing down are browsers. It's possible something within the browsers, like a setting may be causing this.

    Please describe for me how or when these 'close down.' Do they crash when you're surfing? Or when you launch them to surf?

    Some information about your system would also be helpful:
    1. Operating system?
    2. How much RAM is installed?
    3. New Problem? Did you download, install or update before it began?
     
  3. Georgebruv772

    Georgebruv772 TS Rookie Topic Starter Posts: 28

    Hello there and thanks for your response.

    I have been through the 8-step program you advised and will post the logs below.

    In answer to your questions:

    1. My operating system is Windows XP Professional 2002

    2. My computer says I have 504MB of RAM

    3. I don't think so, no.

    The logs:

    Malaware log

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6384

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    17/04/2011 17:14:40
    mbam-log-2011-04-17 (17-14-40).txt

    Scan type: Quick scan
    Objects scanned: 157362
    Time elapsed: 34 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\sdnasdiiftf (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{B1F46AE3-FF64-F811-6DCC-E62C80BB3DE6} (Trojan.Dropper) -> Value: {B1F46AE3-FF64-F811-6DCC-E62C80BB3DE6} -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\qvbfmgck (Trojan.FakeAlertR.Gen) -> Value: qvbfmgck -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\george putland\application data\Maecwa\gyove.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    (Relocated misplaced Malwarebytes entries
    ============================================

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 31/01/2011 17:17:10
    System Uptime: 17/04/2011 17:19:35 (1 hours ago)
    .
    Motherboard: TOSHIBA | | HAQAA
    Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | U2E1 | 1662/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 56 GiB total, 18.648 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/Wireless 3945ABG Network Connection
    Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10418086&REV_02\4&20975680&0&00E1
    Manufacturer: Intel Corporation
    Name: Intel(R) PRO/Wireless 3945ABG Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10418086&REV_02\4&20975680&0&00E1
    Service: w39n51
    .
    ==== System Restore Points ===================
    .
    RP18: 10/02/2011 18:49:55 - Installed InstallShield Restore Point
    RP19: 10/02/2011 18:51:24 - Installed EPSON Attach To Email
    RP20: 10/02/2011 18:52:11 - Installed EPSON Scan Assistant
    RP21: 10/02/2011 18:52:47 - Installed EPSON File Manager
    RP22: 10/02/2011 18:52:51 - Installed EPSON File Manager
    RP23: 10/02/2011 18:54:09 - Installed Camera RAW Plug-In for EPSON Creativity Suite
    RP24: 10/02/2011 18:54:18 - Installed Camera RAW Plug-In for EPSON Creativity Suite
    RP25: 16/02/2011 12:19:51 - Removed Adobe Reader 7.0.5
    RP26: 16/02/2011 12:20:19 - Installed Adobe Reader X (10.0.1).
    RP27: 18/02/2011 16:51:32 - Removed Microsoft Silverlight
    RP28: 18/02/2011 16:54:32 - Removed Microsoft Office OneNote 2003
    RP29: 19/02/2011 12:49:35 - Software Distribution Service 3.0
    RP30: 20/02/2011 21:10:08 - System Checkpoint
    RP31: 26/02/2011 13:04:26 - System Checkpoint
    RP32: 27/02/2011 00:41:24 - Installed Windows Media Player 10
    RP33: 27/02/2011 00:42:38 - Software Distribution Service 3.0
    RP34: 27/02/2011 01:13:19 - Software Distribution Service 3.0
    RP35: 27/02/2011 09:31:45 - Software Distribution Service 3.0
    RP36: 28/02/2011 15:20:30 - Software Distribution Service 3.0
    RP37: 09/03/2011 14:16:24 - Software Distribution Service 3.0
    RP38: 09/03/2011 17:03:40 - Software Distribution Service 3.0
    RP39: 13/03/2011 16:40:41 - Software Distribution Service 3.0
    RP40: 14/03/2011 17:51:24 - System Checkpoint
    RP41: 14/03/2011 20:36:20 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    RP42: 14/03/2011 20:38:16 - Removed Java(TM) 6 Update 20
    RP43: 14/03/2011 20:39:16 - Installed Java(TM) 6 Update 22
    RP44: 14/03/2011 20:42:18 - Removed OpenOffice.org 3.2
    RP45: 14/03/2011 20:44:31 - Installed OpenOffice.org 3.3
    RP46: 16/03/2011 13:27:24 - System Checkpoint
    RP47: 24/03/2011 19:34:09 - Software Distribution Service 3.0
    RP48: 28/03/2011 20:42:22 - System Checkpoint
    RP49: 06/04/2011 22:28:57 - Printer Driver Send To Microsoft OneNote 2010 Driver Installed
    RP50: 07/04/2011 20:11:07 - Software Distribution Service 3.0
    RP51: 10/04/2011 12:02:52 - Installed Java(TM) 6 Update 24
    RP52: 11/04/2011 19:48:49 - Installed Microsoft Office Home and Student 2007
    RP53: 11/04/2011 20:03:45 - Printer Driver Send To Microsoft OneNote Driver Installed
    RP54: 11/04/2011 20:19:29 - Removed Microsoft Office Home and Student 2007
    RP55: 11/04/2011 20:34:21 - Installed Microsoft Office Home and Student 2007
    RP56: 11/04/2011 20:41:51 - Printer Driver Send To Microsoft OneNote Driver Installed
    RP57: 11/04/2011 20:48:03 - Removed Microsoft Office Home and Student 2007
    RP58: 11/04/2011 20:53:14 - Removed Microsoft Office Click-to-Run 2010
    RP59: 14/04/2011 13:04:54 - Software Distribution Service 3.0
    RP60: 17/04/2011 12:25:21 - Software Distribution Service 3.0
    RP61: 17/04/2011 13:00:24 - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1)
    ALPS Touch Pad Driver
    Amazon Kindle For PC
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.3.13 (Unicode)
    Audible Download Manager
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    CD/DVD Drive Acoustic Silencer
    Dorling Kindersley Application Database v1.4
    EPSON Attach To Email
    EPSON File Manager
    EPSON Printer Software
    EPSON Scan
    EPSON Scan Assistant
    EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
    FlipShare
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    InterVideo WinDVD Creator 2
    InterVideo WinDVD for TOSHIBA
    iTunes
    J2SE Runtime Environment 5.0 Update 4
    Java Auto Updater
    Java(TM) 6 Update 24
    Macromedia Flash Player
    Malwarebytes' Anti-Malware
    mCore
    mDrWiFi
    mHelp
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Automated Troubleshooting Services Shim
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    mIWA
    mLogView
    mMHouse
    Mozilla Firefox 4.0 (x86 en-GB)
    mPfMgr
    mPfWiz
    mProSafe
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    mWlsSafe
    mXML
    mZConfig
    OpenOffice.org 3.3
    Pinball Science
    Pivot Stickfigure Animator
    QuickTime
    Realtek High Definition Audio Driver
    SD Secure Module
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    SMSC IrCC V5.1.3600.5 SP2
    Sonic DLA
    Sonic RecordNow!
    SUPERAntiSpyware
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Accessibility
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Controls
    TOSHIBA Controls Driver
    TOSHIBA Hardware Setup
    TOSHIBA Hotkey Utility
    TOSHIBA Manuals
    TOSHIBA Mobile Extension3 for Windows XP V3.79.00.XP.C
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    TOSHIBA Power Saver Driver
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Modem
    TOSHIBA Supervisor Password
    TOSHIBA Zooming Hook
    TOSHIBA Zooming Utility
    Touch and Launch
    TouchPad On/Off Utility
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Utility Common Driver
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    17/04/2011 18:24:15, error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 4 time(s).
    17/04/2011 17:28:27, error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 3 time(s).
    17/04/2011 17:27:31, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    17/04/2011 17:20:08, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    17/04/2011 16:23:17, error: Dhcp [1002] - The IP address lease 192.168.1.33 for the Network Card with network address 0013025FACD5 has been denied by the DHCP server 10.131.194.209 (The DHCP Server sent a DHCPNACK message).
    17/04/2011 16:19:16, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    17/04/2011 16:18:56, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    17/04/2011 16:18:56, error: Service Control Manager [7034] - The FlipShare Service service terminated unexpectedly. It has done this 1 time(s).
    17/04/2011 16:18:55, error: Service Control Manager [7034] - The Tmesrv3 service terminated unexpectedly. It has done this 1 time(s).
    17/04/2011 16:18:55, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
    17/04/2011 16:18:55, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
    17/04/2011 16:18:55, error: Service Control Manager [7034] - The ConfigFree Service service terminated unexpectedly. It has done this 1 time(s).
    17/04/2011 16:18:55, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    17/04/2011 16:18:55, error: Service Control Manager [7031] - The FlipShare Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    17/04/2011 16:18:55, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    17/04/2011 12:21:17, error: Dhcp [1002] - The IP address lease 192.168.1.33 for the Network Card with network address 0013025FACD5 has been denied by the DHCP server 10.16.249.241 (The DHCP Server sent a DHCPNACK message).
    17/04/2011 11:59:02, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
    17/04/2011 11:54:46, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
    15/04/2011 16:20:04, error: Dhcp [1002] - The IP address lease 192.168.0.17 for the Network Card with network address 0013025FACD5 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    13/04/2011 22:42:37, error: Dhcp [1002] - The IP address lease 192.168.1.33 for the Network Card with network address 0013025FACD5 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    13/04/2011 10:33:13, error: Dhcp [1002] - The IP address lease 192.168.1.33 for the Network Card with network address 0013025FACD5 has been denied by the DHCP server 10.179.235.25 (The DHCP Server sent a DHCPNACK message).
    13/04/2011 09:40:39, error: Dhcp [1002] - The IP address lease 192.168.1.35 for the Network Card with network address 0013025FACD5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    12/04/2011 10:24:00, error: Dhcp [1002] - The IP address lease 192.168.1.34 for the Network Card with network address 0013025FACD5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    11/04/2011 20:57:22, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013025FACD5. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    10/04/2011 21:19:22, error: Dhcp [1002] - The IP address lease 192.168.0.6 for the Network Card with network address 0013025FACD5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    10/04/2011 16:15:33, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
    10/04/2011 16:15:33, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/04/2011 16:15:33, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    10/04/2011 12:30:06, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================

    GMER log

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-04-17 18:19:53
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK6034GSX rev.AH101A
    Running: fjhcepks.exe; Driver: C:\DOCUME~1\GEORGE~1\LOCALS~1\Temp\fwtdqpob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA079620]

    ---- Kernel code sections - GMER 1.0.15 ----

    ? wqnqe.sys The system cannot find the file specified. !
    init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF8079EBF]

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    ---- EOF - GMER 1.0.15 ----
     
  4. Georgebruv772

    Georgebruv772 TS Rookie Topic Starter Posts: 28

    DDS logs

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by George Putland at 18:29:15.93 on 17/04/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.127 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    C:\WINDOWS\system32\TCtrlIOHook.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\George Putland\My Documents\Downloads\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [EPSON Stylus DX7400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticde.exe /fu "c:\windows\temp\E_S187.tmp" /EF "HKCU"
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
    mRun: [<NO NAME>]
    mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
    mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
    mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
    mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
    mRun: [Zooming] ZoomingHook.exe
    mRun: [TCtryIOHook] TCtrlIOHook.exe
    mRun: [TPSMain] TPSMain.exe
    mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
    mRun: [TFncKy] TFncKy.exe
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
    mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\george~1\applic~1\mozilla\firefox\profiles\mb2wt7pq.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-28 16384]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 MpKsl88a2e706;MpKsl88a2e706;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{003ee41f-8ce9-4587-8f1f-0ef09bb177b7}\MpKsl88a2e706.sys [2011-4-17 28752]
    R1 MpKsle639fea4;MpKsle639fea4;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{003ee41f-8ce9-4587-8f1f-0ef09bb177b7}\MpKsle639fea4.sys [2011-4-17 28752]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [2006-2-13 5888]
    R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-3-29 1085440]
    R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.EXE [2006-3-14 118784]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-3-13 6144]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-4-17 38224]
    .
    =============== Created Last 30 ================
    .
    2011-04-17 16:26:37 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{003ee41f-8ce9-4587-8f1f-0ef09bb177b7}\MpKsle639fea4.sys
    2011-04-17 16:22:57 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{003ee41f-8ce9-4587-8f1f-0ef09bb177b7}\MpKsl88a2e706.sys
    2011-04-17 15:36:19 -------- d-----w- c:\docume~1\george~1\applic~1\Malwarebytes
    2011-04-17 15:35:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-17 15:35:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-04-17 15:34:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-17 15:34:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-17 12:01:14 6792528 ------w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{003ee41f-8ce9-4587-8f1f-0ef09bb177b7}\mpengine.dll
    2011-04-17 12:00:35 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-04-17 11:49:27 -------- d-----w- c:\program files\Microsoft Security Client
    2011-04-14 10:24:41 -------- d-----w- c:\docume~1\george~1\applic~1\Flip Video
    2011-04-14 10:13:03 -------- d-----w- c:\program files\Flip Video
    2011-04-14 09:44:16 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
    2011-04-11 19:04:13 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
    2011-04-11 19:04:08 32592 ----a-w- c:\windows\system32\msonpmon.dll
    2011-04-11 18:53:16 -------- d-----w- c:\docume~1\george~1\locals~1\applic~1\Microsoft Help
    2011-04-11 13:58:46 -------- d-----w- c:\docume~1\george~1\applic~1\SUPERAntiSpyware.com
    2011-04-11 13:58:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2011-04-11 13:57:44 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-04-10 11:38:39 -------- d-----w- c:\windows\system32\NtmsData
    2011-04-07 22:02:39 -------- d-----w- c:\docume~1\george~1\applic~1\Yqyk
    2011-04-07 22:02:39 -------- d-----w- c:\docume~1\george~1\applic~1\Maecwa
    2011-04-07 19:02:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\VirtualizedApplications
    2011-04-06 21:33:17 -------- d-----w- c:\docume~1\george~1\locals~1\applic~1\SoftGrid Client
    2011-04-06 21:32:58 -------- d-----w- c:\docume~1\george~1\applic~1\SoftGrid Client
    2011-04-06 21:20:44 -------- d-----w- c:\docume~1\george~1\applic~1\TP
    2011-03-24 21:01:36 -------- d-----w- c:\docume~1\george~1\locals~1\applic~1\Amazon
    2011-03-24 21:00:50 -------- d-----w- c:\program files\Amazon
    .
    ==================== Find3M ====================
    .
    2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-18 16:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-12 17:25:07 288 ----a-w- c:\windows\tmpcpyis.bat
    2011-02-12 17:25:07 122 ----a-w- c:\windows\tmpdelis.bat
    2011-02-12 17:24:45 26 ----a-w- c:\windows\winstart.bat
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 18:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    .
    ============= FINISH: 18:35:38.62 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 31/01/2011 17:17:10
    System Uptime: 17/04/2011 17:19:35 (1 hours ago)
    .
    Motherboard: TOSHIBA | | HAQAA
    Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | U2E1 | 1662/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 56 GiB total, 18.648 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/Wireless 3945ABG Network Connection
    Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10418086&REV_02\4&20975680&0&00E1
    Manufacturer: Intel Corporation
    Name: Intel(R) PRO/Wireless 3945ABG Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10418086&REV_02\4&20975680&0&00E1
    Service: w39n51
    .
    ==== System Restore Points ===================
    .
    RP18: 10/02/2011 18:49:55 - Installed InstallShield Restore Point
    RP19: 10/02/2011 18:51:24 - Installed EPSON Attach To Email
    RP20: 10/02/2011 18:52:11 - Installed EPSON Scan Assistant
    RP21: 10/02/2011 18:52:47 - Installed EPSON File Manager
    RP22: 10/02/2011 18:52:51 - Installed EPSON File Manager
    RP23: 10/02/2011 18:54:09 - Installed Camera RAW Plug-In for EPSON Creativity Suite
    RP24: 10/02/2011 18:54:18 - Installed Camera RAW Plug-In for EPSON Creativity Suite
    RP25: 16/02/2011 12:19:51 - Removed Adobe Reader 7.0.5
    RP26: 16/02/2011 12:20:19 - Installed Adobe Reader X (10.0.1).
    RP27: 18/02/2011 16:51:32 - Removed Microsoft Silverlight
    RP28: 18/02/2011 16:54:32 - Removed Microsoft Office OneNote 2003
    RP29: 19/02/2011 12:49:35 - Software Distribution Service 3.0
    RP30: 20/02/2011 21:10:08 - System Checkpoint
    RP31: 26/02/2011 13:04:26 - System Checkpoint
    RP32: 27/02/2011 00:41:24 - Installed Windows Media Player 10
    RP33: 27/02/2011 00:42:38 - Software Distribution Service 3.0
    RP34: 27/02/2011 01:13:19 - Software Distribution Service 3.0
    RP35: 27/02/2011 09:31:45 - Software Distribution Service 3.0
    RP36: 28/02/2011 15:20:30 - Software Distribution Service 3.0
    RP37: 09/03/2011 14:16:24 - Software Distribution Service 3.0
    RP38: 09/03/2011 17:03:40 - Software Distribution Service 3.0
    RP39: 13/03/2011 16:40:41 - Software Distribution Service 3.0
    RP40: 14/03/2011 17:51:24 - System Checkpoint
    RP41: 14/03/2011 20:36:20 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    RP42: 14/03/2011 20:38:16 - Removed Java(TM) 6 Update 20
    RP43: 14/03/2011 20:39:16 - Installed Java(TM) 6 Update 22
    RP44: 14/03/2011 20:42:18 - Removed OpenOffice.org 3.2
    RP45: 14/03/2011 20:44:31 - Installed OpenOffice.org 3.3
    RP46: 16/03/2011 13:27:24 - System Checkpoint
    RP47: 24/03/2011 19:34:09 - Software Distribution Service 3.0
    RP48: 28/03/2011 20:42:22 - System Checkpoint
    RP49: 06/04/2011 22:28:57 - Printer Driver Send To Microsoft OneNote 2010 Driver Installed
    RP50: 07/04/2011 20:11:07 - Software Distribution Service 3.0
    RP51: 10/04/2011 12:02:52 - Installed Java(TM) 6 Update 24
    RP52: 11/04/2011 19:48:49 - Installed Microsoft Office Home and Student 2007
    RP53: 11/04/2011 20:03:45 - Printer Driver Send To Microsoft OneNote Driver Installed
    RP54: 11/04/2011 20:19:29 - Removed Microsoft Office Home and Student 2007
    RP55: 11/04/2011 20:34:21 - Installed Microsoft Office Home and Student 2007
    RP56: 11/04/2011 20:41:51 - Printer Driver Send To Microsoft OneNote Driver Installed
    RP57: 11/04/2011 20:48:03 - Removed Microsoft Office Home and Student 2007
    RP58: 11/04/2011 20:53:14 - Removed Microsoft Office Click-to-Run 2010
    RP59: 14/04/2011 13:04:54 - Software Distribution Service 3.0
    RP60: 17/04/2011 12:25:21 - Software Distribution Service 3.0
    RP61: 17/04/2011 13:00:24 - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1)
    ALPS Touch Pad Driver
    Amazon Kindle For PC
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.3.13 (Unicode)
    Audible Download Manager
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    CD/DVD Drive Acoustic Silencer
    Dorling Kindersley Application Database v1.4
    EPSON Attach To Email
    EPSON File Manager
    EPSON Printer Software
    EPSON Scan
    EPSON Scan Assistant
    EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
    FlipShare
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    InterVideo WinDVD Creator 2
    InterVideo WinDVD for TOSHIBA
    iTunes
    J2SE Runtime Environment 5.0 Update 4
    Java Auto Updater
    Java(TM) 6 Update 24
    Macromedia Flash Player
    Malwarebytes' Anti-Malware
    mCore
    mDrWiFi
    mHelp
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Automated Troubleshooting Services Shim
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    mIWA
    mLogView
    mMHouse
    Mozilla Firefox 4.0 (x86 en-GB)
    mPfMgr
    mPfWiz
    mProSafe
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    mWlsSafe
    mXML
    mZConfig
    OpenOffice.org 3.3
    Pinball Science
    Pivot Stickfigure Animator
    QuickTime
    Realtek High Definition Audio Driver
    SD Secure Module
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    SMSC IrCC V5.1.3600.5 SP2
    Sonic DLA
    Sonic RecordNow!
    SUPERAntiSpyware
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Accessibility
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Controls
    TOSHIBA Controls Driver
    TOSHIBA Hardware Setup
    TOSHIBA Hotkey Utility
    TOSHIBA Manuals
    TOSHIBA Mobile Extension3 for Windows XP V3.79.00.XP.C
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    TOSHIBA Power Saver Driver
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Modem
    TOSHIBA Supervisor Password
    TOSHIBA Zooming Hook
    TOSHIBA Zooming Utility
    Touch and Launch
    TouchPad On/Off Utility
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Utility Common Driver
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    17/04/2011 18:24:15, error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 4 time(s).
    17/04/2011 17:28:27, error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 3 time(s).
    17/04/2011 17:27:31, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    17/04/2011 17:20:08, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    17/04/2011 16:23:17, error: Dhcp [1002] - The IP address lease 192.168.1.33 for the Network Card with network address 0013025FACD5 has been denied by the DHCP server 10.131.194.209 (The DHCP Server sent a DHCPNACK message).
    17/04/2011 16:19:16, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    17/04/2011 16:18:56, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    17/04/2011 16:18:56, error: Service Control Manager [7034] - The FlipShare Service service terminated unexpectedly. It has done this 1 time(s).
    17/04/2011 16:18:55, error: Service Control Manager [7034] - The Tmesrv3 service terminated unexpectedly. It has done this 1 time(s).
    17/04/2011 16:18:55, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
    17/04/2011 16:18:55, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
    17/04/2011 16:18:55, error: Service Control Manager [7034] - The ConfigFree Service service terminated unexpectedly. It has done this 1 time(s).
    17/04/2011 16:18:55, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    17/04/2011 16:18:55, error: Service Control Manager [7031] - The FlipShare Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    17/04/2011 16:18:55, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    17/04/2011 12:21:17, error: Dhcp [1002] - The IP address lease 192.168.1.33 for the Network Card with network address 0013025FACD5 has been denied by the DHCP server 10.16.249.241 (The DHCP Server sent a DHCPNACK message).
    17/04/2011 11:59:02, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
    17/04/2011 11:54:46, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
    15/04/2011 16:20:04, error: Dhcp [1002] - The IP address lease 192.168.0.17 for the Network Card with network address 0013025FACD5 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    13/04/2011 22:42:37, error: Dhcp [1002] - The IP address lease 192.168.1.33 for the Network Card with network address 0013025FACD5 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    13/04/2011 10:33:13, error: Dhcp [1002] - The IP address lease 192.168.1.33 for the Network Card with network address 0013025FACD5 has been denied by the DHCP server 10.179.235.25 (The DHCP Server sent a DHCPNACK message).
    13/04/2011 09:40:39, error: Dhcp [1002] - The IP address lease 192.168.1.35 for the Network Card with network address 0013025FACD5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    12/04/2011 10:24:00, error: Dhcp [1002] - The IP address lease 192.168.1.34 for the Network Card with network address 0013025FACD5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    11/04/2011 20:57:22, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013025FACD5. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    10/04/2011 21:19:22, error: Dhcp [1002] - The IP address lease 192.168.0.6 for the Network Card with network address 0013025FACD5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    10/04/2011 16:15:33, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
    10/04/2011 16:15:33, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/04/2011 16:15:33, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    10/04/2011 12:30:06, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================

    Thnaks for your time
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Your programs are closing because you don't have enough RAM. You need a minimum of 512MB just to run Windows XP well. Everything you add to that doesn't have anything to run on. Think of your system as a car. Then think of the RAM as the gas for it. In order to run the car well, you best have a tankful of gas. As it runs low, the car will start to sputter. When the gas has been all use up, the car will stop.

    That's what's happening to your system. It's using RAM to run the operating system. You open your email and minimize it on the Taskbar. You launch the browser> Firefox or IE. They may have addons running in addition to the browser it self. You surf, using gas as you drive down the road. You're going uphill which requires more gas. That's what happens when you load a site or a page.

    It's a battle you won't win unless you add more RAM.

    You have a small amount of malware and some entries that need to be identified- but not enough to make programs close. On top of that, you're running
    17 Toshiba processes. You computer came to you with these processes pre-loaded. Most users don't realize the processes are running in the background, using resources. And very few users use any significant number of any preloaded processes! I came across the following comment once, which I saved:
    =================================
    You might have thought adding/removing this was a good idea- but did you get rid of all the left over files?
    The Restore Points are good things- but they do show some actions that were taken. This was all on the same day, within one hour!
    RP52: 11/04/2011 19:48:49 - Installed Microsoft Office Home and Student 2007
    RP54: 11/04/2011 20:19:29 - Removed Microsoft Office Home and Student 2007
    RP55: 11/04/2011 20:34:21 - Installed Microsoft Office Home and Student 2007
    RP57: 11/04/2011 20:48:03 - Removed Microsoft Office Home and Student 2007
    RP58: 11/04/2011 20:53:14 - Removed Microsoft Office Click-to-Run 2010

    It look like you installed this 3 times, going by the Restore Points:
    RP49: 06/04/2011 22:28:57 - Printer Driver Send To Microsoft OneNote 2010 Driver Installed
    RP53: 11/04/2011 20:03:45 - Printer Driver Send To Microsoft OneNote Driver Installed
    RP56: 11/04/2011 20:41:51 - Printer Driver Send To Microsoft OneNote Driver Installed

    You recently added these programs:
    2011-04-14 c:\program files\Flip Video
    2011-04-14 c:\program files\Audacity 1.3 Beta (Unicode)
    2011-04-11 c:\program files\SUPERAntiSpyware
    I suggest you uninstall them. Your system can't support them.

    You also added this:
    2011-04-17 c:\program files\Microsoft Security Client>> while you need security, this wasn't a good time to add a suite.

    We aren't going to be able to do much to clean the system because I don't think it will support the programs to run the scans. But the following is an online virus scan- let's see what it picks up:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
     
  6. Georgebruv772

    Georgebruv772 TS Rookie Topic Starter Posts: 28

    I didn't even think of that.

    Here we go:

    C:\System Volume Information\_restore{9FAF94E5-43DA-4BB6-B252-71A405ADC3BC}\RP58\A0015114.exe a variant of Win32/Kryptik.MMS trojan
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Well, that's a good thing! The only entry Eset found was in a System Restore point. That means it's not longer active in the system. If you were to do a System Restore and choose that particular point, you could reinfect the system. When we finish cleaning, we have you set a new clean restore point and drop the old ones.
    ============================
    Edit: If you have not run Combofix yet, run HijackThis first instead. Leave the log and I can have you stop all unnecessary processes. Then we will have a better chance to run the cleaning programs. Don't go on to Combofix until I check the HijackThis log first. Then when some of the unnecessary processes have been stopped, I will give you the go ahead for Combofix:
    ============================
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    =======================================================
    Wait on the following per my edit.

    =====================================================
    I think the RAM is the cause of your problem. I would like you to run Combofix if you can. I can't guarantee that it won't close the system, but you can give it a try:

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    All though it will add a bit extra, if you don't have the Recovery Console on the system, when Combofix does the query, if would be a good idea to get it. Make surre all other programs are closed when you run this:
     
  8. Georgebruv772

    Georgebruv772 TS Rookie Topic Starter Posts: 28

    Sorry, I had already run Combofix before I got your edit message. Do you want the log from it?
     
  9. Georgebruv772

    Georgebruv772 TS Rookie Topic Starter Posts: 28

    I'll put it on anyway.

    ComboFix 11-04-19.01 - George Putland 20/04/2011 0:26.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.23 [GMT 1:00]
    Running from: c:\documents and settings\George Putland\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\docume~1\GEORGE~1\LOCALS~1\Temp\SAS48F.tmp
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\George Putland\Local Settings\Temp\SAS48F.tmp
    c:\documents and settings\George Putland\WINDOWS
    c:\windows\system32\config\systemprofile\WINDOWS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-19 to 2011-04-19 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-19 11:24 . 2011-04-19 11:24 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91BA4770-E5F6-4929-829F-C1A14B037C34}\MpKsl98a37cb6.sys
    2011-04-19 10:20 . 2011-04-19 10:20 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91BA4770-E5F6-4929-829F-C1A14B037C34}\MpKsle7d139ad.sys
    2011-04-19 10:18 . 2011-04-19 10:18 -------- d-----w- c:\program files\ESET
    2011-04-18 14:45 . 2011-04-18 14:45 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91BA4770-E5F6-4929-829F-C1A14B037C34}\MpKsl41c4b743.sys
    2011-04-18 14:42 . 2011-04-18 14:42 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91BA4770-E5F6-4929-829F-C1A14B037C34}\MpKsl1d20268c.sys
    2011-04-18 14:41 . 2011-03-14 20:05 6792528 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-04-18 14:39 . 2011-03-14 20:05 6792528 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91BA4770-E5F6-4929-829F-C1A14B037C34}\mpengine.dll
    2011-04-17 15:36 . 2011-04-17 15:36 -------- d-----w- c:\documents and settings\George Putland\Application Data\Malwarebytes
    2011-04-17 15:35 . 2011-04-17 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-04-17 15:34 . 2011-04-17 17:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-17 12:00 . 2011-02-02 17:11 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-04-17 11:49 . 2011-04-17 11:51 -------- d-----w- c:\program files\Microsoft Security Client
    2011-04-14 10:24 . 2011-04-14 10:24 -------- d-----w- c:\documents and settings\George Putland\Application Data\Flip Video
    2011-04-14 10:14 . 2011-04-14 10:14 -------- d-----w- c:\documents and settings\LocalService\Application Data\Flip Video
    2011-04-14 10:13 . 2011-04-14 10:13 -------- d-----w- c:\program files\Flip Video
    2011-04-14 09:44 . 2011-04-14 09:50 -------- d-----w- c:\documents and settings\George Putland\Application Data\Audacity
    2011-04-14 09:44 . 2011-04-19 10:14 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
    2011-04-13 22:02 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    2011-04-11 19:04 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
    2011-04-11 19:04 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
    2011-04-11 18:53 . 2011-04-11 18:53 -------- d-----w- c:\documents and settings\George Putland\Local Settings\Application Data\Microsoft Help
    2011-04-11 18:51 . 2011-04-11 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2011-04-11 13:58 . 2011-04-11 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-04-10 11:38 . 2011-04-10 14:40 -------- d-----w- c:\windows\system32\NtmsData
    2011-04-07 22:02 . 2011-04-17 16:14 -------- d-----w- c:\documents and settings\George Putland\Application Data\Maecwa
    2011-04-07 22:02 . 2011-04-13 22:22 -------- d-----w- c:\documents and settings\George Putland\Application Data\Yqyk
    2011-04-07 19:02 . 2011-04-07 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtualizedApplications
    2011-04-06 21:33 . 2011-04-06 21:33 -------- d-----w- c:\documents and settings\George Putland\Local Settings\Application Data\SoftGrid Client
    2011-04-06 21:32 . 2011-04-11 19:52 -------- d-----w- c:\documents and settings\George Putland\Application Data\SoftGrid Client
    2011-04-06 21:27 . 2011-04-11 19:53 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client
    2011-04-06 21:20 . 2011-04-06 21:30 -------- d-----w- c:\documents and settings\George Putland\Application Data\TP
    2011-03-24 21:01 . 2011-03-24 21:01 -------- d-----w- c:\documents and settings\George Putland\Application Data\Amazon
    2011-03-24 21:01 . 2011-03-24 21:01 -------- d-----w- c:\documents and settings\George Putland\Local Settings\Application Data\Amazon
    2011-03-24 21:00 . 2011-03-24 21:00 -------- d-----w- c:\program files\Amazon
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-07 05:33 . 2006-02-13 06:43 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37 . 2006-02-13 05:29 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21 . 2006-02-13 05:29 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06 . 2006-02-13 05:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06 . 2006-02-13 05:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06 . 2006-02-13 05:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41 . 2006-02-13 05:29 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-18 16:36 . 2011-01-31 18:12 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-02-18 16:36 . 2011-01-31 18:12 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-17 13:18 . 2006-02-13 05:29 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:18 . 2006-02-13 05:29 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:32 . 2011-01-31 17:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56 . 2006-02-13 05:29 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-12 17:25 . 2011-02-12 17:24 288 ----a-w- c:\windows\tmpcpyis.bat
    2011-02-12 17:25 . 2011-02-12 17:24 122 ----a-w- c:\windows\tmpdelis.bat
    2011-02-12 17:24 . 2011-02-12 17:24 26 ----a-w- c:\windows\winstart.bat
    2011-02-09 13:53 . 2006-02-13 05:29 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2006-02-13 05:29 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33 . 2006-02-13 05:29 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33 . 2006-02-13 05:29 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-02-02 20:40 . 2011-01-31 17:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 18:19 . 2011-03-14 20:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-02 07:58 . 2006-02-13 06:41 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-31 17:19 . 2011-01-31 17:19 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2011-01-27 11:57 . 2006-02-13 06:41 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2006-02-13 05:29 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-03-18 17:57 . 2011-04-10 15:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
    "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
    "CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-12-01 671744]
    "HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
    "SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
    "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-21 1077330]
    "TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2005-12-13 53248]
    "Zooming"="ZoomingHook.exe" [2005-06-06 24576]
    "TCtryIOHook"="TCtrlIOHook.exe" [2005-12-05 28672]
    "TPSMain"="TPSMain.exe" [2005-08-11 266240]
    "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
    "TFncKy"="TFncKy.exe" [BU]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
    "TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-04-05 118784]
    "TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2005-04-05 77824]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2010-10-19 1795488]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "24726:TCP"= 24726:TCP:FlipShareServer
    "24727:TCP"= 24727:TCP:FlipShareServer
    .
    R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [28/12/2004 00:31 16384]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [13/03/2006 10:56 6144]
    R1 MpKsl1d20268c;MpKsl1d20268c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91BA4770-E5F6-4929-829F-C1A14B037C34}\MpKsl1d20268c.sys [18/04/2011 15:42 28752]
    R1 MpKsl41c4b743;MpKsl41c4b743;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91BA4770-E5F6-4929-829F-C1A14B037C34}\MpKsl41c4b743.sys [18/04/2011 15:45 28752]
    R1 MpKsl88a2e706;MpKsl88a2e706;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{003EE41F-8CE9-4587-8F1F-0EF09BB177B7}\MpKsl88a2e706.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{003EE41F-8CE9-4587-8F1F-0EF09BB177B7}\MpKsl88a2e706.sys [?]
    R1 MpKsl98a37cb6;MpKsl98a37cb6;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91BA4770-E5F6-4929-829F-C1A14B037C34}\MpKsl98a37cb6.sys [19/04/2011 12:24 28752]
    R1 MpKsldb68b2da;MpKsldb68b2da;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{003EE41F-8CE9-4587-8F1F-0EF09BB177B7}\MpKsldb68b2da.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{003EE41F-8CE9-4587-8F1F-0EF09BB177B7}\MpKsldb68b2da.sys [?]
    R1 MpKsle639fea4;MpKsle639fea4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{003EE41F-8CE9-4587-8F1F-0EF09BB177B7}\MpKsle639fea4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{003EE41F-8CE9-4587-8F1F-0EF09BB177B7}\MpKsle639fea4.sys [?]
    R1 MpKsle7d139ad;MpKsle7d139ad;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91BA4770-E5F6-4929-829F-C1A14B037C34}\MpKsle7d139ad.sys [19/04/2011 11:20 28752]
    R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [13/02/2006 12:40 5888]
    R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [29/03/2011 14:35 1085440]
    R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.EXE [14/03/2006 06:18 118784]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSL1D20268C
    *NewlyCreated* - MPKSL41C4B743
    *NewlyCreated* - MPKSL98A37CB6
    *NewlyCreated* - MPKSLDB68B2DA
    *NewlyCreated* - MPKSLE7D139AD
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-01-31 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
    .
    2011-04-19 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyOverride = *.local
    FF - ProfilePath - c:\documents and settings\George Putland\Application Data\Mozilla\Firefox\Profiles\mb2wt7pq.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-20 00:33
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(936)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2011-04-20 00:36:05
    ComboFix-quarantined-files.txt 2011-04-19 23:36
    .
    Pre-Run: 20,095,651,840 bytes free
    Post-Run: 20,077,228,032 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - CB011D66CFE8E8FB3EC648C62E707E28
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Go ahead and run HijackThis also.

    To help with the RAM issue:
    1. Reboot the system frequently. That will help free up RM from programs you have run.
    2. Keep the temporary internet files under control> delete them frequently
    3. Do a defrag on the hard drive

    I'll review Combofix later.
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I'm going to wait until I get the HijackThis log. I can have you stop unnecessary processes, take some off of startup, change some Services to Manual or Disabled. I can then suggest what you might want to consider uninstalling. Then I can remove any 'left over' processes with script for you to run through Combofix.
     
     
  12. Georgebruv772

    Georgebruv772 TS Rookie Topic Starter Posts: 28

    Okay, here's the log.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 22:04:20, on 21/04/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    C:\WINDOWS\system32\TCtrlIOHook.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\QuickTime\QuickTimePlayer.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Documents and Settings\George Putland\Desktop\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
    O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
    O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    O23 - Service: FlipShare Server (FlipShareServer) - Unknown owner - C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

    --
    End of file - 8397 bytes

    Thanks again
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Give this a run and see if you notice any difference: There are a lot of entries in the codebox. Make sure you copy all of the contents.

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\tmpcpyis.bat
    c:\windows\tmpdelis.bat
    c:\windows\winstart.bat
    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{003EE41F-8CE9-4587-8F1F-0EF09BB177B7}\MpKsl88a2e706.sys
    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{003EE41F-8CE9-4587-8F1F-0EF09BB177B7}\MpKsldb68b2da.sys
    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{003EE41F-8CE9-4587-8F1F-0EF09BB177B7}\MpKsle639fea4.sys
    Folder::
    c:\program files\Microsoft Security Client
    c:\documents and settings\George Putland\Application Data\Flip Video
    c:\documents and settings\LocalService\Application Data\Flip Video
    c:\program files\Flip Video
    c:\documents and settings\George Putland\Application Data\Audacity
    c:\program files\Audacity 1.3 Beta (Unicode)
    c:\documents and settings\George Putland\Local Settings\Application Data\Microsoft Help
    c:\documents and settings\All Users\Application Data\Microsoft Help
    c:\documents and settings\George Putland\Application Data\Maecwa
    c:\documents and settings\George Putland\Application Data\Yqyk
    c:\documents and settings\All Users\Application Data\VirtualizedApplications
    c:\documents and settings\George Putland\Local Settings\Application Data\SoftGrid Client
    c:\documents and settings\George Putland\Application Data\SoftGrid Client
    c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client 
    c:\windows\system32\NtmsData
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HWSetup"=-
    "SVPWUTIL"=-
    "Zooming"=-
    "TCtryIOHook"=-
    "TPSMain"=-
    "SmoothView"=-
    "TFncKy"=-
    "NDSTray.exe"=-
    "TMESRV.EXE"=-
    "TMERzCtl.EXE"=-
    "SunJavaUpdateSched"=-
    Driver::
    MpKsl88a2e706
    MpKsldb68b2da
    MpKsle639fea4
    
    Sys.Rst::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    I will follow with matching entries from the HJT log if it does.
     
  14. Georgebruv772

    Georgebruv772 TS Rookie Topic Starter Posts: 28

    ComboFix 11-04-21.03 - George Putland 22/04/2011 8:48.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.254 [GMT 1:00]
    Running from: c:\documents and settings\George Putland\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\George Putland\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    FILE ::
    "c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{003EE41F-8CE9-4587-8F1F-0EF09BB177B7}\MpKsl88a2e706.sys"
    "c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{003EE41F-8CE9-4587-8F1F-0EF09BB177B7}\MpKsldb68b2da.sys"
    "c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{003EE41F-8CE9-4587-8F1F-0EF09BB177B7}\MpKsle639fea4.sys"
    "c:\windows\tmpcpyis.bat"
    "c:\windows\tmpdelis.bat"
    "c:\windows\winstart.bat"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\Microsoft Help
    c:\documents and settings\All Users\Application Data\Microsoft Help\Hx.hxn
    c:\documents and settings\All Users\Application Data\Microsoft Help\Hx_2057_MKWD_K.HxW
    c:\documents and settings\All Users\Application Data\Microsoft Help\Hx_2057_MKWD_NamedURL.HxW
    c:\documents and settings\All Users\Application Data\Microsoft Help\Hx_2057_MTOC_Hx.HxH
    c:\documents and settings\All Users\Application Data\Microsoft Help\Hx_2057_MValidator.HxD
    c:\documents and settings\All Users\Application Data\Microsoft Help\Hx_2057_MValidator.Lck
    c:\documents and settings\All Users\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn
    c:\documents and settings\All Users\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn
    c:\documents and settings\All Users\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn
    c:\documents and settings\All Users\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn
    c:\documents and settings\All Users\Application Data\Microsoft Help\MS.OIS.12.1033.hxn
    c:\documents and settings\All Users\Application Data\Microsoft Help\MS.ONENOTE.12.1033.hxn
    c:\documents and settings\All Users\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn
    c:\documents and settings\All Users\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn
    c:\documents and settings\All Users\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn
    c:\documents and settings\All Users\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn
    c:\documents and settings\All Users\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn
    c:\documents and settings\All Users\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn
    c:\documents and settings\All Users\Application Data\Microsoft Help\nslist.hxl
    c:\documents and settings\All Users\Application Data\VirtualizedApplications
    c:\documents and settings\George Putland\Application Data\Audacity
    c:\documents and settings\George Putland\Application Data\Audacity\audacity.cfg
    c:\documents and settings\George Putland\Application Data\Audacity\plugins.cfg
    c:\documents and settings\George Putland\Application Data\Flip Video
    c:\documents and settings\George Putland\Application Data\Flip Video\FlipShare\Logs\log-00001.xml
    c:\documents and settings\George Putland\Application Data\Flip Video\FlipShare\Logs\log-00002.xml
    c:\documents and settings\George Putland\Application Data\Flip Video\FlipShare\Logs\log-00003.xml
    c:\documents and settings\George Putland\Application Data\Flip Video\FlipShare\Logs\logFile.xsl
    c:\documents and settings\George Putland\Application Data\Maecwa
    c:\documents and settings\George Putland\Application Data\SoftGrid Client
    c:\documents and settings\George Putland\Application Data\SoftGrid Client\Icon Cache\11653762-260F-4CE1-894C-3E365FD32015.ico
    c:\documents and settings\George Putland\Application Data\SoftGrid Client\Icon Cache\135A8B72-26B3-431D-A6F1-490F10851A5E.ico
    c:\documents and settings\George Putland\Application Data\SoftGrid Client\Icon Cache\17694787-4604-4479-A93B-19B4EEC6B7D8.ico
    c:\documents and settings\George Putland\Application Data\SoftGrid Client\Icon Cache\21F83B49-B8D0-47AC-BA3A-D3454110109C.ico
    c:\documents and settings\George Putland\Application Data\SoftGrid Client\Icon Cache\372A992B-FB39-4587-AC3E-C9CB9171A455.ico
    c:\documents and settings\George Putland\Application Data\SoftGrid Client\Icon Cache\450F61DF-17DD-4086-87A0-0E62052F7AF3.ico
    c:\documents and settings\George Putland\Application Data\SoftGrid Client\Icon Cache\76E30CAD-23A7-4AB9-8071-1996C905D2E4.ico
    c:\documents and settings\George Putland\Application Data\SoftGrid Client\Icon Cache\815AECC4-C45A-43BB-B710-139A0305BF14.ico
    c:\documents and settings\George Putland\Application Data\SoftGrid Client\Icon Cache\A17B1E5A-6AEA-425B-824C-99BCB13FFD23.ico
    c:\documents and settings\George Putland\Application Data\SoftGrid Client\Icon Cache\B65DB260-1876-4798-B326-31A9595417A7.ico
    c:\documents and settings\George Putland\Application Data\SoftGrid Client\Icon Cache\icon_ex.dat
    c:\documents and settings\George Putland\Application Data\SoftGrid Client\shortcut_ex.dat
    c:\documents and settings\George Putland\Application Data\SoftGrid Client\userinfo.dat
    c:\documents and settings\George Putland\Application Data\Yqyk
    c:\documents and settings\George Putland\Application Data\Yqyk\ozag.biq
    c:\documents and settings\George Putland\Application Data\Yqyk\ozag.tmp
    c:\documents and settings\George Putland\Local Settings\Application Data\Microsoft Help
    c:\documents and settings\George Putland\Local Settings\Application Data\SoftGrid Client
    c:\documents and settings\George Putland\Local Settings\Application Data\SoftGrid Client\140062.ENU-90140011-62-409\UsrVol_sftfs_v1.tmp
    c:\documents and settings\LocalService\Application Data\Flip Video
    c:\documents and settings\LocalService\Application Data\Flip Video\FlipShare\Logs\log-00001.xml
    c:\documents and settings\LocalService\Application Data\Flip Video\FlipShare\Logs\log-00002.xml
    c:\documents and settings\LocalService\Application Data\Flip Video\FlipShare\Logs\log-00003.xml
    c:\documents and settings\LocalService\Application Data\Flip Video\FlipShare\Logs\log-00004.xml
    c:\documents and settings\LocalService\Application Data\Flip Video\FlipShare\Logs\log-00005.xml
    c:\documents and settings\LocalService\Application Data\Flip Video\FlipShare\Logs\log-00006.xml
    c:\documents and settings\LocalService\Application Data\Flip Video\FlipShare\Logs\log-00007.xml
    c:\documents and settings\LocalService\Application Data\Flip Video\FlipShare\Logs\log-00008.xml
    c:\program files\Audacity 1.3 Beta (Unicode)
    c:\program files\Audacity 1.3 Beta (Unicode)\lame_enc.dll
    c:\program files\Flip Video
    c:\program files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
    c:\program files\Flip Video\FlipShare\boost_thread-vc80-mt-1_43.dll
    c:\program files\Flip Video\FlipShare\Core.dll
    c:\program files\Flip Video\FlipShare\DongleHIDSwitch.dll
    c:\program files\Flip Video\FlipShare\EncoderProfiles\Alpaca_1.33.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\Alpaca_1.78.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\com.facebook.sharing_1.33.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\com.facebook.sharing_1.78.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\com.flipchannel.sharing_1.33.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\com.flipchannel.sharing_1.78.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\com.flipsharepro.sharing_1.78.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\com.vmix.greetingcard.sharing_1.33.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\com.vmix.greetingcard.sharing_1.78.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\com.vmix.sharing_1.33.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\com.vmix.sharing_1.78.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\com.youtube.sharing_1.33.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\com.youtube.sharing_1.78.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\HighQualityStillImage.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\HighQualityStillImage_1.78.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\iPodAndIPhone.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\iPodAndIPhone_1.78.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\LowQualityHighCompression.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\LowQualityHighCompression_1.78.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\Movie_1280x720_25.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\Movie_1280x720_30.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\Movie_1280x720_50.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\Movie_1280x720_60.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\Movie_1920x1080_30.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\Movie_640x480_30.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\OnTheGoQuality.xml
    c:\program files\Flip Video\FlipShare\EncoderProfiles\OnTheGoQuality_1.78.xml
    c:\program files\Flip Video\FlipShare\FlipDSMpeg4Decoder.ax
    c:\program files\Flip Video\FlipShare\FlipDSVideoDecoder.ax
    c:\program files\Flip Video\FlipShare\FlipShare.exe
    c:\program files\Flip Video\FlipShare\FlipShareService.exe
    c:\program files\Flip Video\FlipShare\FlipShareUtils.dll
    c:\program files\Flip Video\FlipShare\FrameGrabFilter.ax
    c:\program files\Flip Video\FlipShare\HWID.ini
    c:\program files\Flip Video\FlipShare\IPP6_0_AACEncoder.ax
    c:\program files\Flip Video\FlipShare\IPPH264Encoder.ax
    c:\program files\Flip Video\FlipShare\IPPMP4Muxer.ax
    c:\program files\Flip Video\FlipShare\IPPMp4Splitter.ax
    c:\program files\Flip Video\FlipShare\IPPMPEGAudioDecoder.ax
    c:\program files\Flip Video\FlipShare\lame_enc.dll
    c:\program files\Flip Video\FlipShare\libeay32.dll
    c:\program files\Flip Video\FlipShare\LoaderStub.exe
    c:\program files\Flip Video\FlipShare\phonon4.dll
    c:\program files\Flip Video\FlipShare\Plugins\crypto\qca-ossl2.dll
    c:\program files\Flip Video\FlipShare\Plugins\FacebookSharingPlugin.dll
    c:\program files\Flip Video\FlipShare\Plugins\FlipSharePROSharingPlugin.dll
    c:\program files\Flip Video\FlipShare\Plugins\imageformats\qgif4.dll
    c:\program files\Flip Video\FlipShare\Plugins\imageformats\qjpeg4.dll
    c:\program files\Flip Video\FlipShare\Plugins\sharingGeneric.dll
    c:\program files\Flip Video\FlipShare\Plugins\sqldrivers\qsqlite4.dll
    c:\program files\Flip Video\FlipShare\Plugins\TwitterSharingPlugin.dll
    c:\program files\Flip Video\FlipShare\Plugins\VMixSharingPlugin.dll
    c:\program files\Flip Video\FlipShare\Plugins\YouTubeSharingPlugin.dll
    c:\program files\Flip Video\FlipShare\PocoCrypt.dll
    c:\program files\Flip Video\FlipShare\PocoFoundation.dll
    c:\program files\Flip Video\FlipShare\PocoNet.dll
    c:\program files\Flip Video\FlipShare\PocoNetSSL.dll
    c:\program files\Flip Video\FlipShare\PocoUtil.dll
    c:\program files\Flip Video\FlipShare\PocoXML.dll
    c:\program files\Flip Video\FlipShare\PurpleComposite.ax
    c:\program files\Flip Video\FlipShare\qca2.dll
    c:\program files\Flip Video\FlipShare\qoauth.dll
    c:\program files\Flip Video\FlipShare\QtCore4.dll
    c:\program files\Flip Video\FlipShare\QtGui4.dll
    c:\program files\Flip Video\FlipShare\QtNetwork4.dll
    c:\program files\Flip Video\FlipShare\QtSql4.dll
    c:\program files\Flip Video\FlipShare\QtWebKit4.dll
    c:\program files\Flip Video\FlipShare\QtXml4.dll
    c:\program files\Flip Video\FlipShare\QtXmlPatterns4.dll
    c:\program files\Flip Video\FlipShare\RalinkWIFIConfig.dll
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\EULA\eula.txt
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\EULA\terms.txt
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\friendly_name.txt
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\HELP\Activities.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\HELP\Contacts.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\HELP\Email.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\HELP\Facebook.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\HELP\flipshare_logo.png
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\HELP\FlipShareOverview.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\HELP\FlipSharePRO.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\HELP\FlipshareTV.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\HELP\FullScreenPlayback.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\HELP\GreetingCard.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\HELP\Groups.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\HELP\MakeAMovie.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\HELP\MakingADVD.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\HELP\Others.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\HELP\PlaybackTranscoding.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\HELP\SharingVideos.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\HELP\Twitter.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\HELP\UsingFlipFramesShareFiles.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\HELP\YouTube.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\html\G500-150-N.png
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\html\offline.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\Images\minfo\upgrade.htm
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\Images\minfo\upgrade.png
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\Images\SP_base_art.png
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\mac\STRINGS\Localizable.strings
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\Movies\FlipEndCredit\FlipCreditVideoHD.mp4
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\Movies\FlipEndCredit\FlipCreditVideoSD.mp4
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\QMFILES\core.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\QMFILES\FacebookSharingPlugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\QMFILES\FlipShare.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\QMFILES\FlipSharePROSharingPlugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\QMFILES\qt_de.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\QMFILES\sharing.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\QMFILES\sharinggeneric.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\QMFILES\TwitterSharingPlugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\QMFILES\video.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\QMFILES\vmixsharingplugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\de\QMFILES\youtubesharingplugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\EULA\eula.txt
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\EULA\terms.txt
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\friendly_name.txt
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\HELP\Activities.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\HELP\Contacts.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\HELP\Email.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\HELP\Facebook.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\HELP\flipshare_logo.png
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\HELP\FlipShareOverview.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\HELP\FlipSharePRO.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\HELP\FlipshareTV.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\HELP\FullScreenPlayback.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\HELP\GreetingCard.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\HELP\Groups.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\HELP\MakeAMovie.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\HELP\MakingADVD.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\HELP\Others.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\HELP\PlaybackTranscoding.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\HELP\ReceivedFlipChannels.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\HELP\SharingVideos.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\HELP\Twitter.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\HELP\UsingFlipFramesShareFiles.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\HELP\YouTube.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\html\G500-150-N.png
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\html\offline.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\Images\minfo\upgrade.htm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\Images\minfo\upgrade.png
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\Images\SP_base_art.png
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\mac\STRINGS\Localizable.strings
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\Movies\FlipEndCredit\FlipCreditVideoHD.mp4
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\Movies\FlipEndCredit\FlipCreditVideoSD.mp4
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\QMFILES\core.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\QMFILES\FacebookSharingPlugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\QMFILES\FlipShare.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\QMFILES\FlipSharePROSharingPlugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\QMFILES\qt_uk.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\QMFILES\sharing.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\QMFILES\sharinggeneric.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\QMFILES\TwitterSharingPlugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\QMFILES\video.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\QMFILES\vmixsharingplugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_uk\QMFILES\youtubesharingplugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\EULA\eula.txt
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\EULA\terms.txt
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\friendly_name.txt
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\HELP\Activities.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\HELP\Contacts.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\HELP\Email.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\HELP\Facebook.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\HELP\flipshare_logo.png
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\HELP\FlipShareOverview.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\HELP\FlipSharePRO.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\HELP\FlipshareTV.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\HELP\FullScreenPlayback.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\HELP\GreetingCard.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\HELP\Groups.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\HELP\MakeAMovie.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\HELP\MakingADVD.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\HELP\Others.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\HELP\SharingVideos.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\HELP\Twitter.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\HELP\YouTube.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\html\G500-150-N.png
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\html\offline.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\01_happyholidays.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\01b_happyholidays.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\02_christmas.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\03_hanukkah.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\04_halloween.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\05_thanksgiving.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\06_fathersday.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\07_mothersday.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\08_valentines.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\09_kwanzaa.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\10_roshhashana.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\11_birthday.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\11b_birthdayvariant.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\12_wedding.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\12b_weddingvariant.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\13_babyshower.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\14_newbaby.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\15_happynewyear.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\16_anniversary.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\17_loveyou.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\17b_loveyouvariant.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\18_thankyou.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\18b_thankyouvariant.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\19_getwell.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\20_thinkingofyou.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\20_thinkingofyouvariant.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\20b_thinkingofyou.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\20b_thinkingofyouvariant.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\21_wonderfulvacation.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\21b_vacationvariant.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\22_youareinvited.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\23_greatgame.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\24_elegant_01.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\25_elegant_02.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\26_elegant_03.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\birthday_1_horiz.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\birthday_2_horiz.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\birthday_3_horiz.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\congratulations_1_horiz.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\GreetingCards.xml
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\HappyHolidays_snow_horiz.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\HappyNewYear_horiz.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\I-Love_You_horiz.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\It's a Boy!_horiz.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\It's a Girl!_horiz.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\OurWedding_horiz.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\Party_horiz.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\Seasons_horiz.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\Thank You_horiz.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\thinking of You_horiz.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\GreetingCards\vacation_horiz.jpg
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\minfo\upgrade.htm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\minfo\upgrade.png
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Images\SP_base_art.png
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Movies\FlipEndCredit\FlipCreditVideoHD.mp4
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\Movies\FlipEndCredit\FlipCreditVideoSD.mp4
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\QMFILES\core.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\QMFILES\FacebookSharingPlugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\QMFILES\FlipShare.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\QMFILES\FlipSharePROSharingPlugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\QMFILES\sharing.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\QMFILES\sharinggeneric.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\QMFILES\TwitterSharingPlugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\QMFILES\video.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\QMFILES\vmixsharingplugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\en_us\QMFILES\youtubesharingplugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\EULA\eula.txt
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\EULA\terms.txt
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\FlipEndCredit\FlipCreditVideoHD.mp4
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\FlipEndCredit\FlipCreditVideoSD.mp4
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\friendly_name.txt
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\HELP\Activities.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\HELP\Contacts.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\HELP\Email.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\HELP\Facebook.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\HELP\flipshare_logo.png
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\HELP\FlipShareOverview.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\HELP\FlipSharePRO.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\HELP\FlipshareTV.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\HELP\FullScreenPlayback.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\HELP\GreetingCard.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\HELP\Groups.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\HELP\MakeAMovie.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\HELP\MakingADVD.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\HELP\MySpace.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\HELP\Others.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\HELP\ReceivedFlipChannels.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\HELP\SharingVideos.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\HELP\Twitter.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\HELP\UsingFlipFramesShareFiles.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\HELP\YouTube.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\Images\minfo\current.htm
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\Images\minfo\current.png
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\Images\minfo\upgrade.htm
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\Images\minfo\upgrade.png
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\Images\SP_base_art.png
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\mac\STRINGS\Localizable.strings
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\Movies\FlipCreditVideoHD.mp4
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\Movies\FlipCreditVideoSD.mp4
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\Movies\FlipEndCredit\FlipCreditVideoHD.mp4
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\Movies\FlipEndCredit\FlipCreditVideoSD.mp4
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\QMFILES\core.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\QMFILES\FacebookSharingPlugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\QMFILES\FlipShare.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\QMFILES\FlipSharePROSharingPlugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\QMFILES\qt_es.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\QMFILES\sharing.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\QMFILES\sharinggeneric.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\QMFILES\TwitterSharingPlugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\QMFILES\video.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\QMFILES\vmixsharingplugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\es\QMFILES\youtubesharingplugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\EULA\eula.txt
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\EULA\terms.txt
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\friendly_name.txt
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\HELP\Email.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\HELP\Facebook.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\HELP\flipshare_logo.png
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\HELP\FlipShareOverview.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\HELP\FlipSharePRO.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\HELP\FlipshareTV.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\HELP\FullScreenPlayback.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\HELP\GreetingCard.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\HELP\MakeAMovie.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\HELP\MakingADVD.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\HELP\Others.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\HELP\PlaybackTranscoding.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\HELP\SharingVideos.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\HELP\Twitter.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\HELP\UsingFlipFramesShareFiles.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\HELP\YouTube.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\html\G500-150-N.png
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\html\offline.html
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\Images\minfo\upgrade.htm
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\Images\minfo\upgrade.png
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\Images\SP_base_art.png
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\mac\STRINGS\Localizable.strings
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\Movies\FlipEndCredit\FlipCreditVideoHD.mp4
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\Movies\FlipEndCredit\FlipCreditVideoSD.mp4
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\QMFILES\core.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\QMFILES\FacebookSharingPlugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\QMFILES\FlipShare.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\QMFILES\FlipSharePROSharingPlugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\QMFILES\qt_fr.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\QMFILES\sharing.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\QMFILES\sharinggeneric.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\QMFILES\TwitterSharingPlugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\QMFILES\video.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\QMFILES\vmixsharingplugin.qm
    c:\program files\Flip Video\FlipShare\Resources\ALP\fr_fr\QMFILES\youtubesharingplugin.qm
    c:\program files\Flip Video\FlipShare\Resources\DSInstallationTest\HDTest.MP4
    c:\program files\Flip Video\FlipShare\Resources\DSInstallationTest\SDTest.AVI
    c:\program files\Flip Video\FlipShare\Resources\html\G500-150-N.png
    c:\program files\Flip Video\FlipShare\Resources\html\offline.html
    c:\program files\Flip Video\FlipShare\Resources\MakeMovieWizard\APerfectSaturday.mp3
    c:\program files\Flip Video\FlipShare\Resources\MakeMovieWizard\BouncinRound.mp3
    c:\program files\Flip Video\FlipShare\Resources\MakeMovieWizard\CityOfAngels.mp3
    c:\program files\Flip Video\FlipShare\Resources\MakeMovieWizard\FlipCreditVideoHD.mp4
    c:\program files\Flip Video\FlipShare\Resources\MakeMovieWizard\FlipCreditVideoSD.mp4
    c:\program files\Flip Video\FlipShare\Resources\MakeMovieWizard\Groovy.mp3
    c:\program files\Flip Video\FlipShare\Resources\MakeMovieWizard\MangoMumbo.mp3
    c:\program files\Flip Video\FlipShare\Resources\MakeMovieWizard\SixStringRamble.mp3
    c:\program files\Flip Video\FlipShare\Resources\MakeMovieWizard\Speedway.mp3
    c:\program files\Flip Video\FlipShare\Resources\VideoSlideshowWizard\black5SecSDVideo.avi
    c:\program files\Flip Video\FlipShare\Sharing.dll
    c:\program files\Flip Video\FlipShare\ssleay32.dll
    c:\program files\Flip Video\FlipShare\Upgrade\autorun.inf
    c:\program files\Flip Video\FlipShare\Upgrade\FlipShare.msi
    c:\program files\Flip Video\FlipShare\Upgrade\readme.txt
    c:\program files\Flip Video\FlipShare\Upgrade\Setup_FlipShare.exe
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Info.plist
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\MacOS\Start FlipShare
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\PkgInfo
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Blue_Btn_Bg_MouseOver.png
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Blue_Btn_Bg_MouseUp.png
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Big_Blue_Hover_Left.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Big_Blue_Hover_Middle.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Big_Blue_Hover_Right.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Big_Blue_Inactive_Left.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Big_Blue_Inactive_Middle.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Big_Blue_Inactive_Right.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Big_Blue_Normal_Left.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Big_Blue_Normal_Middle.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Big_Blue_Normal_Right.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Big_Grey_Hover_Left.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Big_Grey_Hover_Middle.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Big_Grey_Hover_Right.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Big_Grey_Normal_Left.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Big_Grey_Normal_Middle.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Big_Grey_Normal_Right.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Big_Mask_Left.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Big_Mask_Right.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Left_Hover.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Left_Inactive.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Left_Mask.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Left_Normal.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Middle_Hover.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Middle_Inactive.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Middle_Normal.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Right_Hover.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Right_Inactive.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Right_Mask.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Button_Right_Normal.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\CountryInfo.plist9E8
     
  15. Georgebruv772

    Georgebruv772 TS Rookie Topic Starter Posts: 28

    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\de.lproj\EULA.txt
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\de.lproj\friendly_name.txt
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\de.lproj\Localizable.strings
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\de.lproj\terms.txt
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\en_uk.lproj\EULA.txt
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\en_uk.lproj\friendly_name.txt
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\en_uk.lproj\Localizable.strings
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\en_uk.lproj\terms.txt
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\en_us.lproj\EULA.txt
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\en_us.lproj\friendly_name.txt
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\en_us.lproj\Localizable.strings
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\en_us.lproj\terms.txt
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\es.lproj\EULA.txt
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\es.lproj\friendly_name.txt
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\es.lproj\Localizable.strings
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\es.lproj\terms.txt
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\FlipShare.mpkg\Contents\distribution.dist
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\FlipShare.mpkg\Contents\Packages\Firmware Updates.pkg
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\FlipShare.mpkg\Contents\Packages\FlipDrivers.pkg
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\FlipShare.mpkg\Contents\Packages\FlipShare AutoRun.pkg
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\FlipShare.mpkg\Contents\Packages\FlipShare Uninstaller.pkg
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\FlipShare.mpkg\Contents\Packages\FlipShare.pkg
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\FlipShare.mpkg\Contents\Packages\FlipShareServer.pkg
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\FlipShare.mpkg\Contents\Packages\QTMpeg4Codec.pkg
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\FlipShare.mpkg\Contents\Resources\background
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\FlipShare.mpkg\Contents\Resources\English.lproj\Localizable.strings
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\fr_fr.lproj\EULA.txt
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\fr_fr.lproj\friendly_name.txt
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\fr_fr.lproj\Localizable.strings
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\fr_fr.lproj\terms.txt
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Grey_Btn_Bg_All.png
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Language_carrot.BMP
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Language_Top.png
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Language_Whole.png
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\MainMenu.nib
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\Purple.icns
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\S_job_progress_base.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\S_job_progress_leftcap.BMP
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\S_job_progress_rightcap.BMP
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\S_job_progress_run.BMP
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\SP_base_art.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\Start FlipShare.app\Contents\Resources\SP_base_art_horiz_line.bmp
    c:\program files\Flip Video\FlipShare\Upgrade\system\VIEWER\FlipShare.ico
    c:\program files\Flip Video\FlipShare\Upgrade\system\VIEWER\mem_size.txt
    c:\program files\Flip Video\FlipShare\Upgrade\system\VIEWER\PD\settings\settings.txt
    c:\program files\Flip Video\FlipShare\Video.dll
    c:\program files\Flip Video\FlipShare\VideoProcessor.exe
    c:\program files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
    c:\program files\Flip Video\FlipShareServer\boost_thread-vc80-mt-1_43.dll
    c:\program files\Flip Video\FlipShareServer\certs\flipshare_cert.pem
    c:\program files\Flip Video\FlipShareServer\certs\flipshare_priv.pem
    c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe
    c:\program files\Flip Video\FlipShareServer\html\crossdomain.xml
    c:\program files\Flip Video\FlipShareServer\html\favicon.ico
    c:\program files\Flip Video\FlipShareServer\html\flipshare.html
    c:\program files\Flip Video\FlipShareServer\html\images\brand.gif
    c:\program files\Flip Video\FlipShareServer\html\images\bullet_delete.png
    c:\program files\Flip Video\FlipShareServer\html\images\bullet_toggle_minus.png
    c:\program files\Flip Video\FlipShareServer\html\images\bullet_toggle_plus.png
    c:\program files\Flip Video\FlipShareServer\html\images\connect.png
    c:\program files\Flip Video\FlipShareServer\html\images\database.png
    c:\program files\Flip Video\FlipShareServer\html\images\database_add.png
    c:\program files\Flip Video\FlipShareServer\html\images\delete.png
    c:\program files\Flip Video\FlipShareServer\html\images\disconnect.png
    c:\program files\Flip Video\FlipShareServer\html\images\film.png
    c:\program files\Flip Video\FlipShareServer\html\images\film_add.png
    c:\program files\Flip Video\FlipShareServer\html\images\film_delete.png
    c:\program files\Flip Video\FlipShareServer\html\images\film_edit.png
    c:\program files\Flip Video\FlipShareServer\html\images\film_error.png
    c:\program files\Flip Video\FlipShareServer\html\images\film_go.png
    c:\program files\Flip Video\FlipShareServer\html\images\film_key.png
    c:\program files\Flip Video\FlipShareServer\html\images\film_link.png
    c:\program files\Flip Video\FlipShareServer\html\images\film_save.png
    c:\program files\Flip Video\FlipShareServer\html\images\folder.png
    c:\program files\Flip Video\FlipShareServer\html\images\folder_add.png
    c:\program files\Flip Video\FlipShareServer\html\images\information.png
    c:\program files\Flip Video\FlipShareServer\html\images\music.png
    c:\program files\Flip Video\FlipShareServer\html\images\photo.png
    c:\program files\Flip Video\FlipShareServer\html\images\photo_add.png
    c:\program files\Flip Video\FlipShareServer\html\images\photo_delete.png
    c:\program files\Flip Video\FlipShareServer\html\images\photo_link.png
    c:\program files\Flip Video\FlipShareServer\html\images\photos.png
    c:\program files\Flip Video\FlipShareServer\html\images\picture.png
    c:\program files\Flip Video\FlipShareServer\html\images\picture_add.png
    c:\program files\Flip Video\FlipShareServer\html\images\picture_delete.png
    c:\program files\Flip Video\FlipShareServer\html\images\picture_edit.png
    c:\program files\Flip Video\FlipShareServer\html\images\picture_empty.png
    c:\program files\Flip Video\FlipShareServer\html\images\picture_error.png
    c:\program files\Flip Video\FlipShareServer\html\images\picture_go.png
    c:\program files\Flip Video\FlipShareServer\html\images\picture_key.png
    c:\program files\Flip Video\FlipShareServer\html\images\picture_link.png
    c:\program files\Flip Video\FlipShareServer\html\images\picture_save.png
    c:\program files\Flip Video\FlipShareServer\html\images\spacer.gif
    c:\program files\Flip Video\FlipShareServer\html\images\television.png
    c:\program files\Flip Video\FlipShareServer\html\images\television_add.png
    c:\program files\Flip Video\FlipShareServer\html\images\television_delete.png
    c:\program files\Flip Video\FlipShareServer\html\images\user.png
    c:\program files\Flip Video\FlipShareServer\html\images\user_female.png
    c:\program files\Flip Video\FlipShareServer\html\images\user_gray.png
    c:\program files\Flip Video\FlipShareServer\html\images\user_green.png
    c:\program files\Flip Video\FlipShareServer\html\images\user_orange.png
    c:\program files\Flip Video\FlipShareServer\html\images\user_red.png
    c:\program files\Flip Video\FlipShareServer\html\images\user_suit.png
    c:\program files\Flip Video\FlipShareServer\html\images\webcam.png
    c:\program files\Flip Video\FlipShareServer\html\images\webcam_add.png
    c:\program files\Flip Video\FlipShareServer\html\images\webcam_delete.png
    c:\program files\Flip Video\FlipShareServer\html\images\webcam_error.png
    c:\program files\Flip Video\FlipShareServer\html\js\functions.js
    c:\program files\Flip Video\FlipShareServer\html\js\jquery-1.4.1.min.js
    c:\program files\Flip Video\FlipShareServer\html\js\jquery-ui-1.8.4.custom.min.js
    c:\program files\Flip Video\FlipShareServer\html\js\jquery.json-2.2.min.js
    c:\program files\Flip Video\FlipShareServer\html\style\index.css
    c:\program files\Flip Video\FlipShareServer\libeay32.dll
    c:\program files\Flip Video\FlipShareServer\PlugIns\sqldrivers\qsqlite4.dll
    c:\program files\Flip Video\FlipShareServer\PocoCrypto.dll
    c:\program files\Flip Video\FlipShareServer\PocoFoundation.dll
    c:\program files\Flip Video\FlipShareServer\PocoNet.dll
    c:\program files\Flip Video\FlipShareServer\PocoNetSSL.dll
    c:\program files\Flip Video\FlipShareServer\PocoUtil.dll
    c:\program files\Flip Video\FlipShareServer\PocoXML.dll
    c:\program files\Flip Video\FlipShareServer\Qt.conf
    c:\program files\Flip Video\FlipShareServer\QtCore4.dll
    c:\program files\Flip Video\FlipShareServer\QtNetwork4.dll
    c:\program files\Flip Video\FlipShareServer\QtSql4.dll
    c:\program files\Flip Video\FlipShareServer\QtXml4.dll
    c:\program files\Flip Video\FlipShareServer\sql\flipshare.sql
    c:\program files\Flip Video\FlipShareServer\ssleay32.dll
    c:\program files\Microsoft Security Client
    c:\program files\Microsoft Security Client\Antimalware\Drivers\mpfilter\mpfilter.cat
    c:\program files\Microsoft Security Client\Antimalware\Drivers\mpfilter\mpfilter.inf
    c:\program files\Microsoft Security Client\Antimalware\Drivers\mpfilter\mpfilter.sys
    c:\program files\Microsoft Security Client\Antimalware\Drivers\mpnwmon\mpnwmon.cat
    c:\program files\Microsoft Security Client\Antimalware\Drivers\mpnwmon\mpnwmon.inf
    c:\program files\Microsoft Security Client\Antimalware\Drivers\mpnwmon\mpnwmon.sys
    c:\program files\Microsoft Security Client\Antimalware\EN-US\MpAsDesc.dll.mui
    c:\program files\Microsoft Security Client\Antimalware\EN-US\mpevmsg.dll.mui
    c:\program files\Microsoft Security Client\Antimalware\MpAsDesc.dll
    c:\program files\Microsoft Security Client\Antimalware\MpClient.dll
    c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
    c:\program files\Microsoft Security Client\Antimalware\MpCommu.dll
    c:\program files\Microsoft Security Client\Antimalware\mpevmsg.dll
    c:\program files\Microsoft Security Client\Antimalware\MpOAv.dll
    c:\program files\Microsoft Security Client\Antimalware\MpRTP.dll
    c:\program files\Microsoft Security Client\Antimalware\MpSvc.dll
    c:\program files\Microsoft Security Client\Antimalware\MsMpCom.dll
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\Microsoft Security Client\Antimalware\MsMpLics.dll
    c:\program files\Microsoft Security Client\Backup\en-us\amhelp.chm
    c:\program files\Microsoft Security Client\Backup\en-us\epploc.cab
    c:\program files\Microsoft Security Client\Backup\en-us\epploc_x86.msi
    c:\program files\Microsoft Security Client\Backup\en-us\eula.rtf
    c:\program files\Microsoft Security Client\Backup\en-us\setupres.dll.mui
    c:\program files\Microsoft Security Client\Backup\eppmanifest.dll
    c:\program files\Microsoft Security Client\Backup\setupres.dll
    c:\program files\Microsoft Security Client\Backup\x86\dw20shared.msi
    c:\program files\Microsoft Security Client\Backup\x86\epp.msi
    c:\program files\Microsoft Security Client\Backup\x86\legitlib.dll
    c:\program files\Microsoft Security Client\Backup\x86\mp_ambits.msi
    c:\program files\Microsoft Security Client\Backup\x86\setup.exe
    c:\program files\Microsoft Security Client\Backup\x86\sqmapi.dll
    c:\program files\Microsoft Security Client\Backup\x86\windows6.0-kb981889-v2.msu
    c:\program files\Microsoft Security Client\Backup\x86\windows6.1-kb981889.msu
    c:\program files\Microsoft Security Client\CleanUpPolicy.xml
    c:\program files\Microsoft Security Client\ConfigSecurityPolicy.exe
    c:\program files\Microsoft Security Client\en-us\amhelp.chm
    c:\program files\Microsoft Security Client\en-us\eula.rtf
    c:\program files\Microsoft Security Client\en-us\MsMpRes.dll.mui
    c:\program files\Microsoft Security Client\en-us\setupres.dll.mui
    c:\program files\Microsoft Security Client\en-us\shellext.dll.mui
    c:\program files\Microsoft Security Client\eppmanifest.dll
    c:\program files\Microsoft Security Client\LegitLib.dll
    c:\program files\Microsoft Security Client\MsMpRes.dll
    c:\program files\Microsoft Security Client\msseces.exe
    c:\program files\Microsoft Security Client\MsseWat.dll
    c:\program files\Microsoft Security Client\setup.exe
    c:\program files\Microsoft Security Client\setupres.dll
    c:\program files\Microsoft Security Client\shellext.dll
    c:\program files\Microsoft Security Client\sqmapi.dll
    c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client
    c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client\Icon Cache\29D011A3-8EA5-422F-B45A-0BDDB6641FCE.ico
    c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client\Icon Cache\2AF266E3-6386-4D4D-8FA3-D994C357947B.ico
    c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client\Icon Cache\502D79AD-5E79-455B-ABED-E59924E37E81.ico
    c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client\Icon Cache\768F85A3-D360-491C-B6ED-85D824E6FFEE.ico
    c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client\Icon Cache\7D95ACC0-9F78-420E-9C9C-BDDEBF3B34E7.ico
    c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client\Icon Cache\8BE65D44-FA7A-4406-8651-54C05F7F1F18.ico
    c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client\Icon Cache\A3D1D398-C93B-4A19-8B4E-742EF8E1FF83.ico
    c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client\Icon Cache\B5ACDECB-B591-4135-BBD7-FB28B8AAC4AE.ico
    c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client\Icon Cache\B68B7805-589F-4DC8-830B-EB825656C872.ico
    c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client\Icon Cache\FF695533-722D-4599-811F-386A6AAE37C2.ico
    c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client\Icon Cache\icon_ex.dat
    c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client\shortcut_ex.dat
    c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client\userinfo.dat
    c:\windows\tmpcpyis.bat
    c:\windows\tmpdelis.bat
    c:\windows\winstart.bat
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_MPKSL88A2E706
    -------\Legacy_MPKSLDB68B2DA
    -------\Legacy_MPKSLE639FEA4
    -------\Service_MpKsl88a2e706
    -------\Service_MpKsldb68b2da
    -------\Service_MpKsle639fea4
    -------\Legacy_FlipShare_Service
    -------\Legacy_FlipShareServer
    -------\Legacy_MsMpSvc
    -------\Legacy_FlipShare_Service
    -------\Legacy_FlipShareServer
    -------\Legacy_MsMpSvc
    -------\Service_FlipShare Service
    -------\Service_FlipShareServer
    -------\Service_MsMpSvc
    -------\Service_FlipShare Service
    -------\Service_FlipShareServer
    -------\Service_MsMpSvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-22 to 2011-04-22 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-21 21:03 . 2011-04-21 21:03 388096 ----a-r- c:\documents and settings\George Putland\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-04-21 19:33 . 2011-04-21 19:40 -------- d-----w- c:\documents and settings\All Users\CyberLink
    2011-04-21 18:07 . 2011-04-21 19:26 -------- d-----w- c:\documents and settings\George Putland\Application Data\CyberLink
    2011-04-21 18:07 . 2011-04-21 19:58 -------- d-----w- c:\documents and settings\George Putland\Local Settings\Application Data\Cyberlink
    2011-04-21 18:01 . 2011-04-21 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
    2011-04-21 17:13 . 2011-04-21 17:13 -------- d-----w- c:\program files\Trend Micro
    2011-04-20 22:13 . 2011-04-21 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
    2011-04-20 21:27 . 2011-04-20 21:28 -------- d-----w- c:\program files\Common Files\Adobe
    2011-04-20 20:40 . 2011-04-20 20:40 -------- d-----w- c:\program files\Audacity
    2011-04-19 11:24 . 2011-04-19 11:24 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91BA4770-E5F6-4929-829F-C1A14B037C34}\MpKsl98a37cb6.sys
    2011-04-19 10:20 . 2011-04-19 10:20 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91BA4770-E5F6-4929-829F-C1A14B037C34}\MpKsle7d139ad.sys
    2011-04-18 14:45 . 2011-04-18 14:45 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91BA4770-E5F6-4929-829F-C1A14B037C34}\MpKsl41c4b743.sys
    2011-04-18 14:42 . 2011-04-18 14:42 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91BA4770-E5F6-4929-829F-C1A14B037C34}\MpKsl1d20268c.sys
    2011-04-18 14:41 . 2011-03-14 20:05 6792528 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-04-18 14:39 . 2011-03-14 20:05 6792528 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91BA4770-E5F6-4929-829F-C1A14B037C34}\mpengine.dll
    2011-04-17 15:36 . 2011-04-17 15:36 -------- d-----w- c:\documents and settings\George Putland\Application Data\Malwarebytes
    2011-04-17 15:35 . 2011-04-17 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-04-17 15:34 . 2011-04-17 17:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-17 12:00 . 2011-02-02 17:11 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-04-13 22:02 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    2011-04-11 19:04 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
    2011-04-11 19:04 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
    2011-04-11 13:58 . 2011-04-11 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-04-10 11:38 . 2011-04-10 14:40 -------- d-----w- c:\windows\system32\NtmsData
    2011-04-06 21:20 . 2011-04-06 21:30 -------- d-----w- c:\documents and settings\George Putland\Application Data\TP
    2011-03-24 21:01 . 2011-03-24 21:01 -------- d-----w- c:\documents and settings\George Putland\Application Data\Amazon
    2011-03-24 21:01 . 2011-03-24 21:01 -------- d-----w- c:\documents and settings\George Putland\Local Settings\Application Data\Amazon
    2011-03-24 21:00 . 2011-03-24 21:00 -------- d-----w- c:\program files\Amazon
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-07 05:33 . 2006-02-13 06:43 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37 . 2006-02-13 05:29 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21 . 2006-02-13 05:29 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06 . 2006-02-13 05:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06 . 2006-02-13 05:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06 . 2006-02-13 05:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41 . 2006-02-13 05:29 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-18 16:36 . 2011-01-31 18:12 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-02-18 16:36 . 2011-01-31 18:12 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-17 13:18 . 2006-02-13 05:29 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:18 . 2006-02-13 05:29 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:32 . 2011-01-31 17:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56 . 2006-02-13 05:29 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-09 13:53 . 2006-02-13 05:29 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2006-02-13 05:29 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33 . 2006-02-13 05:29 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33 . 2006-02-13 05:29 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-02-02 20:40 . 2011-01-31 17:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 18:19 . 2011-03-14 20:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-02 07:58 . 2006-02-13 06:41 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-31 17:19 . 2011-01-31 17:19 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2011-01-27 11:57 . 2006-02-13 06:41 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-18 17:57 . 2011-04-10 15:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-04-19_23.33.26 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
    + 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
    + 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
    + 2009-07-11 19:54 . 2009-07-11 19:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
    + 2009-07-11 19:32 . 2009-07-11 19:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
    + 2009-07-11 19:32 . 2009-07-11 19:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
    + 2009-07-11 19:32 . 2009-07-11 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
    + 2009-07-11 19:32 . 2009-07-11 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
    + 2009-07-11 19:32 . 2009-07-11 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
    + 2009-07-11 19:32 . 2009-07-11 19:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
    + 2009-07-11 19:32 . 2009-07-11 19:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
    + 2009-07-11 19:32 . 2009-07-11 19:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
    + 2009-07-11 19:32 . 2009-07-11 19:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
    + 2009-07-12 00:07 . 2009-07-12 00:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
    + 2009-07-12 00:19 . 2009-07-12 00:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
    + 2009-07-11 18:41 . 2009-07-11 18:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
    + 2011-04-20 20:40 . 2011-04-20 20:40 16384 c:\windows\Temp\Perflib_Perfdata_94c.dat
    + 2011-04-22 07:58 . 2011-04-22 07:58 16384 c:\windows\Temp\Perflib_Perfdata_2a4.dat
    + 2010-11-10 11:49 . 2010-11-10 11:49 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll
    + 2010-11-10 11:49 . 2010-11-10 11:49 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\reader_sl.exe
    + 2010-11-10 11:49 . 2010-11-10 11:49 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlr.dll
    + 2010-11-10 11:49 . 2010-11-10 11:49 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\eula.exe
    + 2010-11-10 11:49 . 2010-11-10 11:49 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrotextextractor.exe
    + 2010-11-10 11:49 . 2010-11-10 11:49 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32Info.exe
    + 2010-11-10 11:49 . 2010-11-10 11:49 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acroiehelpershim.dll
    + 2010-11-10 11:49 . 2010-11-10 11:49 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll
    + 2010-11-10 11:49 . 2010-11-10 11:49 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\Acrofx32.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
    + 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
    + 2006-02-13 06:36 . 2011-04-22 07:58 248696 c:\windows\system32\FNTCACHE.DAT
    + 2011-04-21 18:14 . 2011-04-21 18:14 424960 c:\windows\Installer\149ed131.msi
    + 2011-04-21 18:03 . 2011-04-21 18:03 228352 c:\windows\Installer\149ed0f1.msi
    + 2010-11-10 11:49 . 2010-11-10 11:49 390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\pdfshell.dll
    + 2010-11-10 11:49 . 2010-11-10 11:49 101288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlrShim.exe
    + 2010-11-10 11:49 . 2010-11-10 11:49 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\nppdf32.dll
    + 2010-11-10 11:49 . 2010-11-10 11:49 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\JP2KLib.dll
    + 2010-11-10 11:49 . 2010-11-10 11:49 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AiodLite.dll
    + 2010-11-10 11:49 . 2010-11-10 11:49 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll
    + 2010-11-10 11:49 . 2010-11-10 11:49 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrobroker.exe
    + 2010-11-10 11:49 . 2010-11-10 11:49 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\a3dutils.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
    + 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
    + 2009-07-11 19:46 . 2009-07-11 19:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
    + 2009-07-11 19:46 . 2009-07-11 19:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
    + 2011-04-21 21:03 . 2011-04-21 21:03 1094656 c:\windows\Installer\1541dbfe.msi
    + 2011-04-21 18:02 . 2011-04-21 18:02 5647872 c:\windows\Installer\149ed0e7.msi
    + 2011-04-20 21:30 . 2011-04-20 21:30 2283008 c:\windows\Installer\1032c20e.msi
    + 2010-11-10 11:49 . 2010-11-10 11:49 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\rt3d.dll
    + 2010-11-10 11:49 . 2010-11-10 11:49 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\authplay.dll
    + 2010-11-10 11:49 . 2010-11-10 11:49 5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AGM.dll
    + 2010-11-10 11:49 . 2010-11-10 11:49 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AdobeCollabSync.exe
    + 2010-11-10 11:49 . 2010-11-10 11:49 1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.exe
    + 2011-01-30 20:44 . 2011-01-30 20:44 12425728 c:\windows\Installer\1032c20f.msp
    + 2010-11-10 11:49 . 2010-11-10 11:49 23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
    "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
    "CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-12-01 671744]
    "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-21 1077330]
    "TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2005-12-13 53248]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2010-10-19 1795488]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "24726:TCP"= 24726:TCP:FlipShareServer
    "24727:TCP"= 24727:TCP:FlipShareServer
    .
    R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [28/12/2004 00:31 16384]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [13/03/2006 10:56 6144]
    R1 MpKsl1d20268c;MpKsl1d20268c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91BA4770-E5F6-4929-829F-C1A14B037C34}\MpKsl1d20268c.sys [18/04/2011 15:42 28752]
    R1 MpKsl41c4b743;MpKsl41c4b743;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91BA4770-E5F6-4929-829F-C1A14B037C34}\MpKsl41c4b743.sys [18/04/2011 15:45 28752]
    R1 MpKsl98a37cb6;MpKsl98a37cb6;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91BA4770-E5F6-4929-829F-C1A14B037C34}\MpKsl98a37cb6.sys [19/04/2011 12:24 28752]
    R1 MpKsle7d139ad;MpKsle7d139ad;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91BA4770-E5F6-4929-829F-C1A14B037C34}\MpKsle7d139ad.sys [19/04/2011 11:20 28752]
    R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [13/02/2006 12:40 5888]
    R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.EXE [14/03/2006 06:18 118784]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-01-31 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyOverride = *.local
    FF - ProfilePath - c:\documents and settings\George Putland\Application Data\Mozilla\Firefox\Profiles\mb2wt7pq.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
    SafeBoot-MsMpSvc
    AddRemove-Microsoft Security Client - c:\program files\Microsoft Security Client\Setup.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-22 08:58
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(944)
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(2312)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\AGRSMMSG.exe
    c:\program files\Apoint2K\Apntex.exe
    c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-04-22 09:02:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-04-22 08:02
    ComboFix2.txt 2011-04-19 23:36
    .
    Pre-Run: 17,675,718,656 bytes free
    Post-Run: 17,788,141,568 bytes free
    .
    - - End Of File - - E72F6C380F5F7091EE9EEA8790510
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Before we go any further, please tell me if you had any noticeable improvement.

    The FlipShare program had an enormous number of entries.
     
  17. Georgebruv772

    Georgebruv772 TS Rookie Topic Starter Posts: 28

    At the moment my programs have not closed down since the check.

    I think what I'll do is say thankyou now then and then if it does it again I'll repost.

    So thanks for your help, it's been really appreciated. I don't know what I would have down without you.

    Thanks again,

    George
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    George, what I did was remove all the processes running that you didn't need. IF you stop now, some of them will startup again, either from the Startup menu, the Registry or by a Service.

    I have almost finished setting up entries on the HijackThis log for you to stop. I can also give you instructions on taking the unnecessary processes off of startup, changing the Services Startup type to Manual or Disable and suggesting some processes for you to consider uninstalling.

    Do you want me to finish this and give it to you? It would make a significant difference in what you can do on the system now and/or until you add RAM.
     
  19. Georgebruv772

    Georgebruv772 TS Rookie Topic Starter Posts: 28

    Yes please, that would be great.
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Sorry- internet was down.

    Okay! I'll finish it up a paste in. It will be entries to remove from HijackThis, taking processes of off the Startup Menu (with instructions), changing the Startup type of some Services (with instruct.), some uninstalling and removing program folders- also with instruct.

    It will flow nicely to help make best use of the RAM. Please don't install anything new or get more data from the deleted programs or apps you see at the top of Combofix.

    I worked while I was off line last night, but I still have a few of the Toshiba processes to ID so you can decide if you want to keep or remove.
     
  21. Georgebruv772

    Georgebruv772 TS Rookie Topic Starter Posts: 28

    I'm haven't used any of the Toshiba programs that came with it, except the Toshiba Power saver scheme, which is useful.

    I wasn't sure if this is one you meant, but I would like to keep that.
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    This has not been a good weekend! First the internet went down at 7 last night- down til 9:40AM this morning. I worked off line on what I could and was doing a good job of catching up. Then we had a squall line go through and my power went out about 7:40PM tonight. I'm just now getting back on!
    ==========================================
    Thanks- that helps. I've put the Toshiba processes from the HijackThis log in a separate section. I've been getting descriptions for them so you could decide. I have removed the Power Saver entries, but put them in a quote so you will recognize them.

    Please reopen HijackThis to 'do system scan only.' Check each of the following, if present:
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\QuickTime\QuickTimePlayer.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe

    You can do this all together by including checking the Toshiba processes below when you check the other entries in the HJT log-OR-You can the processes above and finish, then rescan and do the Toshiba processes- which ever is easiest for you

    Close all Windows except HijackThis and click on "Fix Closed."
    =============================================
    These are the Toshiba processes in the log. I've grouped program and processes for each so the won't all be together in the HJL log. I took the Power Saver out and copied it at the end so you know what it is. None of these processes need to start on boot, so you can include them with the first section or you can do them separately. So The 3 steps are:
    1. You stop the process in HJT
    Boot into Safe Mode.
    2. Follow the steps to use the msconfig utility to take process off of Startup
    3. Change Service Startup type to Manual
    Uninstall any processes you don't use
    Then reboot back into Normal Mode
    Please print out the list of the Toshiba program you checked in the HJT log
    Step 1: Check each of the following processes in the HJT log, if present:
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe> mobile and wireless computing, enabling Toshiba notebook users to easily switch profiles and devices as needed.
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe> tray icon for above
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    ---------------------------------
    C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
    O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
    O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
    -------------------
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    ---------------------
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe>>offers easy movement and freedom of programs navigation with TouchPad
    -------------------------
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe>> configuration tray icon for Toshiba laptops. Available via Start -> Settings -> Control Panel
    -----------------------
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    ---------------------
    C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    ---------------------
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    ------------------------------
    C:\WINDOWS\system32\TCtrlIOHook.exe
    O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
    ----------------------
    C:\WINDOWS\system32\TPSBattM.exe
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP>> utility that allows you to change various hardware settings
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

    When finished all of above, close all Windows except HijacktThis and clicck on "Fix Checked"
    ======================================================
    ===================================================
    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
    Step 2: Using the msconfig utility to take processes of Startup Menu:
    To remove entries from the Startup Menu using the msconfig utility:
    • Click on Start> Run> type in msconfig> enter>
      [​IMG]
    • Click on Selective Startup
    • Choose the Startup tab:
      [​IMG]
      All images courtesy NetSquirrel
    • To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
    • Uncheck any processes related to:
      Apple Device
      Java
      Adobe Reader
      Flip Video
      iTunes
      iPad

      Include any procesess related to the Toshiba you have checked in the HJT log
    • Click on Apply> OK when finished.

    Stay in Safe Mode and go on the Step 3 in my next reply.
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Step 3: Changing Startup Types of Services:
    While still in Safe Mode:
    Click on start> Run> type in services.msc> Enter> Double click on each of the following and follow directions:
    Set to Manual if insert & remove the laptop from a docking station. If you do not use a docking station, set Startup type to Disabled> Stop the Service -
    Exit Services when finished.
    ======================================
    So far you have only stopped processes from starting on boot and running the the background. You haven't removed the programs. Now is the time to go on the the last Step:
    Step 3> Uninstalling any unneeded or unused programs>>>>>>>
    Go through the list of programs and processes we've stopped. IF there are any you don't use or want:
    Control Panel> Add/Remove Programs> Click on any you want to uninstall> unInstall.

    This include any of the Toshibe programs or apps you don't use, need or want.

    Again reboot into Normal Mode and let me know thow the system is running.
     
  24. Georgebruv772

    Georgebruv772 TS Rookie Topic Starter Posts: 28

    Okay I've been through that and removed quite a few programs.

    The Toshiba ones I removed using HijackThis were:

    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

    Thanks again for all the time you've put in, your internet sounds really annoying.

    George
     
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You're welcome! Keep the list of the Toshiba programs and descriptions- you might decide at some point to remove more. Also keep the directions for using the msconfig utility and accessing the Services. It good to know how to do these things!

    Save your pennies for another 512MB of RAM!

    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
    Let me know if you have any questions.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.