TechSpot

Laptop: Infected, No internet connection

Solved
By familyman14
Jan 29, 2011
  1. My sons' Norton antivirus ran out and before I could install a new one it got a virus. Now I can't connect to the internet in Normal or safe modes.

    I tried to download Kaspersky from a disc and it wont let me. I keep getting pop ups directing me to some generic antivirus site and once in awhile I get a pop up with links to porno sites.

    The laptop didnt come with a windows start up disc, everything was already installed when we bought it. (windows 7 ) Laptop is a Toshiba Sattelite L655.

    I've come here with virus troubles before and am very grateful for the help.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
    Use working computer to download necessary tools and USB flash drive to transfer files from good to bad computer.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    Thank you for the reply. I will DL the tools like you said tomorrow. I work 3rd shift and I need to go to sleep. Blah. :zzz:
     
  4. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    No problem :)
     
  5. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    Broni, I ran avira scan and no viruses. While looking around I noticed the cause.

    Does APPCRASH sound familiar?

    Should I go on with the next step?

    *EDIT*: Ran a second scan with Avira and it found one. ADSPY/AdSpy.Gen2

    will proceed with directions. :p
     
  6. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    Go on......
     
  7. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5649

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    1/31/2011 1:11:33 PM
    mbam-log-2011-01-31 (13-11-33).txt

    Scan type: Quick scan
    Objects scanned: 159811
    Time elapsed: 2 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 10
    Files Infected: 10

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\ndo8thb2ikwe (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\cqwbsccx (Trojan.FakeAlert.Gen) -> Value: cqwbsccx -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
    c:\Users\mumbles2x\AppData\Roaming\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files (x86)\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files (x86)\HBLite\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files (x86)\HBLite\bin\11.0.342.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files (x86)\HBLite\bin\11.0.342.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files (x86)\HBLite\bin\11.0.342.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files (x86)\HBLite\bin\11.0.342.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.

    Files Infected:
    c:\Users\mumbles2x\local settings\syssvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\mumbles2x\local settings\application data\syssvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\programdata\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\HBLiteSA\hblitesaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\HBLiteSA\hblitesaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\HBLiteSA\hblitesaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\HBLiteSA\hblitesa_hpk.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\HBLiteSA\hblitesa_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files (x86)\HBLite\bin\11.0.342.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
     
  8. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    Sorry, I didn't save correctly for the other 2 files. should I rerun them?

    Also, I am on my laptop now.
     
  9. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    Please do.
     
  10. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5649

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    1/31/2011 1:11:33 PM
    mbam-log-2011-01-31 (13-11-33).txt

    Scan type: Quick scan
    Objects scanned: 159811
    Time elapsed: 2 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 10
    Files Infected: 10

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\ndo8thb2ikwe (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\cqwbsccx (Trojan.FakeAlert.Gen) -> Value: cqwbsccx -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
    c:\Users\mumbles2x\AppData\Roaming\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files (x86)\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files (x86)\HBLite\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files (x86)\HBLite\bin\11.0.342.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files (x86)\HBLite\bin\11.0.342.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files (x86)\HBLite\bin\11.0.342.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files (x86)\HBLite\bin\11.0.342.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.

    Files Infected:
    c:\Users\mumbles2x\local settings\syssvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\mumbles2x\local settings\application data\syssvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\programdata\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\HBLiteSA\hblitesaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\HBLiteSA\hblitesaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\HBLiteSA\hblitesaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\HBLiteSA\hblitesa_hpk.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\HBLiteSA\hblitesa_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files (x86)\HBLite\bin\11.0.342.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
     
  11. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Mumbles2x at 14:44:44.25 on Mon 01/31/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2934.1677 [GMT -5:00]

    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

    ============== Running Processes ===============

    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\System32\rundll32.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\windows\system32\igfxext.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\windows\System32\svchost.exe -k secsvcs
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\windows\system32\wuauclt.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\Users\Mumbles2x\Desktop\dds.scr
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
    uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    uInternet Settings,ProxyOverride = <local>
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
    TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [(Default)]
    mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
    mRun-x64: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
    mRun-x64: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
    mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
    mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    mRun-x64: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
    mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

    ============= SERVICES / DRIVERS ===============

    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-1-31 135336]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-1-31 267944]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-1-31 83120]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-25 2320920]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-27 158976]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-2-22 75304]
    R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-10-25 35008]
    R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
    R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2010-10-25 877088]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-10-25 51512]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
    R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-25 239136]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-28 1255736]

    =============== Created Last 30 ================

    2011-01-31 18:07:20 -------- d-----w- C:\Users\MUMBLE~1\AppData\Roaming\Malwarebytes
    2011-01-31 18:07:13 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-01-31 18:07:11 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-01-31 18:07:08 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
    2011-01-31 18:07:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-01-31 16:05:08 -------- d-----w- C:\Users\MUMBLE~1\AppData\Roaming\Avira
    2011-01-31 15:52:44 -------- d-----w- C:\Users\MUMBLE~1\AppData\Local\Diagnostics
    2011-01-31 15:47:40 83120 ----a-w- C:\windows\System32\drivers\avgntflt.sys
    2011-01-31 15:47:39 -------- d-----w- C:\Program Files (x86)\Avira
    2011-01-31 15:47:39 -------- d-----w- C:\PROGRA~3\Avira
    2011-01-31 14:57:33 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{F98BB831-D67F-47AC-A4FE-EA5DC842DFFC}\mpengine.dll
    2011-01-29 20:01:56 -------- d-----w- C:\Users\MUMBLE~1\AppData\Local\ElevatedDiagnostics
    2011-01-26 23:56:47 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-01-19 19:33:08 720896 ----a-w- C:\windows\System32\odbc32.dll
    2011-01-19 19:33:07 573440 ----a-w- C:\windows\SysWow64\odbc32.dll
    2011-01-19 19:33:06 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2011-01-19 19:33:05 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
    2011-01-19 19:33:05 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
    2011-01-19 19:33:05 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
    2011-01-19 19:33:04 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2011-01-19 19:33:04 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2011-01-19 19:33:04 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
    2011-01-19 19:33:04 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
    2011-01-13 16:00:42 306688 ----a-w- C:\windows\IsUninst.exe
    2011-01-12 19:42:10 -------- d-----w- C:\Program Files (x86)\Maxis
    2011-01-12 19:05:39 -------- d-----w- C:\Users\MUMBLE~1\AppData\Local\Microsoft Games
    2011-01-02 20:16:25 230752 ----a-w- C:\windows\patchw32.dll
    2011-01-02 20:16:25 118176 ----a-w- C:\windows\patchw.dll
    2011-01-02 20:10:13 -------- d-----w- C:\Program Files (x86)\Outspark
    2011-01-02 17:52:48 -------- d-----w- C:\Users\MUMBLE~1\AppData\Local\Unity
    2011-01-02 02:19:40 -------- d-----w- C:\Users\MUMBLE~1\AppData\Local\CrashDumps
    2011-01-02 00:33:57 -------- d-----w- C:\PROGRA~3\NexonUS
    2011-01-01 23:59:18 -------- d-----w- C:\Users\MUMBLE~1\AppData\Local\PMB Files
    2011-01-01 23:59:15 -------- d-----w- C:\PROGRA~3\PMB Files
    2011-01-01 23:58:57 -------- d-----w- C:\Program Files (x86)\Pando Networks

    ==================== Find3M ====================

    2010-11-04 06:35:53 1194496 ----a-w- C:\windows\System32\wininet.dll
    2010-11-04 06:31:34 57856 ----a-w- C:\windows\System32\licmgr10.dll
    2010-11-04 05:52:17 978944 ----a-w- C:\windows\SysWow64\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
    2010-11-04 05:16:14 482816 ----a-w- C:\windows\System32\html.iec
    2010-11-04 04:41:26 386048 ----a-w- C:\windows\SysWow64\html.iec
    2010-11-04 04:35:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb
    2010-11-04 04:08:54 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb

    ============= FINISH: 14:44:59.20 ===============
     
     
  12. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    After running GMER there is nothing to save. No log shows up after quick scan.
     
  13. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    I still need Attach.txt part of DDS.
     
  14. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/25/2010 8:13:48 AM
    System Uptime: 1/31/2011 1:12:19 PM (2 hours ago)

    Motherboard: Intel Corp. | | Base Board Product Name
    Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz | CPU | 1999/1066mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 286 GiB total, 257.882 GiB free.
    D: is CDROM (CDFS)

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP6: 1/2/2011 3:09:51 PM - Installed Fiesta
    RP7: 1/2/2011 3:53:13 PM - Removed Fiesta
    RP8: 1/13/2011 12:45:52 AM - Windows Update
    RP9: 1/13/2011 6:08:00 PM - Windows Update
    RP10: 1/18/2011 9:19:52 PM - Restore Operation
    RP11: 1/18/2011 9:27:58 PM - Windows Update
    RP12: 1/20/2011 3:38:04 PM - Windows Update
    RP13: 1/25/2011 10:01:26 PM - Windows Update
    RP14: 1/26/2011 6:56:17 PM - Windows Update
    RP15: 1/29/2011 3:07:08 PM - Windows Update
    RP16: 1/31/2011 9:57:11 AM - Windows Update

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Avira AntiVir Personal - Free Antivirus
    Best Buy pc app
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Google Toolbar for Internet Explorer
    Google Update Helper
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Java(TM) 6 Update 17
    Junk Mail filter update
    Label@Once 1.0
    Malwarebytes' Anti-Malware
    Microsoft Choice Guard
    Microsoft Office 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MSVCRT
    Pando Media Booster
    Realtek USB 2.0 Card Reader
    Realtek WLAN Driver
    TOSHIBA Application Installer
    TOSHIBA Assist
    Toshiba Book Place
    TOSHIBA Bulletin Board
    TOSHIBA eco Utility
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    TOSHIBA Quality Application
    TOSHIBA ReelTime
    TOSHIBA Service Station
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    ToshibaRegistration
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer

    ==== Event Viewer Messages From Past Week ========

    1/31/2011 10:48:02 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    1/31/2011 1:45:47 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SEAN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{18830C7F-EE7A-46D2-ACB7-35C0106EEE1B}. The master browser is stopping or an election is being forced.
    1/31/2011 1:03:08 PM, Error: Service Control Manager [7031] - The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    1/29/2011 3:37:55 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    1/29/2011 3:33:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    1/29/2011 3:33:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    1/29/2011 3:22:16 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    1/29/2011 3:21:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/29/2011 3:21:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/29/2011 3:21:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/29/2011 3:21:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/29/2011 3:21:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
    1/29/2011 3:07:33 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2160841).
    1/29/2011 3:01:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    1/29/2011 2:56:33 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    1/29/2011 2:52:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    1/29/2011 2:36:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    1/29/2011 2:36:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/29/2011 2:36:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    1/29/2011 2:36:23 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/29/2011 2:36:23 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/29/2011 2:36:23 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/29/2011 2:36:23 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/29/2011 2:36:23 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/29/2011 2:36:23 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    1/29/2011 2:36:23 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/29/2011 2:36:23 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/29/2011 2:36:23 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/29/2011 2:36:23 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2011 6:29:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 4 Client Profile for Windows 7 x64-based Systems (KB982670).
    1/26/2011 6:28:33 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

    ==== End Of File ===========================
     
  15. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  16. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Intel Corp.
    BIOS Manufacturer: INSYDE
    System Manufacturer: TOSHIBA
    System Product Name: Satellite L655
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 193):
    0x02A4D000 \SystemRoot\system32\ntoskrnl.exe
    0x02A04000 \SystemRoot\system32\hal.dll
    0x00BA6000 \SystemRoot\system32\kdcom.dll
    0x00C9D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00CE1000 \SystemRoot\system32\PSHED.dll
    0x00CF5000 \SystemRoot\system32\CLFS.SYS
    0x00E13000 \SystemRoot\system32\CI.dll
    0x00ED3000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F77000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F86000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00FDD000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00FE6000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00D53000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00FF0000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00D86000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00D9B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00DA7000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00E09000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00C76000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x01081000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x0128B000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x01294000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x012BE000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x012C9000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x012D4000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01320000 \SystemRoot\system32\drivers\fileinfo.sys
    0x0140B000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01334000 \SystemRoot\System32\Drivers\msrpc.sys
    0x015AE000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01000000 \SystemRoot\System32\Drivers\cng.sys
    0x015C8000 \SystemRoot\System32\drivers\pcw.sys
    0x015D9000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x016D7000 \SystemRoot\system32\drivers\ndis.sys
    0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01802000 \SystemRoot\System32\drivers\tcpip.sys
    0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x017C9000 \SystemRoot\system32\DRIVERS\wd.sys
    0x01392000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x017D1000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    0x017D6000 \SystemRoot\System32\Drivers\spldr.sys
    0x00DBC000 \SystemRoot\System32\drivers\rdyboost.sys
    0x017DE000 \SystemRoot\System32\Drivers\mup.sys
    0x017F0000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01AA5000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01ADF000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01AF5000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x040A6000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x040D0000 \SystemRoot\System32\Drivers\Null.SYS
    0x040D9000 \SystemRoot\System32\Drivers\Beep.SYS
    0x040E0000 \SystemRoot\System32\drivers\vga.sys
    0x040EE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x04113000 \SystemRoot\System32\drivers\watchdog.sys
    0x04123000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x0412C000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x04135000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x0413E000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x04149000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x0415A000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x04178000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x01B33000 \SystemRoot\system32\drivers\afd.sys
    0x04185000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x041CA000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x041D3000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x03E16000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x03E25000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x03E40000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x01A00000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03E54000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03E60000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03E6B000 \SystemRoot\System32\drivers\discache.sys
    0x01A51000 \SystemRoot\System32\Drivers\dfsc.sys
    0x01A6F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x01A80000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x01BBD000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x04A3A000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
    0x05459000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x0554D000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x05593000 \SystemRoot\system32\DRIVERS\HECIx64.sys
    0x055A4000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03C1F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x03C75000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03C99000 \SystemRoot\system32\DRIVERS\rtl8192Ce.sys
    0x03D89000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x03D96000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
    0x03DAB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x03DC9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x0447D000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x044CF000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x044D1000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x044E0000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    0x044EA000 \SystemRoot\system32\DRIVERS\Impcd.sys
    0x04511000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x04527000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x0452C000 \SystemRoot\system32\DRIVERS\QIOMem.sys
    0x04536000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
    0x0453D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x04546000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x04556000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x0456C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x04590000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x0459C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x045CB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x04400000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x04421000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x0443B000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x055B5000 \SystemRoot\system32\DRIVERS\ks.sys
    0x0443D000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x04247000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x042A1000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x042B6000 \SystemRoot\system32\drivers\CHDRT64.sys
    0x04369000 \SystemRoot\system32\drivers\portcls.sys
    0x043A6000 \SystemRoot\system32\drivers\drmk.sys
    0x043C8000 \SystemRoot\system32\drivers\ksthunk.sys
    0x000D0000 \SystemRoot\System32\win32k.sys
    0x043CE000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04200000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x0444F000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x0421D000 \SystemRoot\system32\DRIVERS\pgeffect.sys
    0x04224000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00400000 \SystemRoot\System32\TSDDD.dll
    0x00640000 \SystemRoot\System32\cdd.dll
    0x03DD8000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x04232000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x03E7A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x045E6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x04A00000 \SystemRoot\system32\drivers\luafv.sys
    0x03C00000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x04084000 \SystemRoot\system32\drivers\WudfPf.sys
    0x04A23000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x02A9F000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x02AF2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x02B05000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x02B1D000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x036C6000 \SystemRoot\system32\drivers\HTTP.sys
    0x0378E000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x037AC000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x037C4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x03600000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0364E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x02B53000 \SystemRoot\system32\drivers\peauth.sys
    0x03671000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0367C000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x036A9000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x02A00000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x05623000 \SystemRoot\System32\DRIVERS\srv.sys
    0x056EA000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x056F8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x05711000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x0571A000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x77360000 \Windows\System32\ntdll.dll
    0x478A0000 \Windows\System32\smss.exe
    0xFF680000 \Windows\System32\apisetschema.dll
    0xFFDA0000 \Windows\System32\autochk.exe
    0x77530000 \Windows\System32\psapi.dll
    0xFF410000 \Windows\System32\iertutil.dll
    0x77240000 \Windows\System32\kernel32.dll
    0xFF300000 \Windows\System32\msctf.dll
    0x77520000 \Windows\System32\normaliz.dll
    0xFF1D0000 \Windows\System32\wininet.dll
    0xFEFF0000 \Windows\System32\setupapi.dll
    0x77140000 \Windows\System32\user32.dll
    0xFEF50000 \Windows\System32\msvcrt.dll
    0xFED40000 \Windows\System32\ole32.dll
    0xFECA0000 \Windows\System32\comdlg32.dll
    0xFEC50000 \Windows\System32\ws2_32.dll
    0xFEC30000 \Windows\System32\sechost.dll
    0xFEB90000 \Windows\System32\clbcatq.dll
    0xFEAB0000 \Windows\System32\advapi32.dll
    0xFEA30000 \Windows\System32\difxapi.dll
    0xFE950000 \Windows\System32\oleaut32.dll
    0xFE8D0000 \Windows\System32\shlwapi.dll
    0xFE8C0000 \Windows\System32\nsi.dll
    0xFE8A0000 \Windows\System32\imagehlp.dll
    0xFE850000 \Windows\System32\Wldap32.dll
    0xFE6D0000 \Windows\System32\urlmon.dll
    0xFE6A0000 \Windows\System32\imm32.dll
    0xFE570000 \Windows\System32\rpcrt4.dll
    0xFE500000 \Windows\System32\gdi32.dll
    0xFE4F0000 \Windows\System32\lpk.dll
    0xFD760000 \Windows\System32\shell32.dll
    0xFD690000 \Windows\System32\usp10.dll
    0xFD650000 \Windows\System32\wintrust.dll
    0xFD4E0000 \Windows\System32\crypt32.dll
    0xFD440000 \Windows\System32\comctl32.dll
    0xFD420000 \Windows\System32\devobj.dll
    0xFD3E0000 \Windows\System32\cfgmgr32.dll
    0xFD370000 \Windows\System32\KernelBase.dll
    0xFD360000 \Windows\System32\msasn1.dll

    Processes (total 75):
    0 System Idle Process
    4 System
    308 C:\Windows\System32\smss.exe
    412 csrss.exe
    488 C:\Windows\System32\wininit.exe
    504 csrss.exe
    540 C:\Windows\System32\services.exe
    564 C:\Windows\System32\lsass.exe
    572 C:\Windows\System32\lsm.exe
    680 C:\Windows\System32\svchost.exe
    768 C:\Windows\System32\svchost.exe
    820 C:\Windows\System32\svchost.exe
    876 C:\Windows\System32\svchost.exe
    892 C:\Windows\System32\winlogon.exe
    956 C:\Windows\System32\svchost.exe
    452 C:\Windows\System32\svchost.exe
    1012 C:\Windows\System32\svchost.exe
    1232 C:\Windows\System32\spoolsv.exe
    1264 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1300 C:\Windows\System32\svchost.exe
    1464 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1508 C:\Windows\System32\svchost.exe
    1540 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    1612 C:\Windows\System32\TODDSrv.exe
    1644 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    1720 C:\Program Files\TOSHIBA\TECO\TecoService.exe
    1800 C:\Windows\System32\SearchIndexer.exe
    2004 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    1428 C:\Windows\System32\conhost.exe
    2280 C:\Windows\System32\svchost.exe
    2376 C:\Windows\System32\taskhost.exe
    2476 C:\Windows\System32\dwm.exe
    2544 C:\Windows\explorer.exe
    2552 C:\Windows\System32\rundll32.exe
    2936 C:\Windows\System32\igfxtray.exe
    2960 C:\Windows\System32\hkcmd.exe
    3028 C:\Windows\System32\igfxpers.exe
    3052 C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    1944 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2276 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    2720 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    2508 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    2328 C:\Program Files\TOSHIBA\TECO\Teco.exe
    3100 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    3116 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    3156 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3216 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3276 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    3316 C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    3368 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    3744 C:\Windows\System32\svchost.exe
    3972 C:\Windows\System32\igfxext.exe
    4000 C:\Windows\System32\igfxsrvc.exe
    4024 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3760 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    3740 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    2576 C:\Windows\System32\svchost.exe
    3836 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    2824 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    4116 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    4284 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    4580 C:\Windows\System32\wuauclt.exe
    1008 C:\Windows\SysWOW64\notepad.exe
    4940 WmiPrvSE.exe
    2744 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    3796 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    2812 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
    3432 C:\Windows\System32\audiodg.exe
    2112 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    1576 C:\Windows\System32\SearchProtocolHost.exe
    2144 C:\Windows\System32\SearchFilterHost.exe
    4624 dllhost.exe
    3460 dllhost.exe
    2892 C:\Users\Mumbles2x\Desktop\MBRCheck.exe
    424 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHTS545032B9A300, Rev: PB3OC64G

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


    Done!
     
  17. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    ComboFix 11-01-31.01 - Mumbles2x 01/31/2011 15:24:14.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2934.1799 [GMT -5:00]
    Running from: c:\users\Mumbles2x\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\MUMBLE~1\AppData\Local\Temp\7C04.tmp
    c:\users\Mumbles2x\AppData\Local\Temp\7C04.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-31 )))))))))))))))))))))))))))))))
    .

    2011-01-31 20:26 . 2011-01-31 20:26 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-31 18:07 . 2011-01-31 18:07 -------- d-----w- c:\users\Mumbles2x\AppData\Roaming\Malwarebytes
    2011-01-31 18:07 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-01-31 18:07 . 2011-01-31 18:07 -------- d-----w- c:\programdata\Malwarebytes
    2011-01-31 18:07 . 2011-01-31 18:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-01-31 18:07 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-31 16:05 . 2011-01-31 16:05 -------- d-----w- c:\users\Mumbles2x\AppData\Roaming\Avira
    2011-01-31 15:52 . 2011-01-31 15:52 -------- d-----w- c:\users\Mumbles2x\AppData\Local\Diagnostics
    2011-01-31 15:47 . 2010-12-13 13:40 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-01-31 15:47 . 2010-12-13 13:40 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-01-31 15:47 . 2011-01-31 15:47 -------- d-----w- c:\programdata\Avira
    2011-01-31 15:47 . 2011-01-31 15:47 -------- d-----w- c:\program files (x86)\Avira
    2011-01-31 14:57 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F98BB831-D67F-47AC-A4FE-EA5DC842DFFC}\mpengine.dll
    2011-01-29 20:01 . 2011-01-29 20:31 -------- d-----w- c:\users\Mumbles2x\AppData\Local\ElevatedDiagnostics
    2011-01-26 03:02 . 2011-01-26 03:02 -------- d-----w- c:\program files (x86)\Microsoft.NET
    2011-01-19 19:33 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-19 19:33 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
    2011-01-19 19:33 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-01-19 19:33 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-01-19 19:33 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-01-19 19:33 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-01-19 19:33 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
    2011-01-19 19:33 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
    2011-01-19 19:33 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
    2011-01-19 19:33 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
    2011-01-13 16:00 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe
    2011-01-12 19:42 . 2011-01-12 19:42 -------- d-----w- c:\program files (x86)\Maxis
    2011-01-12 19:05 . 2011-01-12 19:29 -------- d-----w- c:\users\Mumbles2x\AppData\Local\Microsoft Games
    2011-01-02 20:16 . 2010-01-13 21:48 230752 ----a-w- c:\windows\patchw32.dll
    2011-01-02 20:16 . 2010-01-13 21:48 118176 ----a-w- c:\windows\patchw.dll
    2011-01-02 20:10 . 2011-01-02 20:10 -------- d-----w- c:\program files (x86)\Outspark
    2011-01-02 17:52 . 2011-01-27 20:00 -------- d-----w- c:\users\Mumbles2x\AppData\Local\Unity
    2011-01-02 02:19 . 2011-01-02 06:07 -------- d-----w- c:\users\Mumbles2x\AppData\Local\CrashDumps
    2011-01-02 00:33 . 2011-01-31 15:45 -------- d-----w- c:\programdata\NexonUS
    2011-01-01 23:59 . 2011-01-03 02:10 -------- d-----w- c:\users\Mumbles2x\AppData\Local\PMB Files
    2011-01-01 23:59 . 2011-01-02 19:46 -------- d-----w- c:\programdata\PMB Files
    2011-01-01 23:58 . 2011-01-01 23:58 -------- d-----w- c:\program files (x86)\Pando Networks

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-27 01:52 . 2010-12-27 01:52 176488 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10136.bin
    2010-11-04 06:35 . 2010-12-26 21:12 1194496 ----a-w- c:\windows\system32\wininet.dll
    2010-11-04 06:31 . 2010-12-26 21:12 57856 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-04 05:52 . 2010-12-26 21:12 978944 ----a-w- c:\windows\SysWow64\wininet.dll
    2010-11-04 05:48 . 2010-12-26 21:12 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2010-11-04 05:16 . 2010-12-26 21:12 482816 ----a-w- c:\windows\system32\html.iec
    2010-11-04 04:41 . 2010-12-26 21:12 386048 ----a-w- c:\windows\SysWow64\html.iec
    2010-11-04 04:35 . 2010-12-26 21:12 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-04 04:08 . 2010-12-26 21:12 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-10 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
    "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 136176]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
    R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1255736]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-23 75304]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
    S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
    S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-02-12 877088]

    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 02:09]

    2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 02:09]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-(Default) - (no file)
    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
    HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
    HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
    HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-31 15:31:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-31 20:31

    Pre-Run: 276,440,936,448 bytes free
    Post-Run: 276,067,880,960 bytes free

    - - End Of File - - D360A5D16F6E38D17A9B39C888DA2683
     
  18. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    Both logs look good.

    How are the issues?
     
  19. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    everything seems to be working fine so far.

    Thank you for your help.
     
  20. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    Very good :)

    We'll run couple more checks...

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  21. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    OTL logfile created on: 1/31/2011 4:24:28 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Mumbles2x\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.29 Gb Total Space | 257.15 Gb Free Space | 89.82% Space Free | Partition Type: NTFS
    Drive D: | 287.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: MUMBLES2X-PC | User Name: Mumbles2x | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/31 16:22:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mumbles2x\Desktop\OTL.exe
    PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/09/09 21:09:03 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/02/24 03:54:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/31 16:22:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mumbles2x\Desktop\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/02/25 21:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV:64bit: - [2010/02/23 19:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2009/11/06 00:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/10/06 11:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/12/13 08:40:21 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2010/12/13 08:40:21 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2010/07/29 07:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/03/31 01:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2010/03/24 15:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/02/27 09:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/22 20:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2010/02/12 17:49:16 | 000,877,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
    DRV:64bit: - [2010/02/08 23:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
    DRV:64bit: - [2009/06/15 15:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1999489102-630139991-3584140911-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
    IE - HKU\S-1-5-21-1999489102-630139991-3584140911-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1999489102-630139991-3584140911-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=TSND&bmod=TSND
    IE - HKU\S-1-5-21-1999489102-630139991-3584140911-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1999489102-630139991-3584140911-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1999489102-630139991-3584140911-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1999489102-630139991-3584140911-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
    O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
    O4 - HKU\S-1-5-21-1999489102-630139991-3584140911-1001..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1999489102-630139991-3584140911-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1999489102-630139991-3584140911-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/06/28 17:17:03 | 001,838,104 | R--- | M] (Kaspersky Lab) - D:\autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2010/05/07 07:10:25 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/31 16:22:22 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Mumbles2x\Desktop\OTL.exe
    [2011/01/31 15:28:31 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/01/31 15:23:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2011/01/31 15:23:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2011/01/31 15:23:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2011/01/31 15:23:33 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2011/01/31 15:23:19 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/31 15:23:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
    [2011/01/31 15:23:00 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/01/31 13:07:20 | 000,000,000 | ---D | C] -- C:\Users\Mumbles2x\AppData\Roaming\Malwarebytes
    [2011/01/31 13:07:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/01/31 13:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/01/31 13:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/01/31 13:07:08 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2011/01/31 13:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/01/31 11:05:08 | 000,000,000 | ---D | C] -- C:\Users\Mumbles2x\AppData\Roaming\Avira
    [2011/01/31 10:52:44 | 000,000,000 | ---D | C] -- C:\Users\Mumbles2x\AppData\Local\Diagnostics
    [2011/01/31 10:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2011/01/31 10:47:40 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
    [2011/01/31 10:47:40 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
    [2011/01/31 10:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2011/01/31 10:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
    [2011/01/29 15:01:56 | 000,000,000 | ---D | C] -- C:\Users\Mumbles2x\AppData\Local\ElevatedDiagnostics
    [2011/01/25 22:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
    [2011/01/25 22:02:26 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/01/12 14:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis
    [2011/01/12 14:05:39 | 000,000,000 | ---D | C] -- C:\Users\Mumbles2x\AppData\Local\Microsoft Games
    [2011/01/02 15:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outspark
    [2011/01/02 12:52:48 | 000,000,000 | ---D | C] -- C:\Users\Mumbles2x\AppData\Local\Unity
    [2011/01/01 21:19:40 | 000,000,000 | ---D | C] -- C:\Users\Mumbles2x\AppData\Local\CrashDumps
    [2011/01/01 19:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
    [2011/01/01 19:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
    [2011/01/01 18:59:18 | 000,000,000 | ---D | C] -- C:\Users\Mumbles2x\AppData\Local\PMB Files
    [2011/01/01 18:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
    [2011/01/01 18:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks

    ========== Files - Modified Within 30 Days ==========

    [2011/01/31 16:23:04 | 000,713,888 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2011/01/31 16:23:04 | 000,615,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2011/01/31 16:23:04 | 000,103,702 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2011/01/31 16:22:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mumbles2x\Desktop\OTL.exe
    [2011/01/31 16:21:19 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/31 16:21:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2011/01/31 15:35:12 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/31 15:35:12 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/31 15:28:23 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/31 15:27:15 | 2307,280,896 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/31 15:20:59 | 004,263,233 | R--- | M] () -- C:\Users\Mumbles2x\Desktop\ComboFix.exe
    [2011/01/31 15:18:04 | 000,080,384 | ---- | M] () -- C:\Users\Mumbles2x\Desktop\MBRCheck.exe
    [2011/01/31 13:07:13 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/31 10:47:48 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011/01/25 22:00:53 | 007,712,956 | ---- | M] () -- C:\Users\Mumbles2x\Documents\resident evil sonic.png
    [2011/01/13 16:30:29 | 001,228,199 | ---- | M] () -- C:\Users\Mumbles2x\Documents\pika.png
    [2011/01/12 14:42:28 | 000,000,486 | ---- | M] () -- C:\windows\eReg.dat

    ========== Files Created - No Company Name ==========

    [2011/01/31 15:23:36 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
    [2011/01/31 15:23:36 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2011/01/31 15:23:36 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
    [2011/01/31 15:23:36 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2011/01/31 15:23:36 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2011/01/31 15:20:49 | 004,263,233 | R--- | C] () -- C:\Users\Mumbles2x\Desktop\ComboFix.exe
    [2011/01/31 15:18:03 | 000,080,384 | ---- | C] () -- C:\Users\Mumbles2x\Desktop\MBRCheck.exe
    [2011/01/31 13:07:13 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/31 10:47:48 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011/01/13 15:45:13 | 001,228,199 | ---- | C] () -- C:\Users\Mumbles2x\Documents\pika.png
    [2011/01/12 14:42:28 | 000,000,486 | ---- | C] () -- C:\windows\eReg.dat
    [2011/01/02 15:16:25 | 000,230,752 | ---- | C] () -- C:\windows\patchw32.dll
    [2011/01/02 15:16:25 | 000,118,176 | ---- | C] () -- C:\windows\patchw.dll
    [2010/07/29 06:14:38 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
    [2010/07/29 06:14:38 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

    ========== LOP Check ==========

    [2010/12/25 19:59:58 | 000,000,000 | ---D | M] -- C:\Users\Mumbles2x\AppData\Roaming\Tific
    [2011/01/31 09:56:43 | 000,000,000 | ---D | M] -- C:\Users\Mumbles2x\AppData\Roaming\Toshiba
    [2010/12/25 08:14:21 | 000,000,000 | ---D | M] -- C:\Users\Mumbles2x\AppData\Roaming\WinBatch
    [2009/07/14 00:08:49 | 000,012,692 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/09/10 13:17:16 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/01/31 15:31:26 | 000,015,267 | ---- | M] () -- C:\ComboFix.txt
    [2011/01/31 15:27:15 | 2307,280,896 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/31 15:27:21 | 3076,374,528 | -HS- | M] () -- C:\pagefile.sys
    [2010/10/25 02:19:50 | 000,000,047 | ---- | M] () -- C:\Status.log

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/04/17 02:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/12/25 08:16:40 | 000,000,221 | -HS- | M] () -- C:\Users\Mumbles2x\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/01/31 15:20:59 | 004,263,233 | R--- | M] () -- C:\Users\Mumbles2x\Desktop\ComboFix.exe
    [2011/01/31 15:18:04 | 000,080,384 | ---- | M] () -- C:\Users\Mumbles2x\Desktop\MBRCheck.exe
    [2011/01/31 16:22:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Mumbles2x\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/12/28 12:24:16 | 000,000,402 | -HS- | M] () -- C:\Users\Mumbles2x\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
  22. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    OTL Extras logfile created on: 1/31/2011 4:24:28 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Mumbles2x\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.29 Gb Total Space | 257.15 Gb Free Space | 89.82% Space Free | Partition Type: NTFS
    Drive D: | 287.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: MUMBLES2X-PC | User Name: Mumbles2x | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
    "{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
    "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
    "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}" = Toshiba Book Place
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
    "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
    "InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1999489102-630139991-3584140911-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "48e4cff94f039634" = Best Buy pc app

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/8/2011 3:01:02 PM | Computer Name = Mumbles2x-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 1/9/2011 2:44:45 PM | Computer Name = Mumbles2x-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 1/14/2011 3:44:25 PM | Computer Name = Mumbles2x-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 1/14/2011 11:01:08 PM | Computer Name = Mumbles2x-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 1/15/2011 5:19:07 PM | Computer Name = Mumbles2x-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 1/16/2011 4:08:29 PM | Computer Name = Mumbles2x-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 1/19/2011 9:37:37 PM | Computer Name = Mumbles2x-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 1/21/2011 10:54:27 PM | Computer Name = Mumbles2x-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 1/23/2011 10:47:36 PM | Computer Name = Mumbles2x-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 1/24/2011 4:32:36 PM | Computer Name = Mumbles2x-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    [ System Events ]
    Error - 1/18/2011 10:28:18 PM | Computer Name = Mumbles2x-PC | Source = SRTSP | ID = 524293
    Description =

    Error - 1/18/2011 10:28:18 PM | Computer Name = Mumbles2x-PC | Source = Service Control Manager | ID = 7000
    Description = The Symantec Real Time Storage Protection x64 service failed to start
    due to the following error: %%31

    Error - 1/18/2011 10:28:18 PM | Computer Name = Mumbles2x-PC | Source = SRTSP | ID = 524292
    Description =

    Error - 1/18/2011 10:28:18 PM | Computer Name = Mumbles2x-PC | Source = SRTSP | ID = 524293
    Description =

    Error - 1/18/2011 10:28:18 PM | Computer Name = Mumbles2x-PC | Source = Service Control Manager | ID = 7000
    Description = The Symantec Real Time Storage Protection x64 service failed to start
    due to the following error: %%31

    Error - 1/19/2011 3:29:54 PM | Computer Name = Mumbles2x-PC | Source = bowser | ID = 8003
    Description =

    Error - 1/20/2011 5:22:01 PM | Computer Name = Mumbles2x-PC | Source = bowser | ID = 8003
    Description =

    Error - 1/20/2011 10:10:14 PM | Computer Name = Mumbles2x-PC | Source = bowser | ID = 8003
    Description =

    Error - 1/22/2011 8:04:59 PM | Computer Name = Mumbles2x-PC | Source = bowser | ID = 8003
    Description =

    Error - 1/23/2011 10:33:13 PM | Computer Name = Mumbles2x-PC | Source = bowser | ID = 8003
    Description =


    < End of report >
     
  23. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    I will continue tomorrow. I need to sleep before I go to work. Thank you for your time today.
     
  24. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    Sure thing :)

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-1999489102-630139991-3584140911-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-1999489102-630139991-3584140911-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKU\S-1-5-21-1999489102-630139991-3584140911-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  25. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-1999489102-630139991-3584140911-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1999489102-630139991-3584140911-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1999489102-630139991-3584140911-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Mumbles2x
    ->Temp folder emptied: 8507 bytes
    ->Temporary Internet Files folder emptied: 25653865 bytes
    ->Java cache emptied: 2027 bytes
    ->Flash cache emptied: 646 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 827744 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 71936 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 25.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: Mumbles2x
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.6 log created on 02012011_073101

    Files\Folders moved on Reboot...
    C:\Users\Mumbles2x\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\windows\SysNative\TBD874C.tmp not found!

    Registry entries deleted on Reboot...
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.