[Solved] Laptop redirects and some sites go into a loop then lock up

skippysays · Nov 16, 2010

hello- this forum recently helped me fix another laptop that was constantly redirecting me. This one was doing the same thing, then seemed to get better after I scanned with Malwarebytes Anti-Malware and deleted a virus. However it still seems to be acting odd - today it went into a loop on one site, saying it was trying to download ads and facebook. Can someone help? i followed the 8-steps and attached are the lots.
Thanks.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-16 21:03:41
Windows 6.1.7600
Running: 5z0v0vus.exe

---- Files - GMER 1.0.15 ----

File C:\Users\jan\AppData\Local\Temp\E510.tmp 0 bytes

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5129

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/16/2010 4:38:36 PM
mbam-log-2010-11-16 (16-38-36).txt

Scan type: Quick scan
Objects scanned: 142083
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/3/2010 1:33:05 PM
System Uptime: 11/16/2010 8:16:35 PM (1 hours ago)

Motherboard: TOSHIBA | | NWQAA
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU | 1991/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 453 GiB total, 411.175 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP8: 10/27/2010 7:16:13 AM - Windows Update
RP9: 10/28/2010 8:02:11 AM - Windows Update
RP10: 10/31/2010 11:44:11 AM - Removed Java(TM) 6 Update 17
RP11: 10/31/2010 11:45:31 AM - Removed Java(TM) 6 Update 17
RP12: 10/31/2010 11:46:22 AM - Removed Java(TM) 6 Update 17
RP13: 10/31/2010 11:50:11 AM - Installed Adobe Reader 9.4.0.
RP14: 10/31/2010 11:54:09 AM - Installed Java(TM) 6 Update 22
RP15: 10/31/2010 11:56:55 AM - Installed Java(TM) 6 Update 22 (64-bit)
RP16: 11/3/2010 11:19:13 AM - Windows Live Essentials
RP17: 11/3/2010 11:19:39 AM - Windows Update
RP18: 11/3/2010 11:20:05 AM - Windows Update
RP19: 11/3/2010 11:20:57 AM - Installed DirectX
RP20: 11/3/2010 11:21:16 AM - Installed DirectX
RP21: 11/3/2010 11:22:31 AM - WLSetup
RP22: 11/3/2010 7:16:07 PM - Installed iTunes
RP23: 11/5/2010 3:00:13 AM - Windows Update
RP24: 11/13/2010 9:59:30 AM - Scheduled Checkpoint
RP25: 11/13/2010 5:52:39 PM - Installed Intel(R) PROSet/Wireless WiFi Software.
RP26: 11/14/2010 8:22:35 PM - Windows Update

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.0
Apple Application Support
Apple Software Update
Call of Duty(R) 4 - Modern Warfare(TM)
Centra Client
D3DX10
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 22
JMicron Flash Media Controller Driver
Junk Mail filter update
Label@Once 1.0
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
McAfee SecurityCenter
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
MSVCRT_amd64
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Utility Common Driver
Veetle TV 0.9.18
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources

==== Event Viewer Messages From Past Week ========

11/9/2010 10:27:40 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume TI105957W0C.
11/16/2010 8:16:50 PM, Error: Service Control Manager [7000] - The Amsp service failed to start due to the following error: The system cannot find the path specified.
11/16/2010 8:14:51 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/14/2010 4:06:18 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.4 with the system having network hardware address 00-21-6A-98-6A-10. Network operations on this system may be disrupted as a result.
11/13/2010 5:34:51 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
11/13/2010 5:27:23 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
11/13/2010 10:00:28 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MAC0023DFA7112C that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BDE239A3-1A37-4FBD-9A4C-3801BCA0C17F}. The master browser is stopping or an election is being forced.
11/13/2010 1:47:13 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll
11/12/2010 8:03:43 AM, Error: Service Control Manager [7000] - The McAfee Inc. mferkdk service failed to start due to the following error: The specified procedure could not be found.

==== End Of File ===========================

DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by jan at 21:11:04.06 on Tue 11/16/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.2273 [GMT -7:00]

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\jan\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://msnbc.com/
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uInternet Settings,ProxyOverride = *.local;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
mRun-x64: [(Default)]
mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [ThpSrv] C:\windows\system32\thpsrv /logon
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
mRun-x64: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun-x64: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

============= SERVICES / DRIVERS ===============

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2010-8-9 482384]
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-18 308296]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-12-29 404992]
R2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [2010-10-18 359952]
R2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2010-10-18 155456]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2010-10-3 56336]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-8-9 2320920]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-12-29 911360]
R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2009-12-22 71168]
R3 bpmp;bpmp;C:\Windows\System32\drivers\bpmp.sys [2009-12-22 174592]
R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2009-12-22 81920]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-9 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
R3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2010-10-18 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-10-18 102472]
R3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2010-10-18 49480]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2010-7-14 7821312]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-8-9 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-9 331880]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-8-9 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
S2 Amsp;Amsp; [x]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 136176]
S3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2009-7-14 9728]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-3 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-5-18 164464]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2010-10-18 40904]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-6 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2010-11-14 00:55:16 -------- d-----w- C:\Users\jan\Roaming
2010-11-14 00:55:16 -------- d-----w- C:\PROGRA~3\Roaming
2010-11-14 00:53:58 -------- d-----w- C:\Program Files\Common Files\Intel
2010-11-14 00:53:56 -------- d-----w- C:\Program Files (x86)\Cisco
2010-11-04 03:42:22 -------- d-----w- C:\Users\jan\AppData\Roaming\Windows Live Writer
2010-11-04 03:42:22 -------- d-----w- C:\Users\jan\AppData\Local\Windows Live Writer
2010-11-04 02:27:56 -------- d-----w- C:\Users\jan\AppData\Local\Diagnostics
2010-11-04 01:17:11 -------- d-----w- C:\Users\jan\AppData\Local\Apple Computer
2010-11-04 01:17:03 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2010-11-04 01:17:03 126312 ----a-w- C:\windows\System32\GEARAspi64.dll
2010-11-04 01:17:03 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2010-11-04 01:16:37 -------- d-----w- C:\Program Files\iTunes
2010-11-04 01:16:37 -------- d-----w- C:\Program Files\iPod
2010-11-04 01:16:37 -------- d-----w- C:\Program Files (x86)\iTunes
2010-11-04 01:16:37 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-11-04 01:15:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2010-11-04 01:15:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2010-11-04 01:15:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2010-11-04 01:15:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2010-11-04 01:15:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2010-11-04 01:15:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2010-11-04 01:15:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2010-11-04 01:15:27 -------- d-----w- C:\Users\jan\AppData\Local\Apple
2010-11-04 01:14:55 -------- d-----w- C:\Program Files\Bonjour
2010-11-04 01:14:55 -------- d-----w- C:\Program Files (x86)\Bonjour
2010-11-03 17:26:15 -------- d-----w- C:\windows\en
2010-11-03 17:22:53 48488 ----a-w- C:\windows\System32\drivers\fssfltr.sys
2010-11-03 17:21:30 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll
2010-11-03 17:21:30 523088 ----a-w- C:\windows\System32\d3dx10_42.dll
2010-11-03 17:21:30 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll
2010-11-03 17:21:30 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll
2010-11-03 17:19:53 206848 ----a-w- C:\windows\System32\mfps.dll
2010-11-03 17:19:52 4068864 ----a-w- C:\windows\System32\mf.dll
2010-11-03 17:19:52 3181568 ----a-w- C:\windows\SysWow64\mf.dll
2010-11-03 17:19:52 257024 ----a-w- C:\windows\System32\mfreadwrite.dll
2010-11-03 17:19:52 196608 ----a-w- C:\windows\SysWow64\mfreadwrite.dll
2010-11-03 17:19:52 1888256 ----a-w- C:\windows\System32\WMVDECOD.DLL
2010-11-03 17:19:52 1619456 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2010-11-03 17:18:31 -------- d-----w- C:\Users\jan\AppData\Local\Windows Live
2010-11-03 14:49:23 -------- d-----w- C:\Users\jan\AppData\Roaming\Saba
2010-11-03 14:48:47 -------- d-----w- C:\Users\jan\AppData\Roaming\Centra
2010-11-03 14:48:47 -------- d-----w- C:\Program Files\Centra
2010-11-02 01:39:50 -------- d-----w- C:\PROGRA~3\McAfee Security Scan
2010-11-02 01:39:49 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2010-10-31 17:57:18 521448 ----a-w- C:\windows\System32\deployJava1.dll
2010-10-31 17:54:58 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2010-10-26 21:49:07 961024 ----a-w- C:\windows\System32\CPFilters.dll
2010-10-26 21:49:07 641536 ----a-w- C:\windows\SysWow64\CPFilters.dll
2010-10-26 21:49:07 552960 ----a-w- C:\windows\System32\msdri.dll
2010-10-26 21:49:06 288256 ----a-w- C:\windows\System32\MSNP.ax
2010-10-26 21:49:06 258560 ----a-w- C:\windows\System32\mpg2splt.ax
2010-10-26 21:49:06 204288 ----a-w- C:\windows\SysWow64\MSNP.ax
2010-10-26 21:49:06 199680 ----a-w- C:\windows\SysWow64\mpg2splt.ax
2010-10-26 21:48:59 27008 ----a-w- C:\windows\System32\drivers\Diskdump.sys
2010-10-21 13:43:50 176 ----a-w- C:\Users\jan\AppData\Roaming\42917.bat
2010-10-21 13:43:40 -------- d-----w- C:\Users\jan\AppData\Roaming\Xyge
2010-10-21 13:43:40 -------- d-----w- C:\Users\jan\AppData\Roaming\Ezcoa
2010-10-21 13:43:33 178 ----a-w- C:\Users\jan\AppData\Roaming\16311.bat
2010-10-20 23:10:27 -------- d-----w- C:\Users\jan\AppData\Local\PunkBuster
2010-10-19 22:18:42 -------- d-----w- C:\Users\jan\AppData\Local\Adobe
2010-10-19 03:45:12 -------- d-----w- C:\Users\jan\AppData\Roaming\Malwarebytes
2010-10-19 02:00:07 -------- d-----w- C:\Users\jan\AppData\Local\Best Buy pc app
2010-10-19 01:57:43 -------- d-----w- C:\Users\jan\AppData\Local\TOSHIBA_Corporation
2010-10-18 21:05:24 -------- d-----w- C:\Users\jan\AppData\Local\Google
2010-10-18 20:51:06 40904 ----a-w- C:\windows\System32\drivers\mferkdk.sys
2010-10-18 20:51:05 49480 ----a-w- C:\windows\System32\drivers\mfesmfk.sys
2010-10-18 20:51:05 308296 ----a-w- C:\windows\System32\drivers\mfehidk.sys
2010-10-18 20:51:05 102472 ----a-w- C:\windows\System32\drivers\mfeavfk.sys
2010-10-18 20:51:04 176144 ----a-w- C:\windows\System32\drivers\Mpfp.sys
2010-10-18 20:50:51 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2010-10-18 20:50:50 -------- d-----w- C:\Program Files\McAfee
2010-10-18 20:50:49 -------- d-----w- C:\Program Files\Common Files\McAfee
2010-10-18 20:50:49 -------- d-----w- C:\Program Files (x86)\McAfee.com
2010-10-18 20:50:47 -------- d-----w- C:\Program Files (x86)\McAfee
2010-10-18 20:11:22 -------- d-----w- C:\hold

==================== Find3M ====================

2010-10-22 00:42:09 103736 ----a-w- C:\windows\SysWow64\PnkBstrB.exe
2010-10-05 16:10:16 66872 ----a-w- C:\windows\SysWow64\PnkBstrA.exe
2010-09-23 06:47:28 49016 ----a-w- C:\windows\SysWow64\sirenacm.dll
2010-09-23 06:32:56 301936 ----a-w- C:\windows\WLXPGSS.SCR
2010-09-21 20:49:02 252800 ----a-w- C:\windows\System32\LIVESSP.DLL
2010-09-21 20:03:14 208768 ----a-w- C:\windows\SysWow64\LIVESSP.DLL
2010-09-10 05:35:44 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 17:17:46 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2010-09-08 17:17:46 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\windows\SysWow64\comctl32.dll

============= FINISH: 21:11:39.65 ===============

Broni · Nov 16, 2010

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

skippysays · Nov 17, 2010

Here's contents of MBRCheck log. Thanks for the help.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite A665
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 204):
0x02C53000 \SystemRoot\system32\ntoskrnl.exe
0x02C0A000 \SystemRoot\system32\hal.dll
0x00BAF000 \SystemRoot\system32\kdcom.dll
0x00C74000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CB8000 \SystemRoot\system32\PSHED.dll
0x00CCC000 \SystemRoot\system32\CLFS.SYS
0x00D2A000 \SystemRoot\system32\CI.dll
0x00EC8000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F6C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F7B000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FD2000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FDB000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x00E4F000 \SystemRoot\System32\drivers\partmgr.sys
0x00E64000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E6D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E79000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E8E000 \SystemRoot\System32\drivers\mountmgr.sys
0x00EA8000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00EAF000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x010CE000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x012D6000 \SystemRoot\system32\DRIVERS\atapi.sys
0x012DF000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01309000 \SystemRoot\system32\DRIVERS\msahci.sys
0x01314000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0131F000 \SystemRoot\system32\drivers\fltmgr.sys
0x0136B000 \SystemRoot\system32\drivers\fileinfo.sys
0x01401000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0137F000 \SystemRoot\System32\Drivers\msrpc.sys
0x015A4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x015BE000 \SystemRoot\System32\drivers\pcw.sys
0x015CF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0166F000 \SystemRoot\system32\drivers\ndis.sys
0x01761000 \SystemRoot\system32\drivers\NETIO.SYS
0x017C1000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0164C000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x01815000 \SystemRoot\system32\DRIVERS\tos_sps64.sys
0x0188F000 \SystemRoot\system32\DRIVERS\Thpevm.SYS
0x01891000 \SystemRoot\system32\DRIVERS\thpdrv.sys
0x0189D000 \SystemRoot\System32\Drivers\spldr.sys
0x018A5000 \SystemRoot\System32\drivers\rdyboost.sys
0x018DF000 \SystemRoot\System32\Drivers\mup.sys
0x018F1000 \SystemRoot\System32\drivers\hwpolicy.sys
0x018FA000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01934000 \SystemRoot\system32\DRIVERS\disk.sys
0x0194A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x04080000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x040AA000 \SystemRoot\System32\Drivers\Null.SYS
0x040B3000 \SystemRoot\System32\Drivers\Beep.SYS
0x040BA000 \SystemRoot\System32\drivers\vga.sys
0x040C8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x040ED000 \SystemRoot\System32\drivers\watchdog.sys
0x040FD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04106000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0410F000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04118000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04123000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02C01000 \SystemRoot\System32\drivers\tcpip.sys
0x04134000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0417E000 \SystemRoot\System32\Drivers\Mpfp.sys
0x041BB000 \SystemRoot\System32\Drivers\TDI.SYS
0x041C8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03E00000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x042B3000 \SystemRoot\system32\drivers\afd.sys
0x0433D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04382000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0438B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x043B1000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x043C7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x043D6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04200000 \SystemRoot\system32\DRIVERS\tmtdi.sys
0x0421B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0422F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04280000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0428C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x01988000 \SystemRoot\system32\drivers\mfehidk.sys
0x04297000 \SystemRoot\System32\drivers\discache.sys
0x03E1E000 \SystemRoot\System32\Drivers\dfsc.sys
0x03E3C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x019D2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04818000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x044D6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04400000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04446000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04457000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04468000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x045CA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x01073000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x05634000 \SystemRoot\system32\DRIVERS\NETwNs64.sys
0x05DB6000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05600000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x0562F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x01651000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05DEF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05274000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x052C6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x052C8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x052D7000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x052E1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x052EE000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x05315000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
0x0531C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05332000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x05342000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05358000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0537C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05388000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x053B7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x053D2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05200000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0521A000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0521C000 \SystemRoot\system32\DRIVERS\ks.sys
0x0525F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x045EE000 \SystemRoot\system32\DRIVERS\WDKMD.sys
0x05E64000 \SystemRoot\system32\DRIVERS\bpenum.sys
0x05E9B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05EF5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x07AD0000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x07D00000 \SystemRoot\system32\drivers\portcls.sys
0x07D3D000 \SystemRoot\system32\drivers\drmk.sys
0x07D5F000 \SystemRoot\system32\drivers\ksthunk.sys
0x07D65000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x07DAC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03E4D000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x07DBA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x07DCD000 \SystemRoot\System32\drivers\Dxapi.sys
0x07DD9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07A00000 \SystemRoot\System32\Drivers\usbvideo.sys
0x07A2E000 \SystemRoot\system32\DRIVERS\pgeffect.sys
0x07A35000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00560000 \SystemRoot\System32\TSDDD.dll
0x07A43000 \SystemRoot\System32\Drivers\bpusb.sys
0x07A5D000 \SystemRoot\system32\DRIVERS\bpmp.sys
0x00700000 \SystemRoot\System32\cdd.dll
0x07A8F000 \SystemRoot\system32\drivers\luafv.sys
0x05F0A000 \SystemRoot\system32\drivers\WudfPf.sys
0x07AB2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05F2B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05F7E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05F91000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02607000 \SystemRoot\system32\drivers\HTTP.sys
0x026CF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x026ED000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02705000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02732000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02780000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x027A3000 \SystemRoot\system32\DRIVERS\tmcomm.sys
0x027C8000 \SystemRoot\system32\DRIVERS\tmevtmgr.sys
0x027D8000 \SystemRoot\system32\DRIVERS\tmactmon.sys
0x027F2000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x090F5000 \SystemRoot\system32\drivers\peauth.sys
0x0919B000 \SystemRoot\System32\Drivers\secdrv.SYS
0x091A6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x091D3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x09000000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0987F000 \SystemRoot\System32\DRIVERS\srv.sys
0x09915000 \SystemRoot\system32\drivers\mfeavfk.sys
0x099A9000 \SystemRoot\system32\drivers\mfesmfk.sys
0x099B4000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x776E0000 \Windows\System32\ntdll.dll
0x48030000 \Windows\System32\smss.exe
0xFFA00000 \Windows\System32\apisetschema.dll
0xFFBB0000 \Windows\System32\autochk.exe
0xFF8E0000 \Windows\System32\msctf.dll
0xFF8C0000 \Windows\System32\sechost.dll
0xFF790000 \Windows\System32\wininet.dll
0xFF760000 \Windows\System32\imm32.dll
0xFF690000 \Windows\System32\usp10.dll
0xFF680000 \Windows\System32\lpk.dll
0xFF630000 \Windows\System32\ws2_32.dll
0x775E0000 \Windows\System32\user32.dll
0xFF450000 \Windows\System32\setupapi.dll
0xFF430000 \Windows\System32\imagehlp.dll
0xFE6A0000 \Windows\System32\shell32.dll
0xFE5C0000 \Windows\System32\oleaut32.dll
0x774C0000 \Windows\System32\kernel32.dll
0xFE440000 \Windows\System32\urlmon.dll
0xFE3D0000 \Windows\System32\gdi32.dll
0xFE3C0000 \Windows\System32\nsi.dll
0xFE290000 \Windows\System32\rpcrt4.dll
0xFE240000 \Windows\System32\Wldap32.dll
0xFE1C0000 \Windows\System32\difxapi.dll
0xFDFB0000 \Windows\System32\ole32.dll
0x778B0000 \Windows\System32\normaliz.dll
0xFDF10000 \Windows\System32\comdlg32.dll
0x778A0000 \Windows\System32\psapi.dll
0xFDE90000 \Windows\System32\shlwapi.dll
0xFDDF0000 \Windows\System32\msvcrt.dll
0xFDD10000 \Windows\System32\advapi32.dll
0xFDAB0000 \Windows\System32\iertutil.dll
0xFDA10000 \Windows\System32\clbcatq.dll
0xFD970000 \Windows\System32\comctl32.dll
0xFD930000 \Windows\System32\cfgmgr32.dll
0xFD910000 \Windows\System32\devobj.dll
0xFD8D0000 \Windows\System32\wintrust.dll
0xFD760000 \Windows\System32\crypt32.dll
0xFD6F0000 \Windows\System32\KernelBase.dll
0xFD6E0000 \Windows\System32\msasn1.dll

Processes (total 100):
0 System Idle Process
4 System
336 C:\Windows\System32\smss.exe
476 csrss.exe
564 C:\Windows\System32\wininit.exe
592 csrss.exe
624 C:\Windows\System32\services.exe
648 C:\Windows\System32\lsass.exe
656 C:\Windows\System32\lsm.exe
764 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
392 C:\Windows\System32\svchost.exe
532 C:\Windows\System32\winlogon.exe
1032 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\wlanext.exe
1128 C:\Windows\System32\conhost.exe
1252 C:\Windows\System32\spoolsv.exe
1280 C:\Windows\System32\svchost.exe
1488 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1568 C:\Windows\System32\taskhost.exe
1620 C:\Windows\System32\dwm.exe
1716 C:\Windows\explorer.exe
1904 C:\Windows\System32\igfxtray.exe
1936 C:\Windows\System32\hkcmd.exe
1944 C:\Windows\System32\igfxpers.exe
2020 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1384 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1584 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1820 C:\Windows\System32\ThpSrv.exe
2052 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2084 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
2092 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
2168 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2220 C:\Windows\System32\svchost.exe
2248 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
2428 C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
2496 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
2564 C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
2580 C:\Program Files\TOSHIBA\TECO\Teco.exe
2740 C:\Windows\SysWOW64\PnkBstrA.exe
2788 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2812 C:\Windows\System32\svchost.exe
2840 C:\Windows\System32\ThpSrv.exe
2864 C:\Windows\System32\TODDSrv.exe
2972 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
3008 C:\Program Files\TOSHIBA\TECO\TecoService.exe
1216 C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
1212 C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
1972 C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
3080 C:\Windows\System32\igfxext.exe
3112 C:\Windows\System32\igfxsrvc.exe
3128 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3200 C:\Windows\System32\SearchIndexer.exe
3240 C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
3260 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
3492 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
3500 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
3516 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
3560 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
3660 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
4076 unsecapp.exe
3724 WmiPrvSE.exe
3836 C:\Windows\System32\wbem\unsecapp.exe
4560 C:\Windows\System32\svchost.exe
4860 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4880 C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
4944 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
4984 C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
4992 C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
5036 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
5052 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4772 C:\Program Files\Windows Media Player\wmpnetwk.exe
3552 C:\Windows\System32\svchost.exe
5320 C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
5700 C:\Program Files\iPod\bin\iPodService.exe
5144 dllhost.exe
6072 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
5404 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
5820 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
5196 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
4956 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
5172 C:\PROGRA~2\COMMON~1\McAfee\MNA\McNASvc.exe
5232 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
2440 C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
4476 C:\PROGRA~2\INTERN~1\iexplore.exe
4664 C:\PROGRA~2\INTERN~1\iexplore.exe
5580 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
5468 C:\PROGRA~2\INTERN~1\iexplore.exe
856 C:\Windows\System32\taskeng.exe
5104 C:\Windows\System32\audiodg.exe
7104 C:\Windows\System32\SearchProtocolHost.exe
7124 C:\Windows\System32\SearchFilterHost.exe
6704 dllhost.exe
6644 dllhost.exe
692 C:\Users\jan\Desktop\MBRCheck.exe
1100 C:\Windows\System32\conhost.exe
5632 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: ST9500420AS, Rev: 0001TSM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61

Done!

Broni · Nov 17, 2010

Looks good

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

skippysays · Nov 17, 2010

Here is the Extras.txt. Will post the other one next.

OTL Extras logfile created on: 11/16/2010 10:20:03 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\jan\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.15 Gb Total Space | 411.17 Gb Free Space | 90.74% Space Free | Partition Type: NTFS

Computer Name: JAY-PC | User Name: jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel(R) PROSet/Wireless WiFi Software
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Tutorial
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C298FF86-AB23-4B58-AC53-A23383C07B3A}" = Intel® Wireless Display
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}" = Toshiba Book Place
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CentraClient" = Centra Client
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"MSC" = McAfee SecurityCenter
"Veetle TV" = Veetle TV 0.9.18
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/14/2010 4:49:18 PM | Computer Name = Jay-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2574

Error - 11/14/2010 4:49:20 PM | Computer Name = Jay-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/14/2010 4:49:20 PM | Computer Name = Jay-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3869

Error - 11/14/2010 4:49:20 PM | Computer Name = Jay-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3869

Error - 11/14/2010 8:48:15 PM | Computer Name = Jay-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/14/2010 8:48:15 PM | Computer Name = Jay-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1139

Error - 11/14/2010 8:48:15 PM | Computer Name = Jay-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1139

Error - 11/14/2010 8:48:16 PM | Computer Name = Jay-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/14/2010 8:48:16 PM | Computer Name = Jay-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2153

Error - 11/14/2010 8:48:16 PM | Computer Name = Jay-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2153

[ System Events ]
Error - 11/7/2010 12:32:22 PM | Computer Name = Jay-PC | Source = bowser | ID = 8003
Description =

Error - 11/10/2010 1:26:22 AM | Computer Name = Jay-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume TI105957W0C.

Error - 11/10/2010 1:27:40 AM | Computer Name = Jay-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume TI105957W0C.

Error - 11/10/2010 1:27:40 AM | Computer Name = Jay-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume TI105957W0C.

Error - 11/10/2010 1:35:34 AM | Computer Name = Jay-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:29:52 PM on ?11/?9/?2010 was unexpected.

Error - 11/10/2010 1:35:36 AM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7000
Description = The Amsp service failed to start due to the following error: %%3

Error - 11/10/2010 10:16:26 AM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7000
Description = The Amsp service failed to start due to the following error: %%3

Error - 11/10/2010 4:35:34 PM | Computer Name = Jay-PC | Source = bowser | ID = 8003
Description =

Error - 11/12/2010 11:03:43 AM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee Inc. mferkdk service failed to start due to the following
error: %%127

Error - 11/12/2010 12:20:08 PM | Computer Name = Jay-PC | Source = bowser | ID = 8003
Description =

< End of report >

skippysays · Nov 17, 2010

OTL.txt first half. (complete file had too many characters):

OTL logfile created on: 11/16/2010 10:20:03 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\jan\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.15 Gb Total Space | 411.17 Gb Free Space | 90.74% Space Free | Partition Type: NTFS

Computer Name: JAY-PC | User Name: jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/16 22:19:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\jan\Desktop\OTL.exe
PRC - [2010/11/14 20:19:26 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/10/05 09:10:16 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/10 05:58:32 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2010/03/17 13:03:08 | 000,252,728 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
PRC - [2010/03/03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/02/17 14:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/25 15:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2009/10/27 10:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe

========== Modules (SafeList) ==========

MOD - [2010/11/16 22:19:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\jan\Desktop\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/19 18:08:30 | 001,429,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/07/19 17:48:36 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/07/19 17:46:54 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/04/06 14:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/24 12:16:08 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/02/23 17:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/17 15:45:16 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/12/29 12:07:54 | 000,911,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2009/12/29 12:02:46 | 000,404,992 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2009/11/05 22:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/10/21 09:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/10/05 09:10:16 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/03/03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/02/17 14:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/27 10:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/15 14:18:22 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2010/07/14 04:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/06/18 10:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/05/31 12:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010/05/18 16:02:48 | 000,164,464 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/05/08 18:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2010/05/03 14:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/21 11:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/17 15:52:42 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/02/17 15:52:42 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/02/17 15:52:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2010/02/17 15:45:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2010/02/07 18:57:18 | 000,066,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010/02/07 18:57:14 | 000,056,336 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010/02/07 18:57:10 | 000,135,696 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010/02/03 06:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/01/15 12:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/22 21:37:22 | 000,174,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2009/12/22 21:37:16 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2009/12/22 21:37:14 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2009/11/23 03:42:52 | 000,100,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/10/09 19:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/06/29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 10:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSND&bmod=TSND
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msnbc.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: aux - File not found
Drivers32:64bit: aux1 - File not found
Drivers32:64bit: midi - File not found
Drivers32:64bit: midi1 - File not found
Drivers32:64bit: midimapper - File not found
Drivers32:64bit: mixer - File not found
Drivers32:64bit: mixer1 - File not found
Drivers32:64bit: msacm.imaadpcm - File not found
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - File not found
Drivers32:64bit: msacm.msg711 - File not found
Drivers32:64bit: msacm.msgsm610 - File not found
Drivers32:64bit: MSVideo8 - File not found
Drivers32:64bit: vidc.i420 - File not found
Drivers32:64bit: VIDC.IYUV - File not found
Drivers32:64bit: vidc.mrle - File not found
Drivers32:64bit: vidc.msvc - File not found
Drivers32:64bit: VIDC.UYVY - File not found
Drivers32:64bit: VIDC.YUY2 - File not found
Drivers32:64bit: VIDC.YVU9 - File not found
Drivers32:64bit: VIDC.YVYU - File not found
Drivers32:64bit: wave - File not found
Drivers32:64bit: wave1 - File not found
Drivers32:64bit: wavemapper - File not found
Drivers32: aux - wdmaud.drv File not found
Drivers32: aux1 - wdmaud.drv File not found
Drivers32: midi - wdmaud.drv File not found
Drivers32: midi1 - wdmaud.drv File not found
Drivers32: midimapper - midimap.dll File not found
Drivers32: mixer - wdmaud.drv File not found
Drivers32: mixer1 - wdmaud.drv File not found
Drivers32: msacm.imaadpcm - imaadp32.acm File not found
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm File not found
Drivers32: msacm.msg711 - msg711.acm File not found
Drivers32: msacm.msgsm610 - msgsm32.acm File not found
Drivers32: msacm.siren - sirenacm.dll File not found
Drivers32: vidc.cvid - iccvid.dll File not found
Drivers32: vidc.i420 - iyuv_32.dll File not found
Drivers32: vidc.iyuv - iyuv_32.dll File not found
Drivers32: vidc.mrle - msrle32.dll File not found
Drivers32: vidc.msvc - msvidc32.dll File not found
Drivers32: vidc.uyvy - msyuv.dll File not found
Drivers32: vidc.yuy2 - msyuv.dll File not found
Drivers32: vidc.yvu9 - tsbyuv.dll File not found
Drivers32: vidc.yvyu - msyuv.dll File not found
Drivers32: wave - wdmaud.drv File not found
Drivers32: wave1 - wdmaud.drv File not found
Drivers32: wavemapper - msacm32.drv File not found

skippysays · Nov 17, 2010

OTL.txt 2nd half:

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/16 22:19:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\jan\Desktop\OTL.exe
[2010/11/16 20:14:03 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\jan\Desktop\TFC.exe
[2010/11/13 18:54:42 | 006,565,383 | ---- | C] (McAfee Inc.) -- C:\Users\jan\Desktop\stinger10101096.exe
[2010/11/13 17:55:16 | 000,000,000 | ---D | C] -- C:\Users\jan\Roaming
[2010/11/13 17:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2010/11/13 17:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2010/11/13 17:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2010/11/13 17:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2010/11/13 17:53:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/03 20:42:22 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Windows Live Writer
[2010/11/03 20:42:22 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\Windows Live Writer
[2010/11/03 19:27:56 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\Diagnostics
[2010/11/03 18:17:11 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Apple Computer
[2010/11/03 18:17:11 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\Apple Computer
[2010/11/03 18:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/03 18:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/11/03 18:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/03 18:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/11/03 18:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/11/03 18:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/11/03 18:15:27 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\Apple
[2010/11/03 18:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/11/03 18:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/11/03 18:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/11/03 18:14:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/11/03 18:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/11/03 18:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/11/03 10:26:15 | 000,000,000 | ---D | C] -- C:\windows\en
[2010/11/03 10:22:53 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2010/11/03 10:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/11/03 10:18:31 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\Windows Live
[2010/11/03 07:49:23 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Saba
[2010/11/03 07:48:47 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Centra
[2010/11/03 07:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\Centra
[2010/11/01 18:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/11/01 18:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2010/10/31 10:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/31 10:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/31 10:55:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/31 10:54:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/10/31 10:50:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/10/21 06:43:40 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Xyge
[2010/10/21 06:43:40 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Ezcoa
[2010/10/20 16:10:27 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\PunkBuster
[2010/10/19 15:18:42 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\Adobe
[2010/10/18 20:45:12 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Malwarebytes
[2010/10/18 19:00:07 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\Best Buy pc app
[2010/10/18 18:57:43 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\TOSHIBA_Corporation
[2010/10/18 18:49:57 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Macromedia
[2010/10/18 18:48:36 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Adobe
[2010/10/18 14:19:55 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Toshiba
[2010/10/18 14:05:24 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Google
[2010/10/18 14:05:24 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\Google
[2010/10/18 14:04:56 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Intel
[2010/10/18 14:04:56 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\Apps
[2010/10/18 14:04:55 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\Deployment
[2010/10/18 14:04:40 | 000,000,000 | R--D | C] -- C:\Users\jan\Searches
[2010/10/18 14:04:40 | 000,000,000 | -H-D | C] -- C:\Users\jan\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/10/18 14:04:32 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Identities
[2010/10/18 14:04:30 | 000,000,000 | R--D | C] -- C:\Users\jan\Contacts
[2010/10/18 14:04:28 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\VirtualStore
[2010/10/18 14:04:25 | 000,000,000 | --SD | C] -- C:\Users\jan\AppData\Roaming\Microsoft
[2010/10/18 14:04:25 | 000,000,000 | R--D | C] -- C:\Users\jan\Saved Games
[2010/10/18 14:04:25 | 000,000,000 | R--D | C] -- C:\Users\jan\Music
[2010/10/18 14:04:25 | 000,000,000 | R--D | C] -- C:\Users\jan\Links
[2010/10/18 14:04:25 | 000,000,000 | R--D | C] -- C:\Users\jan\Favorites
[2010/10/18 14:04:25 | 000,000,000 | R--D | C] -- C:\Users\jan\Downloads
[2010/10/18 14:04:25 | 000,000,000 | R--D | C] -- C:\Users\jan\My Documents
[2010/10/18 14:04:25 | 000,000,000 | R--D | C] -- C:\Users\jan\Desktop
[2010/10/18 14:04:25 | 000,000,000 | -HSD | C] -- C:\Users\jan\AppData\Local\Temporary Internet Files
[2010/10/18 14:04:25 | 000,000,000 | -HSD | C] -- C:\Users\jan\Templates
[2010/10/18 14:04:25 | 000,000,000 | -HSD | C] -- C:\Users\jan\Start Menu
[2010/10/18 14:04:25 | 000,000,000 | -HSD | C] -- C:\Users\jan\SendTo
[2010/10/18 14:04:25 | 000,000,000 | -HSD | C] -- C:\Users\jan\Recent
[2010/10/18 14:04:25 | 000,000,000 | -HSD | C] -- C:\Users\jan\PrintHood
[2010/10/18 14:04:25 | 000,000,000 | -HSD | C] -- C:\Users\jan\NetHood
[2010/10/18 14:04:25 | 000,000,000 | -HSD | C] -- C:\Users\jan\Documents\My Videos
[2010/10/18 14:04:25 | 000,000,000 | -HSD | C] -- C:\Users\jan\Documents\My Pictures
[2010/10/18 14:04:25 | 000,000,000 | -HSD | C] -- C:\Users\jan\Documents\My Music
[2010/10/18 14:04:25 | 000,000,000 | -HSD | C] -- C:\Users\jan\My Documents
[2010/10/18 14:04:25 | 000,000,000 | -HSD | C] -- C:\Users\jan\Local Settings
[2010/10/18 14:04:25 | 000,000,000 | -HSD | C] -- C:\Users\jan\AppData\Local\History
[2010/10/18 14:04:25 | 000,000,000 | -HSD | C] -- C:\Users\jan\Cookies
[2010/10/18 14:04:25 | 000,000,000 | -HSD | C] -- C:\Users\jan\Application Data
[2010/10/18 14:04:25 | 000,000,000 | -HSD | C] -- C:\Users\jan\AppData\Local\Application Data
[2010/10/18 14:04:25 | 000,000,000 | -H-D | C] -- C:\Users\jan\AppData
[2010/10/18 14:04:25 | 000,000,000 | ---D | C] -- C:\Users\jan\Videos
[2010/10/18 14:04:25 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\Temp
[2010/10/18 14:04:25 | 000,000,000 | ---D | C] -- C:\Users\jan\Pictures
[2010/10/18 14:04:25 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Local\Microsoft
[2010/10/18 14:04:25 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Media Center Programs
[2010/10/18 13:51:06 | 000,040,904 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mferkdk.sys
[2010/10/18 13:51:05 | 000,308,296 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfehidk.sys
[2010/10/18 13:51:05 | 000,102,472 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfeavfk.sys
[2010/10/18 13:51:05 | 000,049,480 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfesmfk.sys
[2010/10/18 13:51:04 | 000,176,144 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\Mpfp.sys
[2010/10/18 13:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2010/10/18 13:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/10/18 13:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2010/10/18 13:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/10/18 13:50:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2010/10/18 13:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/10/18 13:11:22 | 000,000,000 | ---D | C] -- C:\hold

========== Files - Modified Within 30 Days ==========

[2010/11/16 22:19:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\jan\Desktop\OTL.exe
[2010/11/16 22:03:58 | 000,080,384 | ---- | M] () -- C:\Users\jan\Desktop\MBRCheck.exe
[2010/11/16 22:02:32 | 000,015,851 | ---- | M] () -- C:\windows\SysNative\Config.MPF
[2010/11/16 22:02:03 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/16 22:02:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/11/16 21:10:05 | 000,630,272 | ---- | M] () -- C:\Users\jan\Desktop\dds.scr
[2010/11/16 20:24:14 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/16 20:24:14 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/16 20:21:34 | 000,728,568 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2010/11/16 20:21:34 | 000,626,354 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2010/11/16 20:21:34 | 000,107,184 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2010/11/16 20:21:06 | 000,296,448 | ---- | M] () -- C:\Users\jan\Desktop\5z0v0vus.exe
[2010/11/16 20:16:52 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/16 20:16:44 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/16 20:14:09 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\jan\Desktop\TFC.exe
[2010/11/15 07:49:17 | 000,000,336 | ---- | M] () -- C:\windows\tasks\McDefragTask.job
[2010/11/13 19:39:01 | 000,000,017 | ---- | M] () -- C:\Users\jan\Desktop\stinger10101096.opt
[2010/11/13 18:54:47 | 006,565,383 | ---- | M] (McAfee Inc.) -- C:\Users\jan\Desktop\stinger10101096.exe
[2010/11/13 17:34:50 | 000,000,436 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics
[2010/11/12 12:18:14 | 000,033,647 | ---- | M] () -- C:\Users\jan\Documents\Woodworkers Source Invoice.htm
[2010/11/03 18:49:56 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/11/03 18:17:04 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/03 18:15:55 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/11/03 10:13:23 | 000,188,958 | ---- | M] () -- C:\Users\jan\Documents\Abba American Funds 401K.pdf
[2010/11/01 06:57:08 | 000,000,328 | ---- | M] () -- C:\windows\tasks\McQcTask.job
[2010/10/31 10:50:36 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/21 17:46:20 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/10/21 17:42:09 | 000,103,736 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe
[2010/10/21 06:43:50 | 000,000,176 | ---- | M] () -- C:\Users\jan\AppData\Roaming\42917.bat
[2010/10/21 06:43:33 | 000,000,178 | ---- | M] () -- C:\Users\jan\AppData\Roaming\16311.bat
[2010/10/18 14:05:23 | 000,001,444 | ---- | M] () -- C:\Users\jan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/18 13:48:25 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2010/11/16 22:03:52 | 000,080,384 | ---- | C] () -- C:\Users\jan\Desktop\MBRCheck.exe
[2010/11/16 21:09:58 | 000,630,272 | ---- | C] () -- C:\Users\jan\Desktop\dds.scr
[2010/11/16 20:21:02 | 000,296,448 | ---- | C] () -- C:\Users\jan\Desktop\5z0v0vus.exe
[2010/11/13 19:39:01 | 000,000,017 | ---- | C] () -- C:\Users\jan\Desktop\stinger10101096.opt
[2010/11/12 12:18:13 | 000,033,647 | ---- | C] () -- C:\Users\jan\Documents\Woodworkers Source Invoice.htm
[2010/11/03 18:17:04 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/03 18:15:55 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/11/03 10:13:23 | 000,188,958 | ---- | C] () -- C:\Users\jan\Documents\Abba American Funds 401K.pdf
[2010/11/01 18:39:50 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/31 10:50:36 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/21 17:46:20 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/10/21 06:43:50 | 000,000,176 | ---- | C] () -- C:\Users\jan\AppData\Roaming\42917.bat
[2010/10/21 06:43:33 | 000,000,178 | ---- | C] () -- C:\Users\jan\AppData\Roaming\16311.bat
[2010/10/18 14:05:23 | 000,001,444 | ---- | C] () -- C:\Users\jan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/18 14:04:25 | 000,000,290 | ---- | C] () -- C:\Users\jan\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/10/18 14:04:25 | 000,000,272 | ---- | C] () -- C:\Users\jan\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/10/18 13:53:21 | 000,015,851 | ---- | C] () -- C:\windows\SysNative\Config.MPF
[2010/10/18 13:50:58 | 000,000,336 | ---- | C] () -- C:\windows\tasks\McDefragTask.job
[2010/10/18 13:50:55 | 000,000,328 | ---- | C] () -- C:\windows\tasks\McQcTask.job
[2010/10/18 13:48:25 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/03 20:27:57 | 000,000,331 | ---- | C] () -- C:\windows\game.ini
[2010/04/21 10:22:50 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/04/21 10:22:50 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/04/28 04:37:00 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll

========== LOP Check ==========

[2010/11/03 08:03:03 | 000,000,000 | ---D | M] -- C:\Users\jan\AppData\Roaming\Centra
[2010/10/21 06:43:43 | 000,000,000 | ---D | M] -- C:\Users\jan\AppData\Roaming\Ezcoa
[2010/11/03 07:49:23 | 000,000,000 | ---D | M] -- C:\Users\jan\AppData\Roaming\Saba
[2010/10/18 14:19:55 | 000,000,000 | ---D | M] -- C:\Users\jan\AppData\Roaming\Toshiba
[2010/11/03 20:42:22 | 000,000,000 | ---D | M] -- C:\Users\jan\AppData\Roaming\Windows Live Writer
[2010/11/06 08:51:01 | 000,000,000 | ---D | M] -- C:\Users\jan\AppData\Roaming\Xyge
[2010/11/15 07:49:17 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/11/01 06:57:08 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/07/13 22:08:49 | 000,012,732 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/07/13 18:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/07/29 18:55:17 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/11/16 20:16:44 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/16 20:16:45 | 4079,665,152 | -HS- | M] () -- C:\pagefile.sys
[2010/11/15 13:15:51 | 000,065,450 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_15.11.2010_13.15.28_log.txt
[2010/11/15 13:16:57 | 000,065,450 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_15.11.2010_13.16.21_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/22 23:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/10/18 14:05:23 | 000,000,221 | -HS- | M] () -- C:\Users\jan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/11/16 20:21:06 | 000,296,448 | ---- | M] () -- C:\Users\jan\Desktop\5z0v0vus.exe
[2010/11/16 22:03:58 | 000,080,384 | ---- | M] () -- C:\Users\jan\Desktop\MBRCheck.exe
[2010/11/16 22:19:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\jan\Desktop\OTL.exe
[2010/11/13 18:54:47 | 006,565,383 | ---- | M] (McAfee Inc.) -- C:\Users\jan\Desktop\stinger10101096.exe
[2010/11/16 20:14:09 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\jan\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/10/18 14:04:46 | 000,000,402 | -HS- | M] () -- C:\Users\jan\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

Broni · Nov 17, 2010

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
O4:64bit: - HKLM..\Run: [] File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
How is redirection now?

skippysays · Nov 17, 2010

Here's the log. So far it seems better. was able to get to that site and not go into an endless loop!

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: jan
->Temp folder emptied: 537604 bytes
->Temporary Internet Files folder emptied: 17973581 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 723 bytes

User: Jay

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 310715 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 18.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: jan
->Flash cache emptied: 0 bytes

User: Jay

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11162010_225734

Files\Folders moved on Reboot...
C:\Users\jan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\jan\AppData\Local\Temp\~DF138CA58A15A74462.TMP not found!
File\Folder C:\Users\jan\AppData\Local\Temp\~DF687A8823F5125EDB.TMP not found!
File\Folder C:\Users\jan\AppData\Local\Temp\~DF91AA763C80E964FC.TMP not found!
File\Folder C:\Users\jan\AppData\Local\Temp\~DFA69909927D6519B7.TMP not found!
File\Folder C:\Users\jan\AppData\Local\Temp\~DFEAB454DBEF360818.TMP not found!
File\Folder C:\Users\jan\AppData\Local\Temp\~DFEB6730B5DE05B99D.TMP not found!
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRCMH2UD\01[1].htm moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRCMH2UD\01[2].htm moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRCMH2UD\crosspixel-dest[1].htm moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRCMH2UD\data_sync[1].htm moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRCMH2UD\data_sync[2].htm moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRCMH2UD\sh27[1].html moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXCGCHXD\180x150s[1].htm moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXCGCHXD\180x150s[2].htm moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXCGCHXD\2384521723[1].htm moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXCGCHXD\iframe3[1].htm moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXCGCHXD\iframe3[2].htm moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXCGCHXD\iframe3[3].htm moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXCGCHXD\iframe3[4].htm moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXCGCHXD\st[1] moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXCGCHXD\st[2] moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXCGCHXD\st[3] moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LXCGCHXD\st[4] moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FMMG4UZR\data_sync[1].htm moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FMMG4UZR\st[1] moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FMMG4UZR\welcome[2].htm moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0J3SMRUP\aceUAC[1].htm moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0J3SMRUP\iframe3[1].htm moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0J3SMRUP\iframe3[2].htm moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0J3SMRUP\md[1].htm moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0J3SMRUP\st[1] moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0J3SMRUP\topic156709[1].html moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\windows\temp\mcafee_rofUKDfPXFjZPfa not found!
File\Folder C:\windows\temp\mcmsc_03zvwe0wN2ypqeL not found!
File\Folder C:\windows\temp\mcmsc_AFJAB6hibwIh366 not found!
File\Folder C:\windows\temp\mcmsc_c3sdgprxbVl3gtK not found!
File\Folder C:\windows\temp\mcmsc_Qk5Y1QOfbbaXBqK not found!

Registry entries deleted on Reboot...

Broni · Nov 17, 2010

Very good

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

skippysays · Nov 17, 2010

Ran TFC and ESET online scanner - reported no infected files.
I can't download SecurityCheck.exe. McAfee reports it as a Trojan Generic.dx!ujs

Broni · Nov 17, 2010

Disable McAfee and download it.

skippysays · Nov 18, 2010

Got SecurityCheck.exe downloaded and ran it, but once done the window closes and I can't find a file called checkup.txt

Broni · Nov 18, 2010

Re-run it. Make sure McAfee is disabled.

skippysays · Nov 18, 2010

Same thing - window disappears after it runs with no log saved that I can find. Had to uninstall McAfee rather than disable cause it was giving me a blank screen when I open it up to disable - not sure why, this is the first time I've seen this. Downloaded SecrutiyCheck program twice, ran it several times. Still no log saved.

Broni · Nov 18, 2010

Go ahead with next steps.

skippysays · Nov 18, 2010

TFC ran and computer rebooted. Also ran ESET online scanner - it found no threats so no log produced. Have been doing a lot of internet surfing today and no unusual behavior or redirects have been happening. (BTW Windows 7 is not compatible w/IE9 beta for now, that's what was causing the blank Mcafee window).

Broni · Nov 18, 2010

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

skippysays · Nov 18, 2010

final log attached. Thank you so much for your help. I thought this brand new laptop was a goner.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: jan
->Temp folder emptied: 791738 bytes
->Temporary Internet Files folder emptied: 22047992 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 793 bytes

User: Jay

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 71927 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 22.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: jan
->Flash cache emptied: 0 bytes

User: Jay

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.17.3 log created on 11182010_213649

Files\Folders moved on Reboot...
C:\Users\jan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\jan\AppData\Local\Temp\~DF1B269A30F7D48720.TMP not found!
File\Folder C:\Users\jan\AppData\Local\Temp\~DF4CD03553E5DB4A44.TMP not found!
File\Folder C:\Users\jan\AppData\Local\Temp\~DF699C06624974FA01.TMP not found!
File\Folder C:\Users\jan\AppData\Local\Temp\~DF7F322E90850EB677.TMP not found!
File\Folder C:\Users\jan\AppData\Local\Temp\~DF950D7902BD4D5DC7.TMP not found!
File\Folder C:\Users\jan\AppData\Local\Temp\~DFB13C8E4266AD961D.TMP not found!
File\Folder C:\Users\jan\AppData\Local\Temp\~DFBDA1F93AB98D9D25.TMP not found!
File\Folder C:\Users\jan\AppData\Local\Temp\~DFC1894B3E331933D5.TMP not found!
File\Folder C:\Users\jan\AppData\Local\Temp\~DFDE3A57F8B9C70DC2.TMP not found!
File\Folder C:\Users\jan\AppData\Local\Temp\~DFE79F91E4B828D5C5.TMP not found!
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F3CT6JWT\crosspixel-dest[1].htm moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F2ZGS07C\topic156709[2].html moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C6ARZM1D\sh28[1].htm moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\windows\temp\mcafee_55KDJzq9lpcBEPr not found!
File\Folder C:\windows\temp\mcmsc_2Xb4hEQKKrWNl2Y not found!
File\Folder C:\windows\temp\mcmsc_dL4fwYALDZK4Tcj not found!
File\Folder C:\windows\temp\mcmsc_ifxfDHjcckWT86g not found!
File\Folder C:\windows\temp\mcmsc_t58ImefFXqkWzde not found!

Registry entries deleted on Reboot...

Broni · Nov 18, 2010

Way to go!!
Good luck and stay safe

TechSpot

[Solved] Laptop redirects and some sites go into a loop then lock up

skippysays Newcomer, in training

Broni Malware Annihilator

skippysays Newcomer, in training

Broni Malware Annihilator

skippysays Newcomer, in training

skippysays Newcomer, in training

skippysays Newcomer, in training

Broni Malware Annihilator

skippysays Newcomer, in training

Broni Malware Annihilator

skippysays Newcomer, in training

Broni Malware Annihilator

skippysays Newcomer, in training

Broni Malware Annihilator

skippysays Newcomer, in training

Broni Malware Annihilator

skippysays Newcomer, in training

Broni Malware Annihilator

skippysays Newcomer, in training

Broni Malware Annihilator