TechSpot

Stubborn Google redirect virus

Solved
By jeffh301
Sep 9, 2011
  1. Hi I am new here. It looks like I am one of the many people who have been infected with the google redirect virus/malware. I have tried almost everything to get rid of te virus to no avail. I checked the Lan settings and dns settings, but these looked fine. I found unusual text in the windows host file and deleted that, but the problem was not fixed. I also downloaded rkill and tdss killer, but these did nothing. I then downloaded around six other malware programs. These found some things that my antivirus did not, but I still have the same problem.

    Jeff Henderson
  2. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. jeffh301

    jeffh301 TS Rookie Topic Starter

    Log Files

    I followed all of the instructions. I did have trouble disabling Spybot:Teatimer during the GMER scan as it said that I do not have administrator priviledges to make those changes (even though I was logged on as the administrator). My log files are pasted below:



    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7707

    Windows 6.0.6000
    Internet Explorer 7.0.6000.17037

    9/12/2011 9:58:32 PM
    mbam-log-2011-09-12 (21-58-32).txt

    Scan type: Quick scan
    Objects scanned: 177075
    Time elapsed: 8 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-09-12 22:46:03
    Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541616J9SA00 rev.SB4OC7DP
    Running: w8nbom0w.exe; Driver: C:\Users\Nida\AppData\Local\Temp\pwldqpow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6000.17037
    Run by Nida at 23:06:04 on 2011-09-12
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1013.311 [GMT -7:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe
    C:\Toshiba\IVP\ISM\pinger.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\ShadowExplorer\sesvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    c:\Toshiba\IVP\swupdate\swupdtmr.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe
    C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\system32\UI0Detect.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
    mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\5.1.0.29\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\5.1.0.29\ips\IPSBHO.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6261\SiteAdv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\5.1.0.29\coIEPlg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [TOSCDSPD] TOSCDSPD.EXE
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun: [SiteAdvisor] "c:\program files\siteadvisor\6261\SiteAdv.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\users\nida\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{5CF63800-A8B9-4061-BFD6-E01C4FF176F2} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    TCP: Interfaces\{AFDB5A4C-C0BE-4C6D-AAA5-22EE689DA374} : DhcpNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-6-11 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-6-11 744568]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20110901.001\BHDrvx86.sys [2011-9-1 815736]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20110912.030\IDSvix86.sys [2011-9-12 368248]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-6-11 136312]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2011-6-11 331384]
    R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-8-26 3029208]
    R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\5.1.0.29\ccSvcHst.exe [2011-6-11 130008]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-8-26 1153368]
    R2 sesvc;ShadowExplorer Service;c:\program files\shadowexplorer\sesvc.exe [2010-11-5 9216]
    R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-8-26 73728]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-10 105592]
    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-2-28 7168]
    R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-8-25 23624]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-2-28 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
    .
    =============== Created Last 30 ================
    .
    2011-09-13 04:47:51 -------- d-----w- c:\users\nida\appdata\roaming\Malwarebytes
    2011-09-13 04:47:29 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-13 04:47:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-13 04:47:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-27 18:27:22 -------- d-----w- c:\users\nida\appdata\roaming\Systweak
    2011-08-27 18:27:16 17280 ----a-w- c:\windows\system32\roboot.exe
    2011-08-26 22:15:55 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2011-08-26 20:18:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-08-26 20:18:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-08-26 06:30:08 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-08-26 06:30:04 -------- d-----w- c:\program files\Hitman Pro 3.5
    2011-08-26 06:28:49 -------- d-----w- c:\programdata\Hitman Pro
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 23:07:40.13 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/24/2007 1:36:26 AM
    System Uptime: 9/8/2011 2:44:08 PM (105 hours ago)
    .
    Motherboard: Intel Corporation | | CAPELL VALLEY(NAPA) CRB
    Processor: Intel(R) Core(TM)2 CPU T5300 @ 1.73GHz | U2E1 | 800/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 148 GiB total, 107.001 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Reader 7.0
    Adobe Shockwave Player
    AnswerWorks 4.0 Runtime - English
    AnswerWorks 5.0 English Runtime
    AutoUpdate
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Blasterball 3
    Bluetooth Stack for Windows by Toshiba
    Camera Assistant Software for Toshiba
    CD/DVD Drive Acoustic Silencer
    Chuzzle Deluxe
    Coupon Printer for Windows
    Desktop Dialer
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    DVD MovieFactory for TOSHIBA
    EA.com Matchup
    Emsisoft Anti-Malware 5.1
    EuroTalk Talk Now Plus!
    FATE
    FIFA 2002
    FLV Player 2.0, build 23
    Google Desktop
    Google Toolbar for Internet Explorer
    Google Update Helper
    GSpot Codec Information Appliance
    Hitman Pro 3.5
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    Internet Offers
    Java(TM) SE Runtime Environment 6
    JEOPARDY
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Marvell Miniport Driver
    Microsoft .NET Framework 3.5 SP1
    Microsoft Combat Flight Simulator 3.1
    Microsoft Money Essentials
    Microsoft Money Shared Libraries
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Works
    Microsoft XML Parser
    Move Media Player
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NHL 2000
    Norton 360 Premier Edition
    Penguins!
    Polar Bowler
    Polar Golfer
    Product Key Explorer 1.9.6
    Quicken 2007
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.0
    SCRABBLE
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Media Encoder (KB954156)
    ShadowExplorer 0.7
    Spybot - Search & Destroy
    Symantec Technical Support Web Controls
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Game Console
    TOSHIBA Hardware Setup
    TOSHIBA Media Center Game Console
    Toshiba Registration
    TOSHIBA SD Memory Utilities
    TOSHIBA Software Modem
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TurboTax 2008
    TurboTax 2008 wcaiper
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wrapper
    TurboTax 2009
    TurboTax 2009 wcaiper
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    TurboTax 2010
    TurboTax 2010 wcaiper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TurboTax Home & Business 2007
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Outlook 2007 Junk Email Filter (KB2586924)
    Windows Media Encoder 9 Series
    WinDVD for TOSHIBA
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/9/2011 1:47:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
    9/8/2011 9:17:59 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.11 for the Network Card with network address 0019D28F33F1 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    9/11/2011 2:18:32 PM, Error: yukonwlh [101] - Driver has encountered an internal error
    .
    ==== End Of File ===========================
  4. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  5. jeffh301

    jeffh301 TS Rookie Topic Starter

    Update

    I might need some more time. I will try to post my new logs later today, if not today then tomorrow.
  6. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    No problem :)
  7. jeffh301

    jeffh301 TS Rookie Topic Starter

    Script Blocking

    I followed the instructions from your link on how to disable firewall and antivirus, but script blocking is more difficult. I have Norton 360. I cannot find a way to turn off the script blocking. Does 360 have that under the firewall or the auto protect (which I am able to disable)? would spybot have script blocking too?
  8. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Don't worry about it and go ahead...
  9. jeffh301

    jeffh301 TS Rookie Topic Starter

    Logs for AVAST and Combofix

    I checked google after running both AVAST and Combofix, and it now seems to be working properly now. Where did it find the bug hiding at? Am I officially clean or could it still be hiding elsewhere?




    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-17 16:28:15
    -----------------------------
    16:28:15.014 OS Version: Windows 6.0.6000
    16:28:15.014 Number of processors: 2 586 0xF02
    16:28:15.014 ComputerName: NIDA-PC UserName: Nida
    16:28:21.222 Initialize success
    16:33:12.891 AVAST engine defs: 11091701
    16:34:21.827 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    16:34:21.827 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC7DP Size: 152627MB BusType: 3
    16:34:23.871 Disk 0 MBR read successfully
    16:34:23.871 Disk 0 MBR scan
    16:34:23.917 Disk 0 Windows VISTA default MBR code
    16:34:23.933 Disk 0 scanning sectors +312573952
    16:34:24.011 Disk 0 scanning C:\Windows\system32\drivers
    16:34:36.522 Service scanning
    16:34:39.268 Modules scanning
    16:34:49.564 Disk 0 trace - called modules:
    16:34:49.595 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
    16:34:49.611 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84062278]
    16:34:49.611 3 ntoskrnl.exe[820a80af] -> nt!IofCallDriver -> [0x836704a8]
    16:34:49.657 5 acpi.sys[8047632a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83670bb0]
    16:34:51.171 AVAST engine scan C:\Windows
    16:34:55.929 AVAST engine scan C:\Windows\system32
    16:38:08.355 AVAST engine scan C:\Windows\system32\drivers
    16:38:21.942 AVAST engine scan C:\Users\Nida
    16:39:33.343 Disk 0 MBR has been saved successfully to "C:\Users\Nida\Desktop\MBR.dat"
    16:39:33.421 The log file has been saved successfully to "C:\Users\Nida\Desktop\aswMBR.txt"






    ComboFix 11-09-17.03 - Nida 09/17/2011 18:23:58.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1013.177 [GMT -7:00]
    Running from: c:\users\Nida\Desktop\ComboFix.exe
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-18 to 2011-09-18 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-18 01:44 . 2011-09-18 01:44 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-09-18 01:44 . 2011-09-18 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-09-13 04:47 . 2011-09-13 04:47 -------- d-----w- c:\users\Nida\AppData\Roaming\Malwarebytes
    2011-09-13 04:47 . 2011-09-13 04:47 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-13 04:47 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-13 04:47 . 2011-09-13 04:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-27 18:27 . 2011-09-13 04:38 -------- d-----w- c:\users\Nida\AppData\Roaming\Systweak
    2011-08-27 18:27 . 2011-07-07 20:26 17280 ----a-w- c:\windows\system32\roboot.exe
    2011-08-26 22:15 . 2011-08-27 05:25 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2011-08-26 20:18 . 2011-08-26 21:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-08-26 20:18 . 2011-08-26 20:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-08-26 06:30 . 2011-09-17 23:25 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-08-26 06:30 . 2011-08-26 06:30 -------- d-----w- c:\program files\Hitman Pro 3.5
    2011-08-26 06:28 . 2011-08-26 06:28 -------- d-----w- c:\programdata\Hitman Pro
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-08 39408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-31 131072]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-31 151552]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-31 126976]
    "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-02-07 4374528]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 835584]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-08 30192]
    "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
    "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
    "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
    "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
    "SiteAdvisor"="c:\program files\SiteAdvisor\6261\SiteAdv.exe" [2006-10-18 35928]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-31 202256]
    .
    c:\users\Nida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R1 MpKsla8ba872b;MpKsla8ba872b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72C811D5-883B-46CD-992E-079420A0FB67}\MpKsla8ba872b.sys [x]
    R1 MpKslc3b4ee22;MpKslc3b4ee22;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC427075-01D2-4441-AC73-0B51A4F79F5E}\MpKslc3b4ee22.sys [x]
    R1 MpKslff9cd34b;MpKslff9cd34b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFC0415F-1CC0-44BA-921E-C507EC393822}\MpKslff9cd34b.sys [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-08 30192]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
    R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SYMDS.SYS [2011-01-27 340088]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS [2011-03-15 744568]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110909.001\BHDrvx86.sys [2011-09-09 816760]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110914.031\IDSvix86.sys [2011-08-23 368248]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.SYS [2011-01-27 136312]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS [2011-03-22 331384]
    S2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-06-30 3029208]
    S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 sesvc;ShadowExplorer Service;c:\program files\ShadowExplorer\sesvc.exe [2010-01-23 9216]
    S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-02-21 73728]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-31 105592]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *Deregistered* - aswMBR
    *Deregistered* - hitmanpro35
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 03:42]
    .
    2011-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 03:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
    AddRemove-Product Key Explorer_is1 - c:\program files\Nsasoft\ProductKeyExplorer\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-17 18:44
    Windows 6.0.6000 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2011-09-17 18:52:13
    ComboFix-quarantined-files.txt 2011-09-18 01:52
    .
    Pre-Run: 114,875,011,072 bytes free
    Post-Run: 114,925,817,856 bytes free
    .
    - - End Of File - - F118181F74E6FFA834345A1764E4123C
  10. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Good news :)

    Combofix must have fixed something, but it doesn't show in its log what.

    In any case we'll run couple more scans just to make sure...

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  11. jeffh301

    jeffh301 TS Rookie Topic Starter

    OTL log file 1

    Here is the log file OTL.


    OTL logfile created on: 9/18/2011 10:13:55 AM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Nida\Desktop
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.17037)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1013.44 Mb Total Physical Memory | 236.03 Mb Available Physical Memory | 23.29% Memory free
    2.22 Gb Paging File | 1.08 Gb Available in Paging File | 48.69% Paging File free
    Paging file location(s): ?:\pagefile.sys

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 147.58 Gb Total Space | 107.06 Gb Free Space | 72.54% Space Free | Partition Type: NTFS

    Computer Name: NIDA-PC | User Name: Nida | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/09/18 10:11:13 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Nida\Desktop\OTL.exe
    PRC - [2011/06/30 09:50:40 | 003,029,208 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe
    PRC - [2010/08/30 17:37:53 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/01/23 15:18:54 | 000,009,216 | ---- | M] (www.shadowexplorer.com) -- C:\Program Files\ShadowExplorer\sesvc.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2007/02/06 18:50:08 | 004,374,528 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007/02/02 15:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    PRC - [2007/02/02 14:07:14 | 000,192,512 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    PRC - [2007/01/25 18:50:26 | 000,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
    PRC - [2007/01/25 18:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
    PRC - [2007/01/17 14:46:32 | 000,534,648 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    PRC - [2006/12/20 00:16:44 | 000,411,768 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    PRC - [2006/12/20 00:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    PRC - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
    PRC - [2006/11/10 15:22:26 | 000,417,792 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
    PRC - [2006/10/18 09:14:58 | 000,035,928 | ---- | M] (McAfee, Inc.) -- C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    PRC - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
    PRC - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2009/10/17 09:44:17 | 000,499,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\20a9591261b53cc4c2a5fea59c6aa062\TCrdMain.ni.exe
    MOD - [2009/10/17 08:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll
    MOD - [2009/10/17 08:42:45 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll
    MOD - [2009/10/17 08:42:14 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a122c56b60812fb5cbc2e941d4875a87\PresentationFramework.Aero.ni.dll
    MOD - [2009/10/17 08:42:12 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\29eb51a21ce62ed759b162307bd65e32\PresentationFramework.ni.dll
    MOD - [2009/10/17 08:41:32 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\dc8dccca85718096c895b74094e09e5a\PresentationCore.ni.dll
    MOD - [2009/10/17 08:41:12 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c049bc39cb33f7459936a689484285d6\WindowsBase.ni.dll
    MOD - [2009/10/17 08:41:04 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll
    MOD - [2009/10/17 08:39:49 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll
    MOD - [2008/05/21 22:00:51 | 000,011,552 | ---- | M] () -- C:\Program Files\SiteAdvisor\6261\saHook.dll
    MOD - [2008/05/16 09:49:40 | 000,927,008 | ---- | M] () -- C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    MOD - [2007/01/31 15:39:28 | 000,180,224 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
    MOD - [2006/12/01 19:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\TBS\NotifyTBS.dll
    MOD - [2006/11/09 19:27:06 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
    MOD - [2006/11/08 19:08:30 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
    MOD - [2006/10/20 14:49:22 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\ConfigFree\NotifyCFF.dll
    MOD - [2006/10/10 12:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
    MOD - [2006/10/07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/06/30 09:50:40 | 003,029,208 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
    SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
    SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2010/01/23 15:18:54 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Program Files\ShadowExplorer\sesvc.exe -- (sesvc)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
    SRV - [2007/02/02 15:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2007/01/25 18:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
    SRV - [2007/01/25 18:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
    SRV - [2006/12/20 00:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2006/11/14 21:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
    SRV - [2006/11/02 05:34:32 | 000,263,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
    SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/09/09 10:44:06 | 000,816,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110909.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2011/08/23 00:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110914.031\IDSvix86.sys -- (IDSVix86)
    DRV - [2011/08/04 15:02:45 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110914.025\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/08/04 15:02:44 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110914.025\NAVENG.SYS -- (NAVENG)
    DRV - [2011/07/31 12:32:13 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/07/31 12:32:12 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/06/11 10:06:25 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/03/30 20:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
    DRV - [2011/03/30 20:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2011/03/21 17:39:49 | 000,331,384 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
    DRV - [2011/03/14 19:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
    DRV - [2011/02/20 21:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
    DRV - [2011/01/26 23:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
    DRV - [2011/01/26 22:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
    DRV - [2007/09/26 14:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
    DRV - [2007/01/26 17:13:40 | 000,017,712 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV - [2007/01/24 15:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
    DRV - [2007/01/03 01:43:19 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
    DRV - [2007/01/03 01:43:19 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
    DRV - [2007/01/03 01:43:18 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
    DRV - [2006/12/19 09:12:22 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/19 23:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
    DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2006/10/05 23:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-221321858-1353212307-1756496715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-221321858-1353212307-1756496715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-221321858-1353212307-1756496715-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Nida\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/08/26 10:01:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_1_3 [2011/09/17 16:09:00 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6261\FF\ [2008/05/21 22:00:58 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Nida\AppData\Roaming\Move Networks [2010/03/03 19:32:35 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2011/08/26 12:08:45 | 000,000,732 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
    O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6261\SiteAdv.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKU\S-1-5-21-221321858-1353212307-1756496715-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-221321858-1353212307-1756496715-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-221321858-1353212307-1756496715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O15 - HKU\S-1-5-21-221321858-1353212307-1756496715-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKU\S-1-5-21-221321858-1353212307-1756496715-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-221321858-1353212307-1756496715-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CF63800-A8B9-4061-BFD6-E01C4FF176F2}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFDB5A4C-C0BE-4C6D-AAA5-22EE689DA374}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Nida\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper:
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/18 10:11:09 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Nida\Desktop\OTL.exe
    [2011/09/17 18:53:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/09/17 18:19:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/09/17 18:19:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/09/17 18:19:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/09/17 18:19:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/09/17 18:19:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/09/17 18:19:26 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/09/17 18:19:14 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/09/17 17:17:51 | 004,214,248 | R--- | C] (Swearware) -- C:\Users\Nida\Desktop\ComboFix.exe
    [2011/09/17 16:25:28 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Nida\Desktop\aswMBR.exe
    [2011/09/15 03:12:02 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/09/12 22:53:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Nida\Desktop\dds.scr
    [2011/09/12 21:47:51 | 000,000,000 | ---D | C] -- C:\Users\Nida\AppData\Roaming\Malwarebytes
    [2011/09/12 21:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/09/12 21:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/09/12 21:47:25 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/09/12 21:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/09/12 21:45:16 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nida\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/08/27 11:27:22 | 000,000,000 | ---D | C] -- C:\Users\Nida\AppData\Roaming\Systweak
    [2011/08/27 11:27:16 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
    [2011/08/26 15:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
    [2011/08/26 15:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
    [2011/08/26 15:15:55 | 000,000,000 | ---D | C] -- C:\Users\Nida\Documents\Anti-Malware
    [2011/08/26 13:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2011/08/26 13:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/08/26 13:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/08/26 12:49:39 | 000,000,000 | ---D | C] -- C:\Users\Nida\Desktop\av soft
    [2011/08/25 23:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
    [2011/08/25 23:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
    [2011/08/25 23:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\Nida\Desktop\*.tmp files -> C:\Users\Nida\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/09/18 10:11:13 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Nida\Desktop\OTL.exe
    [2011/09/18 10:06:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/09/18 10:06:14 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/09/18 10:06:13 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/09/17 17:17:56 | 004,214,248 | R--- | M] (Swearware) -- C:\Users\Nida\Desktop\ComboFix.exe
    [2011/09/17 16:42:27 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/09/17 16:39:33 | 000,000,512 | ---- | M] () -- C:\Users\Nida\Desktop\MBR.dat
    [2011/09/17 16:25:31 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Nida\Desktop\aswMBR.exe
    [2011/09/17 16:25:08 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2011/09/17 16:06:56 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/09/17 16:06:19 | 1063,313,408 | -HS- | M] () -- C:\hiberfil.sys
    [2011/09/12 22:53:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Nida\Desktop\dds.scr
    [2011/09/12 22:39:13 | 000,001,120 | ---- | M] () -- C:\Users\Nida\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/09/12 22:39:12 | 000,001,096 | ---- | M] () -- C:\Users\Nida\Desktop\Spybot - Search & Destroy.lnk
    [2011/09/12 22:08:18 | 000,302,592 | ---- | M] () -- C:\Users\Nida\Desktop\w8nbom0w.exe
    [2011/09/12 21:47:34 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/09/12 21:45:22 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nida\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/09/08 09:34:23 | 000,049,152 | ---- | M] () -- C:\Users\Nida\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/09/08 09:23:15 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/09/08 09:23:15 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/08/26 15:17:07 | 000,000,923 | ---- | M] () -- C:\Users\Nida\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\Nida\Desktop\*.tmp files -> C:\Users\Nida\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/09/17 18:19:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/09/17 18:19:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/09/17 18:19:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/09/17 18:19:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/09/17 18:19:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/09/17 16:39:33 | 000,000,512 | ---- | C] () -- C:\Users\Nida\Desktop\MBR.dat
    [2011/09/12 22:08:14 | 000,302,592 | ---- | C] () -- C:\Users\Nida\Desktop\w8nbom0w.exe
    [2011/09/12 21:47:34 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/08/26 22:24:59 | 1063,313,408 | -HS- | C] () -- C:\hiberfil.sys
    [2011/08/26 15:17:04 | 000,000,923 | ---- | C] () -- C:\Users\Nida\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
    [2011/08/26 13:19:11 | 000,001,120 | ---- | C] () -- C:\Users\Nida\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/08/26 13:19:10 | 000,001,096 | ---- | C] () -- C:\Users\Nida\Desktop\Spybot - Search & Destroy.lnk
    [2011/08/25 23:30:08 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2010/10/14 20:41:51 | 000,001,940 | ---- | C] () -- C:\Users\Nida\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2008/03/14 17:58:17 | 000,000,680 | ---- | C] () -- C:\Users\Nida\AppData\Local\d3d9caps.dat
    [2008/02/01 17:22:21 | 000,000,483 | ---- | C] () -- C:\Windows\eReg.dat
    [2007/10/19 17:56:16 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2007/10/18 19:48:41 | 000,000,147 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2007/10/18 02:02:34 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
    [2007/06/06 21:06:02 | 000,000,279 | ---- | C] () -- C:\Windows\EReg072.dat
    [2007/04/26 20:18:11 | 000,049,152 | ---- | C] () -- C:\Users\Nida\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/03/24 01:49:37 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
    [2007/03/24 01:49:37 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
    [2007/03/24 01:49:37 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
    [2007/03/24 01:49:37 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
    [2007/03/02 12:01:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
    [2007/03/02 12:01:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
    [2007/03/02 12:01:08 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
    [2007/03/02 12:01:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
    [2007/03/02 12:01:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
    [2007/03/02 12:01:08 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
    [2007/02/28 13:47:07 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
    [2007/02/28 12:50:50 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
    [2007/02/28 12:50:50 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
    [2007/01/31 17:03:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1187.dll
    [2006/12/05 14:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
    [2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 05:47:37 | 000,413,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 03:33:01 | 000,618,648 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 03:33:01 | 000,104,024 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 03:25:21 | 000,180,224 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/11/02 00:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2006/11/02 00:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

    ========== LOP Check ==========

    [2008/06/27 21:54:12 | 000,000,000 | ---D | M] -- C:\Users\Nida\AppData\Roaming\EuroTalk
    [2011/09/12 21:38:58 | 000,000,000 | ---D | M] -- C:\Users\Nida\AppData\Roaming\Systweak
    [2011/06/11 09:40:00 | 000,000,000 | ---D | M] -- C:\Users\Nida\AppData\Roaming\Tific
    [2009/10/31 10:52:31 | 000,000,000 | ---D | M] -- C:\Users\Nida\AppData\Roaming\Toshiba
    [2007/12/23 16:19:44 | 000,000,000 | ---D | M] -- C:\Users\Nida\AppData\Roaming\WildTangent
    [2011/09/15 06:16:47 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2006/11/02 02:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
    [2007/02/28 12:08:50 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/09/17 18:52:16 | 000,009,377 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/09/17 16:06:19 | 1063,313,408 | -HS- | M] () -- C:\hiberfil.sys
    [2007/06/06 21:04:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2007/06/06 21:04:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/09/17 16:06:18 | 1377,239,040 | -HS- | M] () -- C:\pagefile.sys
    [2011/08/26 12:51:54 | 000,000,419 | ---- | M] () -- C:\rkill.log
    [2011/08/26 09:47:14 | 000,063,204 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_26.08.2011_09.46.17_log.txt
    [2011/08/26 10:47:17 | 000,062,958 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_26.08.2011_10.46.34_log.txt
    [2010/08/07 08:21:19 | 000,000,150 | ---- | M] () -- C:\YServer.txt
    [2011/06/28 21:11:06 | 000,000,296 | ---- | M] () -- C:\{C546E900-0839-49FF-9E05-9C9AB76464D0}

    < %systemroot%\Fonts\*.com >
    [2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 05:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 02:46:03 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNBPP3.DLL
    [2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/12/11 04:30:52 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2007/02/28 12:08:36 | 006,602,752 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2007/02/28 12:08:34 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2007/02/28 12:08:36 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2007/02/28 12:08:46 | 015,556,608 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2007/02/28 12:08:48 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/03/31 06:11:26 | 000,000,286 | -HS- | M] () -- C:\Users\Nida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/09/17 16:25:31 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Nida\Desktop\aswMBR.exe
    [2011/09/17 17:17:56 | 004,214,248 | R--- | M] (Swearware) -- C:\Users\Nida\Desktop\ComboFix.exe
    [2011/09/12 21:45:22 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nida\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/06/11 09:38:59 | 122,213,960 | ---- | M] (Symantec Corporation) -- C:\Users\Nida\Desktop\N360-PREMIER-ESD-18-6-0-29-EN.exe
    [2011/09/18 10:11:13 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Nida\Desktop\OTL.exe
    [2011/09/12 22:08:18 | 000,302,592 | ---- | M] () -- C:\Users\Nida\Desktop\w8nbom0w.exe
    [1 C:\Users\Nida\Desktop\*.tmp files -> C:\Users\Nida\Desktop\*.tmp -> ]

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2007/03/24 01:36:50 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2007/03/24 01:36:20 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2007/03/24 01:36:20 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2007/03/24 01:36:20 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2007/03/24 01:36:20 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2007/03/24 01:36:20 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/04/16 22:08:26 | 000,000,402 | -HS- | M] () -- C:\Users\Nida\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  12. jeffh301

    jeffh301 TS Rookie Topic Starter

    OTL log file 2

    Maybe this is nothing, but in Windows/System32, I found a folder called DRVSTORE that is the only folder colored blue. Inside is a file named GEARAspiWD_F922651AD36DADE59756BB9CB900A74834B0879B which was created June 11, 2011, which is around the time when my computer started getting slower.


    Here is the OTL Extras log file.



    OTL Extras logfile created on: 9/18/2011 10:13:55 AM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Nida\Desktop
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.17037)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1013.44 Mb Total Physical Memory | 236.03 Mb Available Physical Memory | 23.29% Memory free
    2.22 Gb Paging File | 1.08 Gb Available in Paging File | 48.69% Paging File free
    Paging file location(s): ?:\pagefile.sys

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 147.58 Gb Total Space | 107.06 Gb Free Space | 72.54% Space Free | Partition Type: NTFS

    Computer Name: NIDA-PC | User Name: Nida | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
    "C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{2CC9B211-0AF8-4513-B98B-10888DF2F483}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
    "{34C2A280-006B-476A-9EF1-8006A1DDA787}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
    "{52E58174-8035-4C6A-BF3F-B45DEF1D85F0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{17C3B4A0-7791-4FE4-8A98-95CA6FFE413C}" = protocol=17 | dir=in | app=c:\program files\turbotax\home & business 2007\32bit\ttax.exe |
    "{2243F865-4B68-4892-9DB7-D51DB7B95A7F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{28130F52-3192-4018-8632-71B8A84086BB}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
    "{3DEC7717-C2E7-415A-B162-6AD885F6C237}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{3E31C5EF-FFA7-4C4B-927E-2D785AC75096}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{424589D0-2505-4852-8A7C-50B573BEA757}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{4451B6FF-57EA-4B71-ABAC-41280FFB5FF5}" = protocol=17 | dir=in | app=c:\program files\turbotax\home & business 2007\32bit\updatemgr.exe |
    "{52B87E43-FF4B-4827-BDA1-492DBFBD4464}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{63486243-8C55-443F-8877-138A324CA90C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
    "{6413B0FE-F113-40AF-BF80-F346BF7D58DD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{85C4F6F4-FBAD-4811-A2FC-0B886590C511}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
    "{86AA1842-0182-495E-842C-257782948B65}" = protocol=6 | dir=in | app=c:\program files\turbotax\home & business 2007\32bit\updatemgr.exe |
    "{8B6210CB-DC8A-46F2-A5FF-3F40788B70E2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{D525EF64-EB79-4814-B6A0-701CADA47471}" = protocol=6 | dir=in | app=c:\program files\turbotax\home & business 2007\32bit\ttax.exe |
    "{EB75FA5D-0762-412D-A48A-8E82D7A4DD15}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{F1926EDE-ADD4-4898-8C28-4A6D81A6D4E6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
    "{F3399CA2-0BDF-4FF1-94E3-D94A039BE0D5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
    "TCP Query User{BEA2EADD-A2F7-4010-9413-A6ED98A361B1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{E3CF2FD6-B554-498D-ABD2-B880438A9A60}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
    "UDP Query User{0C2401C8-A959-4FF9-AEEA-BF0B052B6D67}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{A6E73CC2-1D77-4924-BB47-F52B5444900E}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0020FEE2-7CDB-4250-B04B-81D68D3CA18B}" =
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
    "{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
    "{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6C5A8BA1-8114-11D5-0090-B800902724B3}" = FIFA 2002
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{744E2BC2-EC6F-44D5-AA68-451B4131383B}" = TOSHIBA Supervisor Password
    "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
    "{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
    "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
    "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B97599D2-01F7-4551-96D8-674D3D886F7B}" = TOSHIBA Hardware Setup
    "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
    "{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
    "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
    "{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
    "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "Combat Flight Simulator 3.0" = Microsoft Combat Flight Simulator 3.1
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Desktop Dialer" = Desktop Dialer
    "Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EuroTalk Talk Now Plus!" = EuroTalk Talk Now Plus!
    "FLV Player" = FLV Player 2.0, build 23
    "Google Desktop" = Google Desktop
    "GSpot" = GSpot Codec Information Appliance
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HitmanPro35" = Hitman Pro 3.5
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "Internet Offers from Toshiba" = Internet Offers
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Money2007b" = Microsoft Money Essentials
    "N360" = Norton 360 Premier Edition
    "NHL 2000" = NHL 2000
    "RealPlayer 12.0" = RealPlayer
    "ShadowExplorer_is1" = ShadowExplorer 0.7
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Game Console" = TOSHIBA Game Console
    "TOSHIBA Media Center Game Console" = TOSHIBA Media Center Game Console
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "TurboTax 2008" = TurboTax 2008
    "TurboTax 2009" = TurboTax 2009
    "TurboTax 2010" = TurboTax 2010
    "TurboTax Home & Business 2007" = TurboTax Home & Business 2007
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WT017700" = Bejeweled 2 Deluxe
    "WT017710" = Blackhawk Striker 2
    "WT017720" = Blasterball 3
    "WT017760" = Chuzzle Deluxe
    "WT017800" = FATE
    "WT017840" = JEOPARDY
    "WT017910" = Penguins!
    "WT017930" = Polar Bowler
    "WT017940" = Polar Golfer
    "WT017980" = SCRABBLE

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-221321858-1353212307-1756496715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/2/2011 8:02:43 PM | Computer Name = Nida-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 7.0.6000.17037 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: fd0 Start Time: 01cc69c9562cf680 Termination Time: 0

    Error - 9/3/2011 9:39:23 PM | Computer Name = Nida-PC | Source = VSS | ID = 8194
    Description =

    Error - 9/4/2011 2:10:55 AM | Computer Name = Nida-PC | Source = VSS | ID = 8194
    Description =

    Error - 9/4/2011 8:13:39 PM | Computer Name = Nida-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 7.0.6000.17037 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 1324 Start Time: 01cc6b531f8aafb0 Termination Time: 920

    Error - 9/4/2011 10:33:44 PM | Computer Name = Nida-PC | Source = VSS | ID = 8194
    Description =

    Error - 9/5/2011 2:14:45 AM | Computer Name = Nida-PC | Source = VSS | ID = 8194
    Description =

    Error - 9/5/2011 11:38:11 PM | Computer Name = Nida-PC | Source = VSS | ID = 8194
    Description =

    Error - 9/7/2011 2:32:09 AM | Computer Name = Nida-PC | Source = Application Error | ID = 1000
    Description = Faulting application Dwm.exe, version 6.0.6000.16386, time stamp 0x4549aed1,
    faulting module ole32.dll, version 6.0.6000.16386, time stamp 0x4549bd92, exception
    code 0xc0000005, fault offset 0x0001c58d, process id 0xba8, application start time
    0x01cc6901ff69a16e.

    Error - 9/17/2011 7:11:57 PM | Computer Name = Nida-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 9/17/2011 7:55:32 PM | Computer Name = Nida-PC | Source = Application Error | ID = 1000
    Description = Faulting application SpybotSD.exe, version 1.6.2.46, time stamp 0x2a425e19,
    faulting module SpybotSD.exe, version 1.6.2.46, time stamp 0x2a425e19, exception
    code 0xc0000005, fault offset 0x00004d8a, process id 0xd7c, application start time
    0x01cc759547c41740.

    [ Media Center Events ]
    Error - 12/6/2007 10:59:38 PM | Computer Name = Nida-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 3/11/2008 9:34:18 PM | Computer Name = Nida-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/24/2008 11:03:38 AM | Computer Name = Nida-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/26/2008 1:23:59 AM | Computer Name = Nida-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/27/2008 10:01:56 PM | Computer Name = Nida-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/28/2008 1:10:46 PM | Computer Name = Nida-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/30/2008 10:47:23 PM | Computer Name = Nida-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 3/2/2009 12:37:19 AM | Computer Name = Nida-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/29/2009 7:29:47 PM | Computer Name = Nida-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 3/11/2010 2:49:55 AM | Computer Name = Nida-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ OSession Events ]
    Error - 9/17/2008 12:08:05 AM | Computer Name = Nida-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6323.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 23
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 10/27/2008 9:26:55 PM | Computer Name = Nida-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 988
    seconds with 840 seconds of active time. This session ended with a crash.

    Error - 5/29/2009 1:56:15 PM | Computer Name = Nida-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6341.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 7657
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 6/21/2009 4:50:34 PM | Computer Name = Nida-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 43
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 9/4/2009 12:59:00 AM | Computer Name = Nida-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 25
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 9/9/2009 8:32:29 PM | Computer Name = Nida-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 188938
    seconds with 5400 seconds of active time. This session ended with a crash.

    Error - 9/21/2009 8:52:22 PM | Computer Name = Nida-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 1443
    seconds with 1020 seconds of active time. This session ended with a crash.

    Error - 10/28/2009 9:11:42 PM | Computer Name = Nida-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 109
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 6/18/2010 9:10:40 AM | Computer Name = Nida-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 872
    seconds with 360 seconds of active time. This session ended with a crash.

    Error - 11/20/2010 2:13:34 PM | Computer Name = Nida-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 9/8/2011 12:17:59 PM | Computer Name = Nida-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.11 for the Network Card with network
    address 0019D28F33F1 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 9/9/2011 4:47:14 PM | Computer Name = Nida-PC | Source = DCOM | ID = 10010
    Description =

    Error - 9/9/2011 4:47:22 PM | Computer Name = Nida-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 9/9/2011 4:47:35 PM | Computer Name = Nida-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.11 for the Network Card with network
    address 0019D28F33F1 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 9/11/2011 5:18:32 PM | Computer Name = Nida-PC | Source = yukonwlh | ID = 458853
    Description = Driver has encountered an internal error

    Error - 9/11/2011 5:18:32 PM | Computer Name = Nida-PC | Source = yukonwlh | ID = 458853
    Description = Driver has encountered an internal error

    Error - 9/15/2011 6:03:07 AM | Computer Name = Nida-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 9/15/2011 6:03:07 AM | Computer Name = Nida-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 9/15/2011 6:36:58 AM | Computer Name = Nida-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 9/15/2011 9:16:32 AM | Computer Name = Nida-PC | Source = DCOM | ID = 10010
    Description =


    < End of report >
  13. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
      O15 - HKU\S-1-5-21-221321858-1353212307-1756496715-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      O15 - HKU\S-1-5-21-221321858-1353212307-1756496715-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-221321858-1353212307-1756496715-1000\..Trusted Ranges: GD ([http] in Local intranet)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      [1 C:\Users\Nida\Desktop\*.tmp files -> C:\Users\Nida\Desktop\*.tmp -> ]
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  14. jeffh301

    jeffh301 TS Rookie Topic Starter

    File Logs 1 and 2, none for 3

    File Log Called: 09232011_063216

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
    Registry key HKEY_USERS\S-1-5-21-221321858-1353212307-1756496715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-221321858-1353212307-1756496715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-221321858-1353212307-1756496715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    C:\Windows\DUMP2ff5.tmp deleted successfully.
    C:\Windows\msdownld.tmp folder deleted successfully.
    C:\Users\Nida\Desktop\~WRL0001.tmp deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 804 bytes

    User: Nida
    ->Temp folder emptied: 6991588 bytes
    ->Temporary Internet Files folder emptied: 4600587 bytes
    ->Java cache emptied: 29736193 bytes
    ->Flash cache emptied: 2027351 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 90 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 41.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Guest

    User: Nida
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.29.1 log created on 09232011_063216

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


    File Log Called: Checkup

    Results of screen317's Security Check version 0.99.7
    Windows Vista (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Norton 360
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) SE Runtime Environment 6
    Adobe Reader 7.0
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Spybot Teatimer.exe is disabled!
    Emsisoft Anti-Malware a2service.exe
    ``````````End of Log````````````



    I ran the online scan, but it found no threats and no log was created.
  15. jeffh301

    jeffh301 TS Rookie Topic Starter

    Problem Back.

    I performed a search, but now it redirecting again like before. Should I run OTL again?
  16. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Which browser is getting redirected?

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ================================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.
  17. jeffh301

    jeffh301 TS Rookie Topic Starter

    It is internet explorer.
  18. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Make sure you perform steps from my last reply first.

    Then....

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  19. jeffh301

    jeffh301 TS Rookie Topic Starter

    Followed all 3 steps + 1 logfile

    22:00:18.0891 3540 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
    22:00:20.0904 3540 ============================================================
    22:00:20.0904 3540 Current date / time: 2011/09/24 22:00:20.0904
    22:00:20.0904 3540 SystemInfo:
    22:00:20.0904 3540
    22:00:20.0904 3540 OS Version: 6.0.6000 ServicePack: 0.0
    22:00:20.0904 3540 Product type: Workstation
    22:00:20.0904 3540 ComputerName: NIDA-PC
    22:00:20.0904 3540 UserName: Nida
    22:00:20.0904 3540 Windows directory: C:\Windows
    22:00:20.0904 3540 System windows directory: C:\Windows
    22:00:20.0904 3540 Processor architecture: Intel x86
    22:00:20.0904 3540 Number of processors: 2
    22:00:20.0904 3540 Page size: 0x1000
    22:00:20.0904 3540 Boot type: Normal boot
    22:00:20.0904 3540 ============================================================
    22:00:23.0805 3540 Initialize success
    22:00:29.0671 4956 ============================================================
    22:00:29.0671 4956 Scan started
    22:00:29.0671 4956 Mode: Manual;
    22:00:29.0671 4956 ============================================================
    22:00:32.0214 4956 a2acc (71574a98093d94bdbb3cb74e272d29a5) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
    22:00:32.0245 4956 a2acc - ok
    22:00:32.0916 4956 ACPI (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
    22:00:32.0978 4956 ACPI - ok
    22:00:33.0555 4956 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    22:00:33.0555 4956 adp94xx - ok
    22:00:34.0086 4956 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    22:00:34.0086 4956 adpahci - ok
    22:00:34.0601 4956 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    22:00:34.0601 4956 adpu160m - ok
    22:00:35.0053 4956 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    22:00:35.0053 4956 adpu320 - ok
    22:00:35.0552 4956 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
    22:00:35.0552 4956 AFD - ok
    22:00:36.0285 4956 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
    22:00:36.0301 4956 AgereSoftModem - ok
    22:00:36.0816 4956 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    22:00:36.0816 4956 agp440 - ok
    22:00:37.0268 4956 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    22:00:37.0268 4956 aic78xx - ok
    22:00:37.0752 4956 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    22:00:37.0752 4956 aliide - ok
    22:00:38.0267 4956 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    22:00:38.0267 4956 amdagp - ok
    22:00:38.0657 4956 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    22:00:38.0657 4956 amdide - ok
    22:00:39.0109 4956 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    22:00:39.0109 4956 AmdK7 - ok
    22:00:39.0483 4956 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    22:00:39.0483 4956 AmdK8 - ok
    22:00:40.0107 4956 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    22:00:40.0107 4956 arc - ok
    22:00:40.0575 4956 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    22:00:40.0591 4956 arcsas - ok
    22:00:41.0121 4956 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
    22:00:41.0121 4956 AsyncMac - ok
    22:00:41.0527 4956 atapi (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
    22:00:41.0527 4956 atapi - ok
    22:00:42.0182 4956 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
    22:00:42.0182 4956 Beep - ok
    22:00:43.0040 4956 BHDrvx86 (09b8897ac84c49beabea75cf9fe1ab45) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110909.001\BHDrvx86.sys
    22:00:43.0040 4956 BHDrvx86 - ok
    22:00:43.0446 4956 blbdrive - ok
    22:00:44.0039 4956 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
    22:00:44.0039 4956 bowser - ok
    22:00:44.0273 4956 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    22:00:44.0273 4956 BrFiltLo - ok
    22:00:44.0351 4956 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    22:00:44.0351 4956 BrFiltUp - ok
    22:00:44.0429 4956 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    22:00:44.0429 4956 Brserid - ok
    22:00:44.0538 4956 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    22:00:44.0553 4956 BrSerWdm - ok
    22:00:44.0585 4956 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    22:00:44.0585 4956 BrUsbMdm - ok
    22:00:44.0678 4956 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    22:00:44.0694 4956 BrUsbSer - ok
    22:00:44.0772 4956 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    22:00:44.0787 4956 BTHMODEM - ok
    22:00:44.0897 4956 catchme - ok
    22:00:45.0037 4956 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
    22:00:45.0037 4956 cdfs - ok
    22:00:45.0131 4956 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
    22:00:45.0131 4956 cdrom - ok
    22:00:45.0255 4956 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    22:00:45.0255 4956 circlass - ok
    22:00:45.0365 4956 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
    22:00:45.0380 4956 CLFS - ok
    22:00:45.0552 4956 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
    22:00:45.0552 4956 CmBatt - ok
    22:00:45.0599 4956 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    22:00:45.0599 4956 cmdide - ok
    22:00:45.0755 4956 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\DRIVERS\compbatt.sys
    22:00:45.0770 4956 Compbatt - ok
    22:00:45.0895 4956 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    22:00:45.0895 4956 crcdisk - ok
    22:00:46.0051 4956 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    22:00:46.0051 4956 Crusoe - ok
    22:00:46.0254 4956 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
    22:00:46.0254 4956 DfsC - ok
    22:00:46.0644 4956 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
    22:00:46.0644 4956 disk - ok
    22:00:47.0143 4956 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
    22:00:47.0143 4956 drmkaud - ok
    22:00:47.0361 4956 DXGKrnl (f032a2f91287a0b800891c7bef9ca7a8) C:\Windows\System32\drivers\dxgkrnl.sys
    22:00:47.0361 4956 DXGKrnl - ok
    22:00:47.0533 4956 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    22:00:47.0533 4956 E1G60 - ok
    22:00:48.0095 4956 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
    22:00:48.0095 4956 Ecache - ok
    22:00:48.0297 4956 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    22:00:48.0297 4956 eeCtrl - ok
    22:00:48.0500 4956 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    22:00:48.0500 4956 elxstor - ok
    22:00:48.0641 4956 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    22:00:48.0656 4956 EraserUtilRebootDrv - ok
    22:00:48.0906 4956 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
    22:00:48.0906 4956 fastfat - ok
    22:00:49.0077 4956 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    22:00:49.0077 4956 fdc - ok
    22:00:49.0249 4956 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
    22:00:49.0249 4956 FileInfo - ok
    22:00:49.0467 4956 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
    22:00:49.0467 4956 Filetrace - ok
    22:00:49.0623 4956 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    22:00:49.0623 4956 flpydisk - ok
    22:00:49.0826 4956 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
    22:00:49.0826 4956 FltMgr - ok
    22:00:50.0045 4956 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
    22:00:50.0045 4956 Fs_Rec - ok
    22:00:50.0201 4956 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
    22:00:50.0201 4956 FwLnk - ok
    22:00:50.0372 4956 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    22:00:50.0372 4956 gagp30kx - ok
    22:00:50.0606 4956 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    22:00:50.0606 4956 GEARAspiWDM - ok
    22:00:50.0965 4956 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    22:00:50.0965 4956 HdAudAddService - ok
    22:00:51.0105 4956 HDAudBus (ffb271303ba3c59d9c97b7af1175de95) C:\Windows\system32\DRIVERS\HDAudBus.sys
    22:00:51.0105 4956 HDAudBus - ok
    22:00:51.0261 4956 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    22:00:51.0277 4956 HidBth - ok
    22:00:51.0417 4956 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    22:00:51.0433 4956 HidIr - ok
    22:00:52.0119 4956 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
    22:00:52.0151 4956 HidUsb - ok
    22:00:52.0728 4956 hitmanpro35 (72472b9ce5d02e443cff49a40355455d) C:\Windows\system32\drivers\hitmanpro35.sys
    22:00:52.0759 4956 hitmanpro35 - ok
    22:00:53.0196 4956 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    22:00:53.0211 4956 HpCISSs - ok
    22:00:53.0711 4956 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
    22:00:53.0726 4956 HTTP - ok
    22:00:54.0038 4956 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    22:00:54.0038 4956 i2omp - ok
    22:00:54.0303 4956 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
    22:00:54.0319 4956 i8042prt - ok
    22:00:54.0678 4956 ialm (229be1b236fc93634b39c26ae45cbfba) C:\Windows\system32\DRIVERS\igdkmd32.sys
    22:00:54.0849 4956 ialm - ok
    22:00:55.0083 4956 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    22:00:55.0130 4956 iaStorV - ok
    22:00:55.0349 4956 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110922.030\IDSvix86.sys
    22:00:55.0349 4956 IDSVix86 - ok
    22:00:55.0879 4956 igfx (229be1b236fc93634b39c26ae45cbfba) C:\Windows\system32\DRIVERS\igdkmd32.sys
    22:00:56.0004 4956 igfx - ok
    22:00:56.0612 4956 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    22:00:56.0628 4956 iirsp - ok
    22:00:57.0049 4956 IntcAzAudAddService (f92f433a1b38041b365bfd4b021e42d2) C:\Windows\system32\drivers\RTKVHDA.sys
    22:00:57.0111 4956 IntcAzAudAddService - ok
    22:00:57.0267 4956 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    22:00:57.0283 4956 intelide - ok
    22:00:57.0345 4956 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
    22:00:57.0361 4956 intelppm - ok
    22:00:57.0533 4956 IO_Memory - ok
    22:00:57.0642 4956 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:00:57.0642 4956 IpFilterDriver - ok
    22:00:57.0782 4956 IpInIp - ok
    22:00:57.0860 4956 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    22:00:57.0876 4956 IPMIDRV - ok
    22:00:57.0923 4956 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
    22:00:57.0923 4956 IPNAT - ok
    22:00:58.0047 4956 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
    22:00:58.0047 4956 IRENUM - ok
    22:00:58.0079 4956 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    22:00:58.0079 4956 isapnp - ok
    22:00:58.0125 4956 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
    22:00:58.0157 4956 iScsiPrt - ok
    22:00:58.0328 4956 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    22:00:58.0328 4956 iteatapi - ok
    22:00:58.0375 4956 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    22:00:58.0406 4956 iteraid - ok
    22:00:58.0531 4956 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
    22:00:58.0531 4956 kbdclass - ok
    22:00:58.0703 4956 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
    22:00:58.0703 4956 kbdhid - ok
    22:00:59.0046 4956 KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys
    22:00:59.0046 4956 KR10I - ok
    22:00:59.0264 4956 KR10N (a1963360e74931222a67356c8ad48378) C:\Windows\system32\drivers\kr10n.sys
    22:00:59.0264 4956 KR10N - ok
    22:00:59.0389 4956 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
    22:00:59.0405 4956 KR3NPXP - ok
    22:00:59.0639 4956 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
    22:00:59.0654 4956 KSecDD - ok
    22:00:59.0904 4956 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
    22:00:59.0919 4956 lltdio - ok
    22:01:00.0075 4956 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    22:01:00.0075 4956 LSI_FC - ok
    22:01:00.0185 4956 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    22:01:00.0200 4956 LSI_SAS - ok
    22:01:00.0294 4956 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    22:01:00.0309 4956 LSI_SCSI - ok
    22:01:00.0387 4956 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
    22:01:00.0387 4956 luafv - ok
    22:01:00.0512 4956 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    22:01:00.0512 4956 megasas - ok
    22:01:00.0575 4956 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
    22:01:00.0606 4956 Modem - ok
    22:01:00.0777 4956 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
    22:01:00.0777 4956 monitor - ok
    22:01:00.0918 4956 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
    22:01:00.0918 4956 mouclass - ok
    22:01:01.0074 4956 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
    22:01:01.0074 4956 mouhid - ok
    22:01:01.0323 4956 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
    22:01:01.0511 4956 MountMgr - ok
    22:01:01.0760 4956 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    22:01:01.0776 4956 mpio - ok
    22:01:01.0823 4956 MpKsla8ba872b - ok
    22:01:01.0885 4956 MpKslc3b4ee22 - ok
    22:01:01.0885 4956 MpKslff9cd34b - ok
    22:01:02.0135 4956 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
    22:01:02.0135 4956 mpsdrv - ok
    22:01:02.0369 4956 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    22:01:02.0384 4956 Mraid35x - ok
    22:01:02.0462 4956 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
    22:01:02.0478 4956 MRxDAV - ok
    22:01:02.0649 4956 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:01:02.0665 4956 mrxsmb - ok
    22:01:02.0790 4956 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:01:02.0805 4956 mrxsmb10 - ok
    22:01:02.0821 4956 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:01:02.0821 4956 mrxsmb20 - ok
    22:01:02.0946 4956 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    22:01:02.0977 4956 msahci - ok
    22:01:03.0211 4956 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    22:01:03.0211 4956 msdsm - ok
    22:01:03.0305 4956 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
    22:01:03.0305 4956 Msfs - ok
    22:01:03.0492 4956 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
    22:01:03.0492 4956 msisadrv - ok
    22:01:03.0695 4956 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
    22:01:03.0757 4956 MSKSSRV - ok
    22:01:04.0100 4956 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
    22:01:04.0100 4956 MSPCLOCK - ok
    22:01:04.0147 4956 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
    22:01:04.0147 4956 MSPQM - ok
    22:01:04.0225 4956 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
    22:01:04.0241 4956 MsRPC - ok
    22:01:04.0334 4956 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
    22:01:04.0334 4956 mssmbios - ok
    22:01:04.0381 4956 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
    22:01:04.0397 4956 MSTEE - ok
    22:01:04.0490 4956 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
    22:01:04.0490 4956 Mup - ok
    22:01:04.0615 4956 NativeWifiP (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
    22:01:04.0631 4956 NativeWifiP - ok
    22:01:04.0880 4956 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110922.024\NAVENG.SYS
    22:01:04.0880 4956 NAVENG - ok
    22:01:05.0052 4956 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110922.024\NAVEX15.SYS
    22:01:05.0099 4956 NAVEX15 - ok
    22:01:05.0255 4956 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
    22:01:05.0270 4956 NDIS - ok
    22:01:05.0426 4956 NdisTapi (7584f1794b23b83d63cc124a8c56d103) C:\Windows\system32\DRIVERS\ndistapi.sys
    22:01:05.0426 4956 NdisTapi - ok
    22:01:05.0457 4956 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
    22:01:05.0489 4956 Ndisuio - ok
    22:01:05.0598 4956 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
    22:01:05.0598 4956 NdisWan - ok
    22:01:05.0645 4956 NDProxy (874c12e3ad1431cabc854697d302c563) C:\Windows\system32\drivers\NDProxy.sys
    22:01:05.0645 4956 NDProxy - ok
    22:01:05.0738 4956 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
    22:01:05.0785 4956 NetBIOS - ok
    22:01:05.0941 4956 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
    22:01:05.0941 4956 netbt - ok
    22:01:06.0237 4956 NETw3v32 (ea30bd026a7d1b745a37516880c4ac1b) C:\Windows\system32\DRIVERS\NETw3v32.sys
    22:01:06.0300 4956 NETw3v32 - ok
    22:01:06.0627 4956 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
    22:01:06.0752 4956 NETw4v32 - ok
    22:01:06.0924 4956 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    22:01:06.0924 4956 nfrd960 - ok
    22:01:06.0971 4956 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
    22:01:06.0986 4956 Npfs - ok
    22:01:07.0049 4956 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
    22:01:07.0049 4956 nsiproxy - ok
    22:01:07.0173 4956 Ntfs (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
    22:01:07.0205 4956 Ntfs - ok
    22:01:07.0345 4956 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    22:01:07.0361 4956 ntrigdigi - ok
    22:01:07.0392 4956 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
    22:01:07.0407 4956 Null - ok
    22:01:07.0454 4956 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    22:01:07.0470 4956 nvraid - ok
    22:01:07.0548 4956 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    22:01:07.0548 4956 nvstor - ok
    22:01:07.0610 4956 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    22:01:07.0626 4956 nv_agp - ok
    22:01:07.0657 4956 NwlnkFlt - ok
    22:01:07.0813 4956 NwlnkFwd - ok
    22:01:07.0953 4956 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
    22:01:07.0953 4956 ohci1394 - ok
    22:01:08.0094 4956 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    22:01:08.0094 4956 Parport - ok
    22:01:08.0219 4956 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
    22:01:08.0219 4956 partmgr - ok
    22:01:08.0281 4956 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    22:01:08.0297 4956 Parvdm - ok
    22:01:08.0359 4956 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
    22:01:08.0375 4956 pci - ok
    22:01:08.0406 4956 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    22:01:08.0437 4956 pciide - ok
    22:01:08.0484 4956 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
    22:01:08.0484 4956 pcmcia - ok
    22:01:08.0655 4956 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    22:01:08.0687 4956 PEAUTH - ok
    22:01:08.0967 4956 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
    22:01:08.0983 4956 PptpMiniport - ok
    22:01:09.0030 4956 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    22:01:09.0030 4956 Processor - ok
    22:01:09.0123 4956 PSched (b74edf14453c9987e99e66535047ebee) C:\Windows\system32\DRIVERS\pacer.sys
    22:01:09.0123 4956 PSched - ok
    22:01:09.0357 4956 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    22:01:09.0389 4956 ql2300 - ok
    22:01:09.0623 4956 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    22:01:09.0623 4956 ql40xx - ok
    22:01:09.0825 4956 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
    22:01:09.0841 4956 QWAVEdrv - ok
    22:01:09.0888 4956 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
    22:01:09.0935 4956 RasAcd - ok
    22:01:10.0106 4956 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:01:10.0122 4956 Rasl2tp - ok
    22:01:10.0200 4956 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
    22:01:10.0215 4956 RasPppoe - ok
    22:01:10.0340 4956 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
    22:01:10.0356 4956 rdbss - ok
    22:01:10.0403 4956 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:01:10.0403 4956 RDPCDD - ok
    22:01:10.0496 4956 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    22:01:10.0512 4956 rdpdr - ok
    22:01:10.0683 4956 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
    22:01:10.0683 4956 RDPENCDD - ok
    22:01:10.0746 4956 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
    22:01:10.0777 4956 RDPWD - ok
    22:01:10.0855 4956 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
    22:01:10.0855 4956 RimUsb - ok
    22:01:11.0073 4956 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
    22:01:11.0089 4956 rspndr - ok
    22:01:11.0214 4956 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    22:01:11.0214 4956 sbp2port - ok
    22:01:11.0417 4956 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
    22:01:11.0417 4956 sdbus - ok
    22:01:11.0510 4956 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    22:01:11.0510 4956 secdrv - ok
    22:01:11.0651 4956 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    22:01:11.0651 4956 Serenum - ok
    22:01:11.0713 4956 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    22:01:11.0729 4956 Serial - ok
    22:01:11.0807 4956 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
    22:01:11.0807 4956 sermouse - ok
    22:01:12.0009 4956 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\DRIVERS\sffdisk.sys
    22:01:12.0009 4956 sffdisk - ok
    22:01:12.0072 4956 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    22:01:12.0087 4956 sffp_mmc - ok
    22:01:12.0134 4956 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\DRIVERS\sffp_sd.sys
    22:01:12.0134 4956 sffp_sd - ok
    22:01:12.0243 4956 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    22:01:12.0259 4956 sfloppy - ok
    22:01:12.0353 4956 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    22:01:12.0368 4956 sisagp - ok
    22:01:12.0493 4956 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    22:01:12.0509 4956 SiSRaid2 - ok
    22:01:12.0555 4956 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    22:01:12.0571 4956 SiSRaid4 - ok
    22:01:12.0680 4956 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
    22:01:12.0680 4956 Smb - ok
    22:01:12.0836 4956 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
    22:01:12.0836 4956 spldr - ok
    22:01:12.0961 4956 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS
    22:01:12.0977 4956 SRTSP - ok
    22:01:13.0257 4956 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
    22:01:13.0273 4956 SRTSPX - ok
    22:01:13.0476 4956 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
    22:01:13.0491 4956 srv - ok
    22:01:13.0741 4956 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
    22:01:13.0741 4956 srv2 - ok
    22:01:13.0803 4956 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
    22:01:13.0819 4956 srvnet - ok
    22:01:13.0991 4956 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
    22:01:13.0991 4956 swenum - ok
    22:01:14.0069 4956 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    22:01:14.0084 4956 Symc8xx - ok
    22:01:14.0209 4956 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
    22:01:14.0225 4956 SymDS - ok
    22:01:14.0521 4956 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
    22:01:14.0537 4956 SymEFA - ok
    22:01:14.0708 4956 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
    22:01:14.0724 4956 SymEvent - ok
    22:01:14.0817 4956 SymIMMP - ok
    22:01:15.0005 4956 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
    22:01:15.0020 4956 SymIRON - ok
    22:01:15.0239 4956 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS
    22:01:15.0254 4956 SYMTDIv - ok
    22:01:15.0426 4956 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    22:01:15.0441 4956 Sym_hi - ok
    22:01:15.0488 4956 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    22:01:15.0504 4956 Sym_u3 - ok
    22:01:15.0675 4956 SynTP (a93e77225d7b32d270fbb6acc3df119b) C:\Windows\system32\DRIVERS\SynTP.sys
    22:01:15.0691 4956 SynTP - ok
    22:01:15.0972 4956 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
    22:01:16.0003 4956 Tcpip - ok
    22:01:16.0190 4956 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
    22:01:16.0206 4956 Tcpip6 - ok
    22:01:16.0377 4956 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
    22:01:16.0377 4956 tcpipreg - ok
    22:01:16.0424 4956 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
    22:01:16.0424 4956 tdcmdpst - ok
    22:01:16.0565 4956 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
    22:01:16.0565 4956 TDPIPE - ok
    22:01:16.0627 4956 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
    22:01:16.0643 4956 TDTCP - ok
    22:01:16.0689 4956 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
    22:01:16.0689 4956 tdx - ok
    22:01:16.0830 4956 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
    22:01:16.0861 4956 TermDD - ok
    22:01:18.0702 4956 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
    22:01:19.0170 4956 tifm21 - ok
    22:01:19.0435 4956 Tosrfcom - ok
    22:01:19.0544 4956 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:01:19.0544 4956 tssecsrv - ok
    22:01:19.0700 4956 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
    22:01:19.0716 4956 tunmp - ok
    22:01:19.0763 4956 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
    22:01:19.0778 4956 tunnel - ok
    22:01:19.0841 4956 TVALZ (521c5f39829875adf5466dd94c6282c7) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
    22:01:19.0841 4956 TVALZ - ok
    22:01:19.0887 4956 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    22:01:19.0903 4956 uagp35 - ok
    22:01:20.0090 4956 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
    22:01:20.0121 4956 udfs - ok
    22:01:20.0262 4956 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    22:01:20.0262 4956 uliagpkx - ok
    22:01:20.0340 4956 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    22:01:20.0355 4956 uliahci - ok
    22:01:20.0402 4956 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    22:01:20.0402 4956 UlSata - ok
    22:01:20.0605 4956 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    22:01:20.0605 4956 ulsata2 - ok
    22:01:20.0652 4956 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
    22:01:20.0652 4956 umbus - ok
    22:01:20.0886 4956 usbccgp (9d554e3509868322fabd3c9933e3ccc2) C:\Windows\system32\DRIVERS\usbccgp.sys
    22:01:20.0901 4956 usbccgp - ok
    22:01:21.0011 4956 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    22:01:21.0026 4956 usbcir - ok
    22:01:21.0182 4956 usbehci (ad99bf6bee66686d68721ffcc6e08cbe) C:\Windows\system32\DRIVERS\usbehci.sys
    22:01:21.0198 4956 usbehci - ok
    22:01:21.0291 4956 usbhub (275dbb5a31281feaf565378526319d5a) C:\Windows\system32\DRIVERS\usbhub.sys
    22:01:21.0307 4956 usbhub - ok
    22:01:21.0479 4956 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    22:01:21.0494 4956 usbohci - ok
    22:01:21.0557 4956 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
    22:01:21.0557 4956 usbprint - ok
    22:01:21.0666 4956 USBSTOR (fdbaabf07244c60b0f4e0a6e71a107c6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:01:21.0666 4956 USBSTOR - ok
    22:01:21.0728 4956 usbuhci (9b13bca94168e18ff71fdd500b96643c) C:\Windows\system32\DRIVERS\usbuhci.sys
    22:01:21.0744 4956 usbuhci - ok
    22:01:21.0837 4956 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
    22:01:21.0837 4956 usbvideo - ok
    22:01:21.0993 4956 UVCFTR (0d09f77f46dd3be73c3e5949428d6995) C:\Windows\system32\DRIVERS\UVCFTR_S.SYS
    22:01:22.0009 4956 UVCFTR - ok
    22:01:22.0134 4956 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    22:01:22.0134 4956 vga - ok
    22:01:22.0212 4956 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
    22:01:22.0212 4956 VgaSave - ok
    22:01:22.0305 4956 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    22:01:22.0321 4956 viaagp - ok
    22:01:22.0383 4956 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    22:01:22.0383 4956 ViaC7 - ok
    22:01:22.0493 4956 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    22:01:22.0493 4956 viaide - ok
    22:01:22.0617 4956 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
    22:01:22.0617 4956 volmgr - ok
    22:01:22.0758 4956 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
    22:01:22.0773 4956 volmgrx - ok
    22:01:22.0867 4956 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
    22:01:22.0867 4956 volsnap - ok
    22:01:22.0961 4956 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    22:01:22.0961 4956 vsmraid - ok
    22:01:23.0023 4956 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    22:01:23.0039 4956 WacomPen - ok
    22:01:23.0085 4956 Wanarp (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
    22:01:23.0085 4956 Wanarp - ok
    22:01:23.0117 4956 Wanarpv6 (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
    22:01:23.0117 4956 Wanarpv6 - ok
    22:01:23.0210 4956 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    22:01:23.0210 4956 Wd - ok
    22:01:23.0351 4956 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
    22:01:23.0366 4956 Wdf01000 - ok
    22:01:23.0678 4956 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    22:01:23.0694 4956 WmiAcpi - ok
    22:01:24.0006 4956 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
    22:01:24.0006 4956 ws2ifsl - ok
    22:01:24.0099 4956 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:01:24.0099 4956 WUDFRd - ok
    22:01:24.0333 4956 yukonwlh (1dd951cf8a69fa2bea82f3e3a811fa95) C:\Windows\system32\DRIVERS\yk60x86.sys
    22:01:24.0349 4956 yukonwlh - ok
    22:01:24.0443 4956 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
    22:01:24.0505 4956 \Device\Harddisk0\DR0 - ok
    22:01:24.0505 4956 Boot (0x1200) (c4d8e7557adbd699a0a72e8508702ab3) \Device\Harddisk0\DR0\Partition0
    22:01:24.0505 4956 \Device\Harddisk0\DR0\Partition0 - ok
    22:01:24.0521 4956 ============================================================
    22:01:24.0521 4956 Scan finished
    22:01:24.0521 4956 ============================================================
    22:01:24.0552 4440 Detected object count: 0
    22:01:24.0552 4440 Actual detected object count: 0
  20. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    1. Open IE, go Tools>Internet options>Advanced tab and click on 'Reset" button.
    Restart IE.
    If still redirected proceed to step 2

    2. Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (Vista and Windows 7 users: while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE
  21. jeffh301

    jeffh301 TS Rookie Topic Starter

    I tried Step 1

    After I implemented step 1, google stopped redirecting. After that point, I did not proceed to the additional steps and notes.
  22. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  23. jeffh301

    jeffh301 TS Rookie Topic Starter

    Cleanup- Step 1

    OTL Log

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Nida
    ->Temp folder emptied: 180704 bytes
    ->Temporary Internet Files folder emptied: 2606738 bytes
    ->Java cache emptied: 2027 bytes
    ->Flash cache emptied: 343 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 3.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest

    User: Nida
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.29.1 log created on 09262011_165756

    Files\Folders moved on Reboot...
    C:\Users\Nida\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TE17C0T3\showthread[1].htm moved successfully.
    C:\Users\Nida\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
    C:\Users\Nida\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

    Registry entries deleted on Reboot...
  24. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    The issue seems to be resolved.
  25. jeffh301

    jeffh301 TS Rookie Topic Starter

    Issue resolved

    I went through your 13 step cleanup process. So far, my computer is working fine. It seems back to its old self. Thank you so much!


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.