TechSpot

Virus

By familyman14
Mar 20, 2011
  1. Hi I am back with my other sons' laptop. I tried to do the 8 steps but after doing Avira it won't let me open Malwarebytes which is already on the computer. Do I re'DL it on a portable usb? I am using my computer as it has hijacked his home page as well. Looks like it's the "win 7" virus.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Try to rename mbam.exe to scan.exe.
    If still a problem, run all steps you CAN.
     
  3. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    OK , that worked . Thanks. to be continued.....
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Cool :)..........
     
  5. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6113

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    3/20/2011 4:53:12 PM
    mbam-log-2011-03-20 (16-53-12).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 243995
    Time elapsed: 22 minute(s), 44 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    c:\Users\vile 21xx\AppData\Local\mon.exe (Trojan.FakeAlert) -> 3448 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Users\Vile 21XX\AppData\Local\mon.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\vile 21xx\AppData\Local\mon.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\vile 21xx\AppData\Local\ark.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\vile 21xx\AppData\Local\xpq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
     
  6. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by Vile 21XX at 17:27:26.56 on Sun 03/20/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2934.1738 [GMT -5:00]
    .
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\windows\system32\igfxext.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\windows\system32\consent.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\Users\Vile 21XX\Desktop\dds.scr
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
    uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    uInternet Settings,ProxyOverride = <local>
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [(Default)]
    mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
    mRun-x64: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
    mRun-x64: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
    mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
    mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    mRun-x64: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
    mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    mRun-x64: [MRT] "C:\windows\system32\MRT.exe" /R
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1205000.07D\symds64.sys [2011-1-9 450608]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1205000.07D\symefa64.sys [2011-1-9 802864]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2011-1-23 953904]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110204.001\IDSviA64.sys [2011-2-4 476792]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\ironx64.sys [2011-1-9 171128]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\symnets.sys [2011-1-9 382072]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-2-6 135336]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-2-6 269480]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-2-6 83120]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe [2011-1-9 130000]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-3 2320920]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-1-11 132656]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-27 158976]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-2-22 75304]
    R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-10-3 35008]
    R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
    R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2010-10-3 877088]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
    R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-3 239136]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-10-3 51512]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-28 1255736]
    .
    =============== Created Last 30 ================
    .
    2011-03-20 20:22:59 -------- d-----w- C:\windows\System32\%LOCALAPPDATA%
    2011-03-20 04:10:09 -------- d-----w- C:\Users\VILE21~1\AppData\Local\ElevatedDiagnostics
    2011-03-19 01:42:31 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{6581C305-78E1-4EB3-BA01-184BD66CCFF7}\mpengine.dll
    2011-02-25 23:12:06 -------- d-----w- C:\PROGRA~3\McAfee Security Scan
    2011-02-25 23:12:03 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
    2011-02-23 18:45:20 367104 ----a-w- C:\windows\System32\wcncsvc.dll
    2011-02-23 18:45:20 276992 ----a-w- C:\windows\SysWow64\wcncsvc.dll
    2011-02-22 20:14:57 662528 ----a-w- C:\windows\System32\XpsPrint.dll
    2011-02-22 20:14:57 475648 ----a-w- C:\windows\System32\XpsGdiConverter.dll
    2011-02-22 20:14:57 442880 ----a-w- C:\windows\SysWow64\XpsPrint.dll
    2011-02-22 20:14:57 288256 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
    .
    ==================== Find3M ====================
    .
    2011-02-19 06:37:44 1135104 ----a-w- C:\windows\System32\FntCache.dll
    2011-02-19 06:37:10 1540608 ----a-w- C:\windows\System32\DWrite.dll
    2011-02-19 06:36:49 902656 ----a-w- C:\windows\System32\d2d1.dll
    2011-02-19 05:32:48 1074176 ----a-w- C:\windows\SysWow64\DWrite.dll
    2011-02-19 05:32:35 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
    2011-02-02 23:11:20 270720 ------w- C:\windows\System32\MpSigStub.exe
    2011-01-26 06:53:10 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
    2011-01-26 06:53:10 265088 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
    2011-01-26 06:31:20 144384 ----a-w- C:\windows\System32\cdd.dll
    2011-01-13 13:02:44 174640 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
    2011-01-10 20:23:52 83120 ----a-w- C:\windows\System32\drivers\avgntflt.sys
    2011-01-07 08:06:50 46080 ----a-w- C:\windows\System32\atmlib.dll
    2011-01-07 07:27:11 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
    2011-01-07 05:49:20 366080 ----a-w- C:\windows\System32\atmfd.dll
    2011-01-07 05:33:11 294400 ----a-w- C:\windows\SysWow64\atmfd.dll
    2011-01-05 06:20:30 612352 ----a-w- C:\windows\System32\vbscript.dll
    2011-01-05 05:37:33 428032 ----a-w- C:\windows\SysWow64\vbscript.dll
    2011-01-05 04:00:16 3127808 ----a-w- C:\windows\System32\win32k.sys
    2010-12-23 06:07:50 1118720 ----a-w- C:\windows\System32\sbe.dll
    2010-12-23 06:07:49 961024 ----a-w- C:\windows\System32\CPFilters.dll
    2010-12-23 06:07:49 723968 ----a-w- C:\windows\System32\EncDec.dll
    2010-12-23 06:02:33 259072 ----a-w- C:\windows\System32\mpg2splt.ax
    2010-12-23 05:28:29 850432 ----a-w- C:\windows\SysWow64\sbe.dll
    2010-12-23 05:28:28 642048 ----a-w- C:\windows\SysWow64\CPFilters.dll
    2010-12-23 05:28:28 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
    2010-12-23 05:24:02 199680 ----a-w- C:\windows\SysWow64\mpg2splt.ax
    2010-12-21 06:16:27 97280 ----a-w- C:\windows\System32\wscsvc.dll
    2010-12-21 06:16:27 62976 ----a-w- C:\windows\System32\wscapi.dll
    2010-12-21 06:16:16 214016 ----a-w- C:\windows\System32\winsrv.dll
    2010-12-21 06:16:14 442880 ----a-w- C:\windows\System32\winhttp.dll
    2010-12-21 06:16:14 1197056 ----a-w- C:\windows\System32\wininet.dll
    2010-12-21 06:16:09 258048 ----a-w- C:\windows\System32\WebClnt.dll
    2010-12-21 06:15:55 264192 ----a-w- C:\windows\System32\upnp.dll
    2010-12-21 06:15:31 15360 ----a-w- C:\windows\System32\slwga.dll
    2010-12-21 06:13:03 2003968 ----a-w- C:\windows\System32\msxml6.dll
    2010-12-21 06:13:03 1880576 ----a-w- C:\windows\System32\msxml3.dll
    2010-12-21 06:10:22 100864 ----a-w- C:\windows\System32\davclnt.dll
    2010-12-21 05:38:24 51200 ----a-w- C:\windows\SysWow64\wscapi.dll
    2010-12-21 05:38:22 981504 ----a-w- C:\windows\SysWow64\wininet.dll
    2010-12-21 05:38:22 350720 ----a-w- C:\windows\SysWow64\winhttp.dll
    2010-12-21 05:38:21 204800 ----a-w- C:\windows\SysWow64\WebClnt.dll
    2010-12-21 05:38:19 204288 ----a-w- C:\windows\SysWow64\upnp.dll
    2010-12-21 05:38:16 14336 ----a-w- C:\windows\SysWow64\slwga.dll
    2010-12-21 05:36:17 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll
    2010-12-21 05:36:16 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
    2010-12-21 05:34:12 80384 ----a-w- C:\windows\SysWow64\davclnt.dll
    2010-12-21 00:08:40 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 17:27:52.23 ===============
     
  7. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/19/2011 11:07:40 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    3/19/2011 11:07:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/19/2011 11:07:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/19/2011 11:07:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/19/2011 11:07:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    3/19/2011 11:07:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/19/2011 11:07:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/19/2011 11:07:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
    3/19/2011 11:07:12 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/19/2011 11:07:12 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/19/2011 11:07:12 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/19/2011 11:07:12 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/19/2011 11:07:12 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/19/2011 11:07:12 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/19/2011 11:07:11 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/19/2011 11:07:11 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    3/19/2011 11:07:11 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/19/2011 11:07:11 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    .
    ==== End Of File =====================
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Attach.txt log is incomplete.
    Please, repost.

    I still need GMER log.
     
  9. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/25/2010 10:19:36 AM
    System Uptime: 3/20/2011 4:57:53 PM (1 hours ago)
    .
    Motherboard: Intel Corp. | | Base Board Product Name
    Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz | CPU | 1999/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 286 GiB total, 253.239 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP17: 1/29/2011 6:32:37 PM - Scheduled Checkpoint
    RP18: 2/8/2011 2:44:48 PM - Windows Update
    RP19: 2/9/2011 2:18:48 PM - Windows Update
    RP20: 2/11/2011 12:19:53 PM - Windows Update
    RP21: 2/15/2011 2:44:48 PM - Windows Update
    RP22: 2/18/2011 3:47:14 PM - Windows Update
    RP23: 2/22/2011 2:14:17 PM - Windows Update
    RP24: 2/23/2011 12:44:52 PM - Windows Update
    RP25: 2/25/2011 5:20:58 PM - Windows Update
    RP26: 3/1/2011 6:24:11 PM - Windows Update
    RP27: 3/4/2011 4:39:46 PM - Windows Update
    RP28: 3/8/2011 5:33:50 PM - Windows Update
    RP29: 3/9/2011 6:21:16 AM - Windows Update
    RP30: 3/13/2011 11:57:56 AM - Windows Update
    RP31: 3/18/2011 8:42:16 PM - Windows Update
    RP32: 3/20/2011 3:28:45 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3
    Adobe Shockwave Player 11.5
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Avira AntiVir Personal - Free Antivirus
    Best Buy pc app
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    GameSpy Arcade
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 23
    Junk Mail filter update
    Label@Once 1.0
    Malwarebytes' Anti-Malware
    McAfee Security Scan Plus
    Microsoft Choice Guard
    Microsoft Halo
    Microsoft Office 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Nexon Game Manager
    Norton Internet Security
    Pando Media Booster
    Realtek USB 2.0 Card Reader
    Realtek WLAN Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    TOSHIBA Application Installer
    TOSHIBA Assist
    Toshiba Book Place
    TOSHIBA Bulletin Board
    TOSHIBA eco Utility
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    TOSHIBA Quality Application
    TOSHIBA ReelTime
    TOSHIBA Service Station
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    ToshibaRegistration
    Unity Web Player
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/19/2011 11:07:40 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    3/19/2011 11:07:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/19/2011 11:07:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/19/2011 11:07:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/19/2011 11:07:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    3/19/2011 11:07:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/19/2011 11:07:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/19/2011 11:07:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
    3/19/2011 11:07:12 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/19/2011 11:07:12 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/19/2011 11:07:12 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/19/2011 11:07:12 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/19/2011 11:07:12 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/19/2011 11:07:12 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/19/2011 11:07:11 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/19/2011 11:07:11 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    3/19/2011 11:07:11 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/19/2011 11:07:11 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    .
    ==== End Of File ===========================
     
  10. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    I don't think I saved the gmer log, cant find it. should I run that again?
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please do.
     
  12. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    it says it hasnt found any system modifications. no log.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    OK.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  14. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Intel Corp.
    BIOS Manufacturer: INSYDE
    System Manufacturer: TOSHIBA
    System Product Name: Satellite L655
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 203):
    0x02A51000 \SystemRoot\system32\ntoskrnl.exe
    0x02A08000 \SystemRoot\system32\hal.dll
    0x00BA5000 \SystemRoot\system32\kdcom.dll
    0x00C32000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00C76000 \SystemRoot\system32\PSHED.dll
    0x00C8A000 \SystemRoot\system32\CLFS.SYS
    0x00CE8000 \SystemRoot\system32\CI.dll
    0x00E1C000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00EC0000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00ECF000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00F26000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00F2F000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00F39000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00F6C000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F79000 \SystemRoot\System32\drivers\partmgr.sys
    0x00F8E000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00F97000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00FA3000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x0108C000 \SystemRoot\System32\drivers\volmgrx.sys
    0x010E8000 \SystemRoot\System32\drivers\mountmgr.sys
    0x01102000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x01109000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x012DF000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x014E9000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x014F2000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x0151C000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x01527000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01532000 \SystemRoot\system32\drivers\fltmgr.sys
    0x0157E000 \SystemRoot\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS
    0x01200000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01214000 \SystemRoot\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS
    0x01625000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01119000 \SystemRoot\System32\Drivers\msrpc.sys
    0x017C8000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01177000 \SystemRoot\System32\Drivers\cng.sys
    0x017E2000 \SystemRoot\System32\drivers\pcw.sys
    0x017F3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x018F4000 \SystemRoot\system32\drivers\ndis.sys
    0x01800000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01860000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01A00000 \SystemRoot\System32\drivers\tcpip.sys
    0x0188B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x018D5000 \SystemRoot\system32\DRIVERS\wd.sys
    0x01000000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x018DD000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    0x018E2000 \SystemRoot\System32\Drivers\spldr.sys
    0x0104C000 \SystemRoot\System32\drivers\rdyboost.sys
    0x019E6000 \SystemRoot\System32\Drivers\mup.sys
    0x018EA000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x00FB8000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01600000 \SystemRoot\system32\DRIVERS\disk.sys
    0x00DA8000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x040AF000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x040D9000 \SystemRoot\System32\Drivers\Null.SYS
    0x040E2000 \SystemRoot\System32\Drivers\Beep.SYS
    0x040E9000 \SystemRoot\System32\drivers\vga.sys
    0x040F7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x0411C000 \SystemRoot\System32\drivers\watchdog.sys
    0x0412C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x04135000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x0413E000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x04147000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x04152000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x04163000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x04181000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03E00000 \SystemRoot\system32\drivers\afd.sys
    0x0418E000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x041D3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x00DD8000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x041DC000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x015EF000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x011EA000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03C0A000 \SystemRoot\System32\Drivers\NISx64\1205000.07D\SYMNETS.SYS
    0x03C70000 \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS
    0x03CA6000 \SystemRoot\system32\drivers\NISx64\1205000.07D\Ironx64.SYS
    0x03CD3000 \SystemRoot\system32\drivers\NISx64\1205000.07D\SRTSPX64.SYS
    0x03CE9000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03D3A000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03D46000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03D51000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110204.001\IDSvia64.sys
    0x042EE000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    0x04364000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x04389000 \SystemRoot\System32\drivers\discache.sys
    0x04398000 \SystemRoot\System32\Drivers\dfsc.sys
    0x043B6000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x04200000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110114.001\BHDrvx64.sys
    0x043C7000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x03DCC000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x04A5E000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
    0x0547D000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x05571000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x055B7000 \SystemRoot\system32\DRIVERS\HECIx64.sys
    0x055C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x04A00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x055D9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x0466A000 \SystemRoot\system32\DRIVERS\rtl8192Ce.sys
    0x0475A000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x04767000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
    0x0477C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x0479A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x047A9000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x047FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x04600000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x0460F000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    0x04619000 \SystemRoot\system32\DRIVERS\Impcd.sys
    0x04640000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x04656000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x0465B000 \SystemRoot\system32\DRIVERS\QIOMem.sys
    0x04A56000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
    0x043E9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x00C00000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x00C10000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x02E5B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x02E7F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x02E8B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x02EBA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x02ED5000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x02EF6000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x02F10000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x02F12000 \SystemRoot\system32\DRIVERS\ks.sys
    0x02F55000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x02F67000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x02FC1000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x0589D000 \SystemRoot\system32\drivers\CHDRT64.sys
    0x05950000 \SystemRoot\system32\drivers\portcls.sys
    0x0598D000 \SystemRoot\system32\drivers\drmk.sys
    0x059AF000 \SystemRoot\system32\drivers\ksthunk.sys
    0x00040000 \SystemRoot\System32\win32k.sys
    0x059B5000 \SystemRoot\System32\drivers\Dxapi.sys
    0x059C1000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x03E8A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x059CF000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x0583D000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x005A0000 \SystemRoot\System32\TSDDD.dll
    0x00660000 \SystemRoot\System32\cdd.dll
    0x0584B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x05868000 \SystemRoot\system32\drivers\luafv.sys
    0x059E2000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x05800000 \SystemRoot\system32\drivers\WudfPf.sys
    0x05821000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x02E00000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x02FD6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x04094000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x02A3B000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x02A69000 \SystemRoot\system32\DRIVERS\pgeffect.sys
    0x02A70000 \SystemRoot\system32\DRIVERS\vwifimp.sys
    0x02A7A000 \SystemRoot\system32\drivers\HTTP.sys
    0x02B42000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x02B60000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x02B78000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x02BA5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x02A00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x05656000 \SystemRoot\system32\drivers\peauth.sys
    0x056FC000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x05707000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x05734000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x05746000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x05C9A000 \SystemRoot\System32\DRIVERS\srv.sys
    0x05DA1000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x05DAF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x05DC8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x05DD1000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x76E80000 \Windows\System32\ntdll.dll
    0x47D10000 \Windows\System32\smss.exe
    0xFF1A0000 \Windows\System32\apisetschema.dll
    0xFF680000 \Windows\System32\autochk.exe
    0xFF120000 \Windows\System32\gdi32.dll
    0xFF0A0000 \Windows\System32\shlwapi.dll
    0xFF000000 \Windows\System32\msvcrt.dll
    0x77050000 \Windows\System32\normaliz.dll
    0xFEF80000 \Windows\System32\difxapi.dll
    0xFED70000 \Windows\System32\ole32.dll
    0xFEC90000 \Windows\System32\advapi32.dll
    0xFEC40000 \Windows\System32\Wldap32.dll
    0xFEB10000 \Windows\System32\wininet.dll
    0xFEB00000 \Windows\System32\nsi.dll
    0xFEA30000 \Windows\System32\usp10.dll
    0xFE850000 \Windows\System32\setupapi.dll
    0xFE820000 \Windows\System32\imm32.dll
    0xFE800000 \Windows\System32\sechost.dll
    0xFE6F0000 \Windows\System32\msctf.dll
    0xFE5C0000 \Windows\System32\rpcrt4.dll
    0xFE520000 \Windows\System32\comdlg32.dll
    0x76D60000 \Windows\System32\kernel32.dll
    0xFE3A0000 \Windows\System32\urlmon.dll
    0x77040000 \Windows\System32\psapi.dll
    0x76C60000 \Windows\System32\user32.dll
    0xFE300000 \Windows\System32\clbcatq.dll
    0xFD570000 \Windows\System32\shell32.dll
    0xFD310000 \Windows\System32\iertutil.dll
    0xFD230000 \Windows\System32\oleaut32.dll
    0xFD210000 \Windows\System32\imagehlp.dll
    0xFD200000 \Windows\System32\lpk.dll
    0xFD1B0000 \Windows\System32\ws2_32.dll
    0xFD170000 \Windows\System32\wintrust.dll
    0xFD000000 \Windows\System32\crypt32.dll
    0xFCF90000 \Windows\System32\KernelBase.dll
    0xFCEF0000 \Windows\System32\comctl32.dll
    0xFCED0000 \Windows\System32\devobj.dll
    0xFCE90000 \Windows\System32\cfgmgr32.dll
    0xFCE80000 \Windows\System32\msasn1.dll
    0x75C70000 \Windows\SysWOW64\normaliz.dll

    Processes (total 74):
    0 System Idle Process
    4 System
    312 C:\Windows\System32\smss.exe
    416 csrss.exe
    480 C:\Windows\System32\wininit.exe
    492 csrss.exe
    528 C:\Windows\System32\services.exe
    552 C:\Windows\System32\lsass.exe
    560 C:\Windows\System32\lsm.exe
    656 C:\Windows\System32\svchost.exe
    756 C:\Windows\System32\svchost.exe
    812 C:\Windows\System32\svchost.exe
    848 C:\Windows\System32\svchost.exe
    872 C:\Windows\System32\svchost.exe
    948 C:\Windows\System32\winlogon.exe
    424 C:\Windows\System32\svchost.exe
    372 C:\Windows\System32\svchost.exe
    1264 C:\Windows\System32\spoolsv.exe
    1296 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1320 C:\Windows\System32\svchost.exe
    1416 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1472 C:\Windows\System32\svchost.exe
    1524 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    1552 C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
    1616 C:\Windows\System32\TODDSrv.exe
    1648 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    1684 C:\Program Files\TOSHIBA\TECO\TecoService.exe
    1832 C:\Windows\System32\SearchIndexer.exe
    2072 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    2080 C:\Windows\System32\conhost.exe
    2064 C:\Windows\System32\taskhost.exe
    2232 C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
    1368 C:\Windows\System32\dwm.exe
    2788 C:\Windows\explorer.exe
    3144 C:\Windows\System32\igfxtray.exe
    3160 C:\Windows\System32\hkcmd.exe
    3172 C:\Windows\System32\igfxpers.exe
    3188 C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    3248 C:\Windows\System32\igfxsrvc.exe
    3304 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3320 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    3368 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    3432 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    3540 C:\Program Files\TOSHIBA\TECO\Teco.exe
    3616 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    3636 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    3700 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3820 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    3848 C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    3872 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3888 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    3940 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3408 C:\Windows\System32\igfxext.exe
    3204 C:\Program Files\Windows Media Player\wmpnetwk.exe
    1980 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    3712 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    4408 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    748 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    1140 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    920 C:\Windows\SysWOW64\notepad.exe
    1540 C:\Windows\SysWOW64\notepad.exe
    2332 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    5088 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    3460 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe
    540 WmiPrvSE.exe
    1916 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    2828 C:\Windows\System32\SearchFilterHost.exe
    2292 C:\Windows\System32\audiodg.exe
    4636 C:\Windows\System32\taskeng.exe
    2380 C:\Windows\System32\SearchProtocolHost.exe
    3840 dllhost.exe
    3912 dllhost.exe
    4860 C:\Users\Vile 21XX\Desktop\MBRCheck.exe
    4912 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

    PhysicalDrive0 Model Number: TOSHIBAMK3265GSXN, Rev: GH101M

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


    Done!
     
  15. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    ComboFix 11-03-19.04 - Vile 21XX 03/20/2011 18:40:41.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2934.1851 [GMT -5:00]
    Running from: c:\users\Vile 21XX\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\Thumbs.db
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-20 to 2011-03-20 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-20 23:43 . 2011-03-20 23:43 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-20 23:38 . 2011-03-20 23:39 -------- d-----w- C:\32788R22FWJFW
    2011-03-20 20:22 . 2011-03-20 20:22 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
    2011-03-20 04:10 . 2011-03-20 04:10 -------- d-----w- c:\users\Vile 21XX\AppData\Local\ElevatedDiagnostics
    2011-03-19 01:42 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6581C305-78E1-4EB3-BA01-184BD66CCFF7}\mpengine.dll
    2011-02-25 23:12 . 2011-02-25 23:12 -------- d-----w- c:\programdata\McAfee
    2011-02-25 23:12 . 2011-02-25 23:12 -------- d-----w- c:\programdata\McAfee Security Scan
    2011-02-25 23:12 . 2011-03-01 00:14 -------- d-----w- c:\program files (x86)\McAfee Security Scan
    2011-02-23 18:45 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
    2011-02-23 18:45 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
    2011-02-22 20:14 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-02-22 20:14 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 20:14 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-02-22 20:14 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-02 23:11 . 2010-12-25 16:22 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-26 06:53 . 2011-02-08 20:47 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-26 06:53 . 2011-02-08 20:47 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-01-26 06:31 . 2011-02-08 20:47 144384 ----a-w- c:\windows\system32\cdd.dll
    2011-01-13 13:02 . 2011-01-08 16:25 174640 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2011-01-10 20:23 . 2011-02-07 03:35 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-01-10 20:23 . 2011-02-07 03:35 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-01-07 08:06 . 2011-02-08 20:47 46080 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-07 07:27 . 2011-02-08 20:47 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2011-01-07 05:49 . 2011-02-08 20:47 366080 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-07 05:33 . 2011-02-08 20:47 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
    2011-01-05 06:20 . 2011-02-08 20:47 612352 ----a-w- c:\windows\system32\vbscript.dll
    2011-01-05 05:37 . 2011-02-08 20:47 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-01-05 04:00 . 2011-02-08 20:47 3127808 ----a-w- c:\windows\system32\win32k.sys
    2010-12-21 06:16 . 2011-02-08 20:47 62976 ----a-w- c:\windows\system32\wscapi.dll
    2010-12-21 06:16 . 2011-02-08 20:47 97280 ----a-w- c:\windows\system32\wscsvc.dll
    2010-12-21 06:16 . 2011-02-08 20:47 214016 ----a-w- c:\windows\system32\winsrv.dll
    2010-12-21 06:16 . 2011-02-08 20:47 442880 ----a-w- c:\windows\system32\winhttp.dll
    2010-12-21 06:16 . 2011-02-08 20:47 1197056 ----a-w- c:\windows\system32\wininet.dll
    2010-12-21 06:16 . 2011-02-08 20:47 258048 ----a-w- c:\windows\system32\WebClnt.dll
    2010-12-21 06:15 . 2011-02-08 20:47 264192 ----a-w- c:\windows\system32\upnp.dll
    2010-12-21 06:15 . 2011-02-08 20:47 15360 ----a-w- c:\windows\system32\slwga.dll
    2010-12-21 06:13 . 2011-02-08 20:47 2003968 ----a-w- c:\windows\system32\msxml6.dll
    2010-12-21 06:13 . 2011-02-08 20:47 1880576 ----a-w- c:\windows\system32\msxml3.dll
    2010-12-21 06:10 . 2011-02-08 20:47 100864 ----a-w- c:\windows\system32\davclnt.dll
    2010-12-21 05:38 . 2011-02-08 20:47 51200 ----a-w- c:\windows\SysWow64\wscapi.dll
    2010-12-21 05:38 . 2011-02-08 20:47 981504 ----a-w- c:\windows\SysWow64\wininet.dll
    2010-12-21 05:38 . 2011-02-08 20:47 350720 ----a-w- c:\windows\SysWow64\winhttp.dll
    2010-12-21 05:38 . 2011-02-08 20:47 204800 ----a-w- c:\windows\SysWow64\WebClnt.dll
    2010-12-21 05:38 . 2011-02-08 20:47 204288 ----a-w- c:\windows\SysWow64\upnp.dll
    2010-12-21 05:38 . 2011-02-08 20:47 14336 ----a-w- c:\windows\SysWow64\slwga.dll
    2010-12-21 05:36 . 2011-02-08 20:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
    2010-12-21 05:36 . 2011-02-08 20:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2010-12-21 05:34 . 2011-02-08 20:47 80384 ----a-w- c:\windows\SysWow64\davclnt.dll
    2010-12-21 00:09 . 2011-02-07 03:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-21 00:08 . 2011-02-07 03:39 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-10 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
    "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 136176]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2010-11-23 953904]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110204.001\IDSvia64.sys [2010-11-09 476792]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1205000.07D\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1205000.07D\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
    S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-01-08 132656]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
    S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
    S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
    S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 02:09]
    .
    2011-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 02:09]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
    "MRT"="c:\windows\system32\MRT.exe" [2011-03-03 39946696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-(Default) - (no file)
    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
    HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
    HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
    HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-03-20 18:45:05
    ComboFix-quarantined-files.txt 2011-03-20 23:45
    .
    Pre-Run: 271,818,649,600 bytes free
    Post-Run: 271,336,607,744 bytes free
    .
    - - End Of File - - C328827FFCA559F51B035039961DD63C
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You're running two AV programs, Norton and Avira.
    One of them has to go.
    If Norton, use this tool to uninstall it: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

    ==========================================================================

    You can uninstall McAfee Security Scan, typical foistware.

    =======================================================================

    Combofix looks good now.
    How is computer doing?

    ======================================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  17. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    Deleted Norton and Macafee. No more pop ups or hijacked home page. Running OTL as I type this on my home comp. Logs momentarily.
     
  18. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    OTL logfile created on: 3/20/2011 7:12:11 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Vile 21XX\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.29 Gb Total Space | 253.12 Gb Free Space | 88.42% Space Free | Partition Type: NTFS

    Computer Name: VILE21XX-PC | User Name: Vile 21XX | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/20 19:10:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Vile 21XX\Desktop\OTL.exe
    PRC - [2011/03/18 20:31:58 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/01/10 15:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/01/10 15:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/02/24 03:54:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/20 19:10:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Vile 21XX\Desktop\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/02/25 21:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV:64bit: - [2010/02/23 19:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2009/11/06 00:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV - [2011/03/18 20:31:58 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/01/10 15:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/10/06 11:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/01/10 15:23:53 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2011/01/10 15:23:52 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2010/07/29 07:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/03/31 01:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2010/03/24 15:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/02/27 09:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/22 20:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2010/02/12 17:49:16 | 000,877,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
    DRV:64bit: - [2010/02/08 23:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
    DRV:64bit: - [2009/06/15 15:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4068341493-3767620481-2021566952-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
    IE - HKU\S-1-5-21-4068341493-3767620481-2021566952-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-4068341493-3767620481-2021566952-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=TSND&bmod=TSND
    IE - HKU\S-1-5-21-4068341493-3767620481-2021566952-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4068341493-3767620481-2021566952-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


    [2011/01/15 22:10:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vile 21XX\AppData\Roaming\Mozilla\Extensions
    [2011/01/15 22:10:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vile 21XX\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com

    O1 HOSTS File: ([2011/03/20 18:43:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-4068341493-3767620481-2021566952-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
    O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4068341493-3767620481-2021566952-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4068341493-3767620481-2021566952-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O7 - HKU\S-1-5-21-4068341493-3767620481-2021566952-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKU\S-1-5-21-4068341493-3767620481-2021566952-1000..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/20 19:10:11 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Vile 21XX\Desktop\OTL.exe
    [2011/03/20 19:03:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/03/20 18:45:07 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2011/03/20 18:40:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2011/03/20 18:40:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2011/03/20 18:40:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2011/03/20 18:39:59 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2011/03/20 18:38:23 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/20 18:38:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
    [2011/03/20 18:38:03 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/03/20 15:22:59 | 000,000,000 | ---D | C] -- C:\windows\SysNative\%LOCALAPPDATA%
    [2011/03/19 23:10:09 | 000,000,000 | ---D | C] -- C:\Users\Vile 21XX\AppData\Local\ElevatedDiagnostics
    [2011/02/25 18:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

    ========== Files - Modified Within 30 Days ==========

    [2011/03/20 19:10:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Vile 21XX\Desktop\OTL.exe
    [2011/03/20 19:10:03 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/03/20 19:10:03 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/03/20 19:07:02 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2011/03/20 19:07:02 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2011/03/20 19:07:02 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2011/03/20 19:03:56 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/03/20 19:02:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2011/03/20 19:02:42 | 2307,280,896 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/20 18:43:33 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2011/03/20 18:37:53 | 004,297,576 | R--- | M] () -- C:\Users\Vile 21XX\Desktop\ComboFix.exe
    [2011/03/20 18:35:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/03/20 18:34:16 | 000,080,384 | ---- | M] () -- C:\Users\Vile 21XX\Desktop\MBRCheck.exe
    [2011/03/20 17:27:23 | 000,625,664 | ---- | M] () -- C:\Users\Vile 21XX\Desktop\dds.scr
    [2011/03/20 17:03:08 | 000,301,568 | ---- | M] () -- C:\Users\Vile 21XX\Desktop\qc5n2qq5.exe
    [2011/03/20 16:26:36 | 000,009,442 | -HS- | M] () -- C:\Users\Vile 21XX\AppData\Local\8q1gjv45b1b2ny58w4voq16g4u2
    [2011/03/20 15:30:43 | 000,000,197 | ---- | M] () -- C:\windows\SysNative\MRT.INI
    [2011/03/19 23:07:43 | 000,009,356 | -HS- | M] () -- C:\ProgramData\8q1gjv45b1b2ny58w4voq16g4u2
    [2011/03/07 18:54:43 | 004,667,299 | ---- | M] () -- C:\Users\Vile 21XX\Documents\English Huck Finn Epilogue.rtf

    ========== Files Created - No Company Name ==========

    [2011/03/20 18:40:03 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
    [2011/03/20 18:40:03 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2011/03/20 18:40:03 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
    [2011/03/20 18:40:03 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2011/03/20 18:40:03 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2011/03/20 18:37:47 | 004,297,576 | R--- | C] () -- C:\Users\Vile 21XX\Desktop\ComboFix.exe
    [2011/03/20 18:34:15 | 000,080,384 | ---- | C] () -- C:\Users\Vile 21XX\Desktop\MBRCheck.exe
    [2011/03/20 17:27:14 | 000,625,664 | ---- | C] () -- C:\Users\Vile 21XX\Desktop\dds.scr
    [2011/03/20 17:02:17 | 000,301,568 | ---- | C] () -- C:\Users\Vile 21XX\Desktop\qc5n2qq5.exe
    [2011/03/20 15:30:43 | 000,000,197 | ---- | C] () -- C:\windows\SysNative\MRT.INI
    [2011/03/19 21:55:17 | 000,009,442 | -HS- | C] () -- C:\Users\Vile 21XX\AppData\Local\8q1gjv45b1b2ny58w4voq16g4u2
    [2011/03/19 21:55:17 | 000,009,356 | -HS- | C] () -- C:\ProgramData\8q1gjv45b1b2ny58w4voq16g4u2
    [2011/03/07 18:54:42 | 004,667,299 | ---- | C] () -- C:\Users\Vile 21XX\Documents\English Huck Finn Epilogue.rtf
    [2010/07/29 07:08:46 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
    [2010/07/29 07:08:44 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
    [2010/07/29 07:08:42 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
    [2010/07/29 06:14:38 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
    [2010/07/29 06:14:38 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
    [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
    [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
    [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
    [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/01/16 12:42:36 | 000,000,000 | ---D | M] -- C:\Users\Vile 21XX\AppData\Roaming\IMVU
    [2011/01/16 12:49:46 | 000,000,000 | ---D | M] -- C:\Users\Vile 21XX\AppData\Roaming\IMVUClient
    [2011/01/16 12:52:14 | 000,000,000 | ---D | M] -- C:\Users\Vile 21XX\AppData\Roaming\Tific
    [2010/12/25 11:36:26 | 000,000,000 | ---D | M] -- C:\Users\Vile 21XX\AppData\Roaming\Toshiba
    [2010/12/25 11:20:08 | 000,000,000 | ---D | M] -- C:\Users\Vile 21XX\AppData\Roaming\WinBatch
    [2009/07/14 00:08:49 | 000,010,916 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/09/10 13:17:16 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/03/20 18:45:06 | 000,017,458 | ---- | M] () -- C:\ComboFix.txt
    [2011/03/20 19:02:42 | 2307,280,896 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/20 19:02:42 | 3076,374,528 | -HS- | M] () -- C:\pagefile.sys
    [2010/10/03 22:09:21 | 000,000,047 | ---- | M] () -- C:\Status.log

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/04/17 02:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/12/25 11:21:50 | 000,000,221 | -HS- | M] () -- C:\Users\Vile 21XX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/03/20 18:37:53 | 004,297,576 | R--- | M] () -- C:\Users\Vile 21XX\Desktop\ComboFix.exe
    [2011/03/20 18:34:16 | 000,080,384 | ---- | M] () -- C:\Users\Vile 21XX\Desktop\MBRCheck.exe
    [2011/01/02 00:04:34 | 2278,765,886 | ---- | M] (Nexon) -- C:\Users\Vile 21XX\Desktop\MSSetupv94.exe
    [2011/03/20 19:10:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Vile 21XX\Desktop\OTL.exe
    [2011/03/20 17:03:08 | 000,301,568 | ---- | M] () -- C:\Users\Vile 21XX\Desktop\qc5n2qq5.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/12/28 15:41:09 | 000,000,402 | -HS- | M] () -- C:\Users\Vile 21XX\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/03/19 23:07:43 | 000,009,356 | -HS- | M] () -- C:\ProgramData\8q1gjv45b1b2ny58w4voq16g4u2

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

    < End of report >
     
  19. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    OTL Extras logfile created on: 3/20/2011 7:12:11 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Vile 21XX\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.29 Gb Total Space | 253.12 Gb Free Space | 88.42% Space Free | Partition Type: NTFS

    Computer Name: VILE21XX-PC | User Name: Vile 21XX | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
    "{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
    "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 23
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
    "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}" = Toshiba Book Place
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "GameSpy Arcade" = GameSpy Arcade
    "Google Chrome" = Google Chrome
    "Halo" = Microsoft Halo
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
    "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
    "InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4068341493-3767620481-2021566952-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "48e4cff94f039634" = Best Buy pc app
    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/25/2010 7:16:03 PM | Computer Name = Vile21XX-PC | Source = Google Update | ID = 20
    Description =

    Error - 12/25/2010 8:14:05 PM | Computer Name = Vile21XX-PC | Source = Google Update | ID = 20
    Description =

    Error - 12/25/2010 8:16:03 PM | Computer Name = Vile21XX-PC | Source = Google Update | ID = 20
    Description =

    Error - 12/25/2010 9:14:05 PM | Computer Name = Vile21XX-PC | Source = Google Update | ID = 20
    Description =

    Error - 12/25/2010 9:16:03 PM | Computer Name = Vile21XX-PC | Source = Google Update | ID = 20
    Description =

    Error - 12/25/2010 10:14:05 PM | Computer Name = Vile21XX-PC | Source = Google Update | ID = 20
    Description =

    Error - 12/25/2010 10:16:03 PM | Computer Name = Vile21XX-PC | Source = Google Update | ID = 20
    Description =

    Error - 1/2/2011 3:31:44 AM | Computer Name = Vile21XX-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7600.16700 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1628 Start
    Time: 01cbaa4e11f11dfb Termination Time: 0 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id: 52557857-1642-11e0-a94e-60eb692c95c9

    Error - 1/8/2011 1:04:17 AM | Computer Name = Vile21XX-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7600.16700 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 10f8 Start
    Time: 01cbaece2fb68cef Termination Time: 0 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id: b8bdb4e3-1ae4-11e0-a94e-60eb692c95c9

    Error - 1/15/2011 10:41:12 AM | Computer Name = Vile21XX-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: TWebCamera.exe, version: 1.1.1.15, time
    stamp: 0x4b841370 Faulting module name: TWebCamera.exe, version: 1.1.1.15, time
    stamp: 0x4b841370 Exception code: 0xc0000005 Fault offset: 0x0000f477 Faulting process
    id: 0xe48 Faulting application start time: 0x01cbb4c23fcaf9ed Faulting application
    path: C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    Faulting
    module path: C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    Report
    Id: 7f10f17c-20b5-11e0-ac90-60eb692c95c9

    [ System Events ]
    Error - 1/16/2011 2:12:26 PM | Computer Name = Vile21XX-PC | Source = Service Control Manager | ID = 7000
    Description = The Symantec Real Time Storage Protection x64 service failed to start
    due to the following error: %%31

    Error - 1/16/2011 2:12:26 PM | Computer Name = Vile21XX-PC | Source = SRTSP | ID = 524292
    Description =

    Error - 1/16/2011 2:12:26 PM | Computer Name = Vile21XX-PC | Source = SRTSP | ID = 524293
    Description =

    Error - 1/16/2011 2:12:26 PM | Computer Name = Vile21XX-PC | Source = Service Control Manager | ID = 7000
    Description = The Symantec Real Time Storage Protection x64 service failed to start
    due to the following error: %%31

    Error - 1/16/2011 3:51:41 PM | Computer Name = Vile21XX-PC | Source = bowser | ID = 8003
    Description =

    Error - 1/16/2011 4:15:43 PM | Computer Name = Vile21XX-PC | Source = bowser | ID = 8003
    Description =

    Error - 1/19/2011 8:33:32 PM | Computer Name = Vile21XX-PC | Source = Service Control Manager | ID = 7024
    Description = The Windows Firewall service terminated with service-specific error
    %%5.

    Error - 1/23/2011 3:07:45 PM | Computer Name = Vile21XX-PC | Source = DCOM | ID = 10010
    Description =

    Error - 2/6/2011 10:02:55 PM | Computer Name = Vile21XX-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the Browser service.

    Error - 2/6/2011 11:36:07 PM | Computer Name = Vile21XX-PC | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for Start with the following error:
    %%5


    < End of report >
     
  20. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good news :)

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-4068341493-3767620481-2021566952-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [2011/02/25 18:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
      [2011/03/20 16:26:36 | 000,009,442 | -HS- | M] () -- C:\Users\Vile 21XX\AppData\Local\8q1gjv45b1b2ny58w4voq16g4u2
      [2011/03/19 23:07:43 | 000,009,356 | -HS- | M] () -- C:\ProgramData\8q1gjv45b1b2ny58w4voq16g4u2
      @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  21. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-4068341493-3767620481-2021566952-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    C:\ProgramData\McAfee\MCLOGS\SecurityScanner\McUICnt folder moved successfully.
    C:\ProgramData\McAfee\MCLOGS\SecurityScanner folder moved successfully.
    C:\ProgramData\McAfee\MCLOGS\PartnerCustom\SSScheduler folder moved successfully.
    C:\ProgramData\McAfee\MCLOGS\PartnerCustom\SecurityScan_Release folder moved successfully.
    C:\ProgramData\McAfee\MCLOGS\PartnerCustom\McUICnt folder moved successfully.
    C:\ProgramData\McAfee\MCLOGS\PartnerCustom\McCHSvc folder moved successfully.
    C:\ProgramData\McAfee\MCLOGS\PartnerCustom folder moved successfully.
    C:\ProgramData\McAfee\MCLOGS\McUICnt\McUICnt folder moved successfully.
    C:\ProgramData\McAfee\MCLOGS\McUICnt folder moved successfully.
    C:\ProgramData\McAfee\MCLOGS\Common\MsiExec folder moved successfully.
    C:\ProgramData\McAfee\MCLOGS\Common\McCHSvc folder moved successfully.
    C:\ProgramData\McAfee\MCLOGS\Common folder moved successfully.
    C:\ProgramData\McAfee\MCLOGS folder moved successfully.
    C:\ProgramData\McAfee folder moved successfully.
    C:\Users\Vile 21XX\AppData\Local\8q1gjv45b1b2ny58w4voq16g4u2 moved successfully.
    C:\ProgramData\8q1gjv45b1b2ny58w4voq16g4u2 moved successfully.
    ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
    ========== COMMANDS ==========
     
  22. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player 10.1.53.64
    Adobe Reader 9.3
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````
     
  23. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    no threats on escan.
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    =======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  25. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Vile 21XX
    ->Temp folder emptied: 1526688 bytes
    ->Temporary Internet Files folder emptied: 11174295 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 12.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Vile 21XX
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.22.3 log created on 03202011_202502

    Files\Folders moved on Reboot...
    C:\Users\Vile 21XX\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Vile 21XX\AppData\Local\Temp\~DF033354109F946665.TMP not found!
    File\Folder C:\Users\Vile 21XX\AppData\Local\Temp\~DF07C4E8F5A2DFA06A.TMP not found!
    File\Folder C:\Users\Vile 21XX\AppData\Local\Temp\~DF296196CF8D87113B.TMP not found!
    File\Folder C:\Users\Vile 21XX\AppData\Local\Temp\~DF2AFCF56376BCB652.TMP not found!
    File\Folder C:\Users\Vile 21XX\AppData\Local\Temp\~DF39C2C01F279F989D.TMP not found!
    File\Folder C:\Users\Vile 21XX\AppData\Local\Temp\~DF4E9CC64A6014732A.TMP not found!
    File\Folder C:\Users\Vile 21XX\AppData\Local\Temp\~DFC75015C0348A0178.TMP not found!
    File\Folder C:\Users\Vile 21XX\AppData\Local\Temp\~DFFE0AB820138C5B3D.TMP not found!
    C:\Users\Vile 21XX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWTSQSZG\crosspixel-dest[1].htm moved successfully.
    C:\Users\Vile 21XX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IZX0Y65\sh35[1].html moved successfully.
    C:\Users\Vile 21XX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IZX0Y65\topic162706-2[1].html moved successfully.
    C:\Users\Vile 21XX\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...