Solved Random very frequent internet disconnects

Status
Not open for further replies.
R

rss00

Posts: 14   +0
I believe I caught a virus. Two other computers on the same WIFI do not randomly disconnect from the internet. HJK is attached. Thanks.
 

Attachments

  • hijackthis.log
    10.4 KB · Views: 0
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
random disconnects from internet

I appreciate the response to my post. I didn't get the chance to explain further when I posted because my computer kept getting "kicked Off." What originally happened was that a virus/trojan attached to me while in England. The kind that requests you to go to a websight to remove viruses. Bit by bit more things started happening that disabled any computer functions. Windows would pop up warning me about slow and inoperable resources and programs and data files would disappear. I made to mistake of doing a restore before getting rid of it but eventually eliminated it. (It made its way through Adaware and Norton antivirus that I keep active.) After getting through all this, to the point where the computer seemed to work OK, it appeared that googling often took me to "sales" sites. I could only get to other web sites by pasting the url in the address line...clicking on it through google would redirect me to some sales site.

Anyway, after returning home (back to the USA) I did a system recover from a Ghost backup I made before going to England. However, this left me with what appears to be frequent "redirections" to sales sites and very frequently being kicked out of the internet...usually within about 3 - 5 minutes.

From the advice on this forum I have run Malwarebytes, GMER, and tried to run DDS but it hangs up with the progress indicators getting as far as the "t" under the word "it" from the previous line printed before the progress line started. It hangs there and completely locks up the computer...ctrl/alt/del doesn't work...I have to power down. Here, at least are the results of Malwarebytes and GMER. I have also scanned with norton and Adaware.

The Malwarebytes show an older version but I downloaded program and data updates before running.

Thanks for the help.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7417

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/9/2011 8:50:57 AM
mbam-log-2011-08-09 (08-50-57).txt

Scan type: Quick scan
Objects scanned: 180967
Time elapsed: 7 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-09 13:56:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2060BH rev.00000025
Running: gxx2xldn.exe; Driver: C:\DOCUME~1\RSSTUM~1\LOCALS~1\Temp\pwldyfob.sys


---- System - GMER 1.0.15 ----

SSDT 8A088760 ZwConnectPort
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF766787E]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0x9E46F350]
SSDT 89C81698 ZwQueryValueKey
SSDT 89C39AE8 ZwResumeThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0x9E46F580]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 384 804E29F0 4 Bytes CALL 9AD7ED8F
.text KDCOM.DLL!KdSendPacket F7987345 6 Bytes [FA, 8D, 46, 01, 25, FF]
.text KDCOM.DLL!KdSendPacket F798734D 5 Bytes [80, 79, 07, 48, 0D]
.text KDCOM.DLL!KdSendPacket F7987353 29 Bytes [FF, FF, FF, 40, 0F, B6, F0, ...]
.text KDCOM.DLL!KdSendPacket F7987371 28 Bytes [FF, FF, FF, 42, 0F, B6, FA, ...]
.text KDCOM.DLL!KdD0Transition + 8 F798738E 17 Bytes [08, 03, 55, F8, 03, D8, 81, ...]
.text KDCOM.DLL!KdD0Transition + 1A F79873A0 42 Bytes [FF, FF, FF, 43, 0F, B6, C3, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 25 F79873CB 6 Bytes [00, C9, C2, 08, 00, 55] {ADD CL, CL; RET 0x8; PUSH EBP}
.text KDCOM.DLL!KdDebuggerInitialize0 + 2C F79873D2 23 Bytes [EC, 83, C8, FF, 83, 7D, 08, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 44 F79873EA 162 Bytes [42, 5E, F6, C1, 01, 74, 0A, ...]
.text KDCOM.DLL!KdRestore + 2D F798748D 1 Byte [43]
.text KDCOM.DLL!KdRestore + 2D F798748D 77 Bytes [43, 08, 89, 45, FC, 8B, 55, ...]
.text KDCOM.DLL!KdRestore + 7C F79874DC 25 Bytes [C9, C2, 08, 00, 55, 8B, EC, ...]
.text KDCOM.DLL!KdRestore + 97 F79874F7 21 Bytes [89, 06, 89, 46, 08, 89, 46, ...]
.text KDCOM.DLL!KdRestore + AD F798750D 241 Bytes CALL F798746D \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
.text ...
PAGEKD KDCOM.DLL!KdReceivePacket + 2 F7987F4E 205 Bytes [F0, 8D, 45, FC, 50, 53, 56, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + D0 F798801C 2 Bytes [75, 0E] {JNZ 0x10}
PAGEKD KDCOM.DLL!KdReceivePacket + D3 F798801F 1 Byte [C0]
PAGEKD KDCOM.DLL!KdReceivePacket + D3 F798801F 103 Bytes [C0, 02, 83, C2, 02, 84, DB, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + 13B F7988087 131 Bytes [7D, 0C, B8, 4D, 5A, 00, 00, ...]
PAGEKD ...
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB9947EBF]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00F5000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F2000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00F1000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F3000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00F4000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F0000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B4692A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B46B35
.text C:\WINDOWS\system32\SearchIndexer.exe[2056] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\program files\real\realplayer\update\realsched.exe[2620] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2840] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2840] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2840] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2840] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2840] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2840] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2840] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2840] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2840] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2840] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B4692A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2840] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B46B35

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdD0Transition] [F79875DF] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdD3Transition] [F79875E9] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdRestore] [F7987619] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdReceivePacket] [F798760D] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdDebuggerInitialize0] [F79875F3] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdSave] [F7987625] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdDebuggerInitialize1] [F79875FF] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdSendPacket] [F7987631] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\hal.dll[KDCOM.dll!KdRestore] [F7987619] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!WRITE_REGISTER_UCHAR] 6C6C642E
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!READ_REGISTER_UCHAR] 8B550000
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!HalPrivateDispatchTable] 835151EC
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!KeFindConfigurationEntry] 8300F865
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!InbvDisplayString] 8A000C7D
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!KdDebuggerNotPresent] 00010081
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!_strupr] 01918A00
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!strstr] 0F000001
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!MmMapIoSpace] 00008386
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!atol] 57565300
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!READ_PORT_UCHAR] 736F746E
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!WRITE_PORT_UCHAR] 6C6E726B
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!HalQueryRealTimeClock] 6578652E
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!HalInitSystem] 00000000
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!KdComPortInUse] 2E6C6168

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[1444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Threads - GMER 1.0.15 ----

Thread System [4:108] 8A2700B3
Thread System [4:120] 8A2717FB

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 387532

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\rs stump\Cookies\rs_stump@wtp101[1].txt 1199 bytes
File C:\Documents and Settings\rs stump\Local Settings\Temporary Internet Files\Content.IE5\HRNFCHM1\crossdomain[1].xml 258 bytes
File C:\Documents and Settings\rs stump\Local Settings\Temporary Internet Files\Content.IE5\NX3MW6XL\xd_receiver[4].htm 591 bytes

---- EOF - GMER 1.0.15 ----
 
Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Random vert freqent disconnects from internet

Thanks again for your help. Below is the results of TDSkiller.

2011/08/10 07:38:41.0467 4724 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/10 07:38:43.0400 4724 ================================================================================
2011/08/10 07:38:43.0400 4724 SystemInfo:
2011/08/10 07:38:43.0400 4724
2011/08/10 07:38:43.0400 4724 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/10 07:38:43.0400 4724 Product type: Workstation
2011/08/10 07:38:43.0400 4724 ComputerName: TOSHIBA-USER
2011/08/10 07:38:43.0400 4724 UserName: rs stump
2011/08/10 07:38:43.0400 4724 Windows directory: C:\WINDOWS
2011/08/10 07:38:43.0400 4724 System windows directory: C:\WINDOWS
2011/08/10 07:38:43.0400 4724 Processor architecture: Intel x86
2011/08/10 07:38:43.0400 4724 Number of processors: 1
2011/08/10 07:38:43.0400 4724 Page size: 0x1000
2011/08/10 07:38:43.0400 4724 Boot type: Normal boot
2011/08/10 07:38:43.0400 4724 ================================================================================
2011/08/10 07:38:45.0172 4724 Initialize success
2011/08/10 07:38:50.0791 3200 ================================================================================
2011/08/10 07:38:50.0791 3200 Scan started
2011/08/10 07:38:50.0791 3200 Mode: Manual;
2011/08/10 07:38:50.0791 3200 ================================================================================
2011/08/10 07:38:51.0772 3200 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/10 07:38:51.0812 3200 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/10 07:38:51.0862 3200 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/10 07:38:51.0932 3200 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/08/10 07:38:52.0002 3200 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/10 07:38:52.0122 3200 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/08/10 07:38:52.0513 3200 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/10 07:38:52.0653 3200 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/10 07:38:52.0713 3200 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/10 07:38:52.0783 3200 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/10 07:38:52.0813 3200 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/10 07:38:52.0884 3200 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/10 07:38:52.0944 3200 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/10 07:38:53.0044 3200 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/10 07:38:53.0064 3200 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/10 07:38:53.0134 3200 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/10 07:38:53.0384 3200 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/10 07:38:53.0454 3200 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/10 07:38:53.0534 3200 d8a4fef9-85c1-448f-a6f9-2570fb195020 (7f109ab3e0251d73dcb56130bab7826e) C:\WINDOWS\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys
2011/08/10 07:38:53.0635 3200 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/10 07:38:53.0705 3200 DLABOIOM (efae981c8ba3dad4103a76bcb5955b07) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/08/10 07:38:53.0735 3200 DLACDBHM (8d45ac148fd8c1a25204aeca1397fa7e) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/08/10 07:38:53.0765 3200 DLADResN (3e34a0991efdaf8cfa97441c3a51fc81) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/08/10 07:38:53.0815 3200 DLAIFS_M (2aef49904bde7398d0f09b6a603738ef) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/08/10 07:38:53.0855 3200 DLAOPIOM (46fa268a829384256179f4ccb6eb308f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/08/10 07:38:53.0925 3200 DLAPoolM (26e89839af248625a4e7c4cf5873375d) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/08/10 07:38:54.0055 3200 DLARTL_N (94accf8f7b87fbeaa27266927319e6ba) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/08/10 07:38:54.0075 3200 DLAUDFAM (5e914bd7f68dde3fb4bffe005162c1e6) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/08/10 07:38:54.0125 3200 DLAUDF_M (8c3cfb22a7fb3be67e0c321fa10b8b50) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/08/10 07:38:54.0215 3200 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/10 07:38:54.0336 3200 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/10 07:38:54.0376 3200 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/10 07:38:54.0416 3200 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/10 07:38:54.0476 3200 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/10 07:38:54.0586 3200 DRVMCDB (ab6c5c26fff9b3c456aeaf7e0093c2fe) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/08/10 07:38:54.0726 3200 DRVNDDM (4a307ade1638d9358b6eb90076481cc6) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/08/10 07:38:54.0886 3200 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/08/10 07:38:54.0957 3200 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/08/10 07:38:55.0157 3200 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/10 07:38:55.0287 3200 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/10 07:38:55.0337 3200 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/10 07:38:55.0387 3200 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/10 07:38:55.0447 3200 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/10 07:38:55.0497 3200 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/10 07:38:55.0547 3200 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/10 07:38:55.0688 3200 GEARAspiWDM (f877c945233039914dbe63b76f9a1065) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/10 07:38:55.0738 3200 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/10 07:38:55.0848 3200 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/10 07:38:55.0978 3200 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/10 07:38:56.0008 3200 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/10 07:38:56.0048 3200 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/10 07:38:56.0138 3200 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/10 07:38:56.0298 3200 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/10 07:38:56.0389 3200 ialm (4007984827e19e6a5b6faf8532eaefba) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/10 07:38:56.0569 3200 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/10 07:38:56.0879 3200 IntcAzAudAddService (1a5b97b5bffde5742f4209f734c4faf0) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/10 07:38:57.0180 3200 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/10 07:38:57.0210 3200 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/10 07:38:57.0290 3200 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/10 07:38:57.0380 3200 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/10 07:38:57.0450 3200 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/10 07:38:57.0540 3200 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/10 07:38:57.0580 3200 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/10 07:38:57.0620 3200 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/10 07:38:57.0650 3200 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/10 07:38:57.0690 3200 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/08/10 07:38:57.0811 3200 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
2011/08/10 07:38:57.0931 3200 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/10 07:38:57.0991 3200 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/10 07:38:58.0041 3200 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
2011/08/10 07:38:58.0091 3200 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/10 07:38:58.0181 3200 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/08/10 07:38:58.0291 3200 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/08/10 07:38:58.0391 3200 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/10 07:38:58.0512 3200 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
2011/08/10 07:38:58.0582 3200 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/10 07:38:58.0652 3200 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/10 07:38:58.0712 3200 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/10 07:38:58.0772 3200 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/10 07:38:58.0872 3200 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/10 07:38:59.0012 3200 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/10 07:38:59.0102 3200 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/10 07:38:59.0153 3200 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/10 07:38:59.0213 3200 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/10 07:38:59.0293 3200 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/10 07:38:59.0323 3200 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/10 07:38:59.0363 3200 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/10 07:38:59.0453 3200 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/10 07:38:59.0633 3200 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110808.003\naveng.sys
2011/08/10 07:38:59.0753 3200 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110808.003\navex15.sys
2011/08/10 07:38:59.0984 3200 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/10 07:39:00.0084 3200 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/10 07:39:00.0124 3200 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/10 07:39:00.0164 3200 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/10 07:39:00.0204 3200 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/10 07:39:00.0244 3200 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/10 07:39:00.0274 3200 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/10 07:39:00.0324 3200 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2011/08/10 07:39:00.0464 3200 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/10 07:39:00.0525 3200 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/10 07:39:00.0585 3200 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/10 07:39:00.0685 3200 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/10 07:39:00.0765 3200 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/10 07:39:00.0805 3200 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/10 07:39:00.0835 3200 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/10 07:39:00.0875 3200 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/10 07:39:00.0895 3200 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/10 07:39:00.0945 3200 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/10 07:39:00.0965 3200 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/10 07:39:01.0025 3200 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/10 07:39:01.0045 3200 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/10 07:39:01.0246 3200 Pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
2011/08/10 07:39:01.0366 3200 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/10 07:39:01.0396 3200 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/10 07:39:01.0436 3200 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/10 07:39:01.0476 3200 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/10 07:39:01.0716 3200 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/10 07:39:01.0796 3200 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/10 07:39:01.0836 3200 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/10 07:39:01.0856 3200 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/10 07:39:01.0907 3200 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/10 07:39:01.0987 3200 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/10 07:39:02.0047 3200 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/10 07:39:02.0107 3200 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/10 07:39:02.0207 3200 s24trans (9c40cb317400f2cf643b8706147dd06d) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/08/10 07:39:02.0357 3200 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) c:\Program Files\Symantec AntiVirus\savrt.sys
2011/08/10 07:39:02.0417 3200 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) c:\Program Files\Symantec AntiVirus\Savrtpel.sys
2011/08/10 07:39:02.0567 3200 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/08/10 07:39:02.0698 3200 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/10 07:39:02.0788 3200 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/10 07:39:02.0848 3200 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/08/10 07:39:02.0878 3200 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/08/10 07:39:02.0908 3200 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/08/10 07:39:03.0128 3200 SPBBCDrv (ef9760a364d836a0ce6149ebdf71524d) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/08/10 07:39:03.0168 3200 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/10 07:39:03.0238 3200 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/10 07:39:03.0319 3200 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/10 07:39:03.0409 3200 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/08/10 07:39:03.0539 3200 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/10 07:39:03.0589 3200 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/10 07:39:03.0729 3200 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/08/10 07:39:03.0769 3200 SYMREDRV (7de45dfebb51e56d7c795bd0c2d7aef5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/08/10 07:39:03.0819 3200 symsnap (4b016fa3594b04506b9246d8e3eb0b66) C:\WINDOWS\system32\DRIVERS\symsnap.sys
2011/08/10 07:39:03.0869 3200 SYMTDI (e1444c6095d67ca4ef6ba192cf7fa91a) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/08/10 07:39:04.0030 3200 SynTP (cfb41bf11ae95c26133bae3ec2e334bd) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/08/10 07:39:04.0210 3200 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/10 07:39:04.0260 3200 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
2011/08/10 07:39:04.0340 3200 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/10 07:39:04.0410 3200 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/10 07:39:04.0430 3200 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/10 07:39:04.0480 3200 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
2011/08/10 07:39:04.0530 3200 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/10 07:39:04.0610 3200 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
2011/08/10 07:39:04.0761 3200 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
2011/08/10 07:39:04.0821 3200 tosporte (0f89321a4bc43cd2641153b262c9338c) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/08/10 07:39:04.0881 3200 Tosrfbd (9584b102a0a0528090916c7e88b39f21) C:\WINDOWS\system32\Drivers\tosrfbd.sys
2011/08/10 07:39:04.0891 3200 Tosrfbnp (ce63e991e7f638a16c6aaecf59648c71) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/08/10 07:39:04.0951 3200 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/08/10 07:39:04.0991 3200 tosrfec (cc42fdbe9760ca1639e23158ab995f98) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
2011/08/10 07:39:05.0011 3200 Tosrfhid (ad5766254a25de9f4d6d311153e4d447) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/08/10 07:39:05.0051 3200 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/08/10 07:39:05.0101 3200 TosRfSnd (b5518adb2b0029ff95d22e8e7336f49f) C:\WINDOWS\system32\drivers\TosRfSnd.sys
2011/08/10 07:39:05.0131 3200 Tosrfusb (d537b63c0c70629ace62192cd2ae6429) C:\WINDOWS\system32\Drivers\tosrfusb.sys
2011/08/10 07:39:05.0171 3200 TVALD (c51bfed6c2d9d6512e346f25d92ad8d9) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
2011/08/10 07:39:05.0201 3200 Tvs (12c836c7fe526d7b3239af82e4083be2) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2011/08/10 07:39:05.0271 3200 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/10 07:39:05.0361 3200 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/10 07:39:05.0432 3200 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/10 07:39:05.0482 3200 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/10 07:39:05.0642 3200 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/10 07:39:05.0662 3200 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/10 07:39:05.0702 3200 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/10 07:39:05.0752 3200 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/10 07:39:05.0782 3200 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/10 07:39:05.0842 3200 v2imount (16662738e1ab857fb91ed2d4065440b0) C:\WINDOWS\system32\DRIVERS\v2imount.sys
2011/08/10 07:39:05.0872 3200 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/10 07:39:05.0932 3200 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/10 07:39:05.0972 3200 VProEventMonitor (e14b7ae35be1e97830d42ec191d0dea2) C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys
2011/08/10 07:39:06.0173 3200 w29n51 (adb2f5af36155c9f1fbfd66a3acacbe6) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/08/10 07:39:06.0413 3200 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/10 07:39:06.0583 3200 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/08/10 07:39:06.0643 3200 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/10 07:39:06.0713 3200 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
2011/08/10 07:39:06.0874 3200 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/08/10 07:39:06.0974 3200 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/10 07:39:07.0004 3200 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/10 07:39:07.0074 3200 yukonwxp (7d1def979b4e536e12882ee84f7c719a) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/08/10 07:39:07.0144 3200 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
2011/08/10 07:39:07.0154 3200 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
2011/08/10 07:39:07.0164 3200 Boot (0x1200) (a58851bde76465b7297a8ece4a27bb9f) \Device\Harddisk0\DR0\Partition0
2011/08/10 07:39:07.0174 3200 ================================================================================
2011/08/10 07:39:07.0174 3200 Scan finished
2011/08/10 07:39:07.0174 3200 ================================================================================
2011/08/10 07:39:07.0194 0696 Detected object count: 1
2011/08/10 07:39:07.0194 0696 Actual detected object count: 1
2011/08/10 07:39:28.0515 0696 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot
2011/08/10 07:39:28.0515 0696 \Device\Harddisk0\DR0 - ok
2011/08/10 07:39:28.0515 0696 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/10 07:39:36.0767 1132 Deinitialize success
 
Good :)

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
 
Broni - Thanks for your continued help. Here is the latest from RKUnhooker. BTW, after the last post - running TDS - My computer has been staying on-line.

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xA95C0000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4190208 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xB9D52000 C:\WINDOWS\system32\DRIVERS\w29n51.sys 3289088 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA7542000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110808.003\navex15.sys 1572864 bytes (Symantec Corporation, AV Engine)
0xA9489000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1126400 bytes (Agere Systems, SoftModem Device Driver)
0xBA0D5000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1052672 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF073000 C:\WINDOWS\System32\ialmdd5.DLL 909312 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA8F43000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA8FDE000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 401408 bytes (Symantec Corporation, SPBBC Driver)
0xA8EE5000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB9B47000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA9189000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA9431000 c:\Program Files\Symantec AntiVirus\savrt.sys 360448 bytes (Symantec Corporation, AutoProtect)
0xA80C6000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF151000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA782D000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB9C7D000 C:\WINDOWS\system32\DRIVERS\iwca.sys 249856 bytes (Intel Corporation, Intel Wireless Connection Agent)
0xA9150000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 233472 bytes (Symantec Corporation, Network Dispatch Driver)
0xB9CDD000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 233472 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xF7470000 KR10N.sys 204800 bytes (TOSHIBA CORPORATION, TOSHIBA RAID Driver)
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 200704 bytes (Intel Corporation, Component GHAL Driver)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA86AB000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7A22000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA8FB3000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBA099000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA9102000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9D2A000 C:\WINDOWS\system32\drivers\tifm21.sys 163840 bytes (Texas Instruments, tifm21.sys)
0xA912A000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA959C000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xBA075000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9CBA000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA9040000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xA940F000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 139264 bytes (Symantec Corporation, Symantec Event Library)
0xF7850000 symsnap.sys 135168 bytes (StorageCraft, StorageCraft Volume Snap-Shot)
0xF7438000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74BA000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xA8EC7000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xF74D9000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF795A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA9206000 C:\WINDOWS\System32\Drivers\meiudf.sys 102400 bytes (Matsushita Electric Industrial Co.,Ltd., DVD-RAM UDF File System Driver)
0xF74A2000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA8E87000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7458000 C:\WINDOWS\system32\drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xA8CB6000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 94208 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7839000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9C06000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA8D1D000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xA8CA0000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7871000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xA8646000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xA752E000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110808.003\naveng.sys 81920 bytes (Symantec Corporation, AV Engine)
0xA93FB000 c:\Program Files\Symantec AntiVirus\Savrtpel.sys 81920 bytes (Symantec Corporation, SAVRTPEL)
0xB9D16000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xBA0C1000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EF000 ACPI_HAL 81152 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xA91E2000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7974000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9BF5000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA91F5000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xA7DA6000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7507000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7697000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7607000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7887000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF76F7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7667000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF74F7000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB9AB7000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7428000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7617000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7657000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7527000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA6E7000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7637000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76A7000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA757000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7517000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7627000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA6D7000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7587000 C:\WINDOWS\system32\DRIVERS\Tvs.sys 45056 bytes (TOSHIBA Corporation, TOSHIBA Audio Filter Driver)
0xB9AA7000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF76D7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xA7702000 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 40960 bytes (Symantec Corporation, Redirector Filter Driver)
0xF76C7000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA9062000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7577000 C:\WINDOWS\system32\DRIVERS\csiidecoder_kern_i386.sys 36864 bytes (-, SRS Labs CSII Decoder Kernel DLL)
0xF7647000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7537000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF76B7000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA767000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF7418000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF777F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF77F7000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7767000 C:\WINDOWS\system32\DRIVERS\tsxt_kern_i386.sys 32768 bytes (-, SRS Labs TruSurround XT kernel DLL)
0xF7797000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB9BDD000 C:\WINDOWS\system32\DRIVERS\v2imount.sys 32768 bytes (Symantec Corporation, V2iMount.sys - Image Mounting Device Driver)
0xF781F000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF77BF000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 28672 bytes (GEAR Software Inc., CD/DVD Class Filter Driver)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF775F000 C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys 28672 bytes (TeamViewer GmbH, TeamViewerVPN Network Adapter)
0xF7777000 C:\WINDOWS\system32\DRIVERS\wowhd_kern_i386.sys 28672 bytes (SRS Labs, Inc., WOW HD kernel mode DLL for Windows)
0xF77DF000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF77B7000 C:\WINDOWS\system32\drivers\iviaspi.sys 24576 bytes (InterVideo, Inc., InterVideo ASPI Shell)
0xF779F000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF77A7000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF77AF000 C:\WINDOWS\system32\drivers\pfc.sys 24576 bytes (Padus, Inc., Padus(R) ASPI Shell)
0xF778F000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF77D7000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF77E7000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF774F000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7717000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7757000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7747000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7807000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA8D53000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF789F000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7947000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA8E6B000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA7E0000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA8C90000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF78A3000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF789B000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB9A9B000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA7E8000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA8C8C000 C:\WINDOWS\system32\DRIVERS\netdevio.sys 12288 bytes (TOSHIBA Corporation., Network Device Usermode I/O protocol)
0xBA790000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA8D4F000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 12288 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xBA7DC000 C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys 12288 bytes
0xF79B7000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79A1000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF79C9000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF79C3000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79B5000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF798B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79B9000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79A7000 C:\WINDOWS\system32\DRIVERS\NBSMI.sys 8192 bytes (Toshiba Corporation, Toshiba Notebook PC SMI Driver)
0xF79BB000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xA8E7B000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF79A5000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF799F000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7AB2000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7A70000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7A7B000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7A5B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A50000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7AB0000 C:\WINDOWS\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys 4096 bytes (Systems Internals, Windows NT File System Monitor)
==============================================
>Stealth
==============================================


Nothing detected :(
 
Random very frequent disconnects from internet

Still cannot run DDS, however, it takes about 50 seconds (versus about 5 minutes) to get to the same point as before where it hung up before running TDS.

Thanks.
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Random very frequent disconnects from internet

Successfully ran aswMBR...log attached.

ComboFix would not run. It would hang up about 30 seconds after the scan started. It would hang with a normal boot and in "safe mode". There would be about 30 seconds of disk activity after the message indicating it should take about 10 minutes. I let it go 30 minutes before trying to recover. Only way to recover was to power down.

Rkill ran and log is pasted below aswMBR log.

Thanks.

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-12 08:53:28
-----------------------------
08:53:28.972 OS Version: Windows 5.1.2600 Service Pack 3
08:53:28.972 Number of processors: 1 586 0xD08
08:53:28.982 ComputerName: TOSHIBA-USER UserName: rs stump
08:53:29.463 Initialize success
09:01:36.934 AVAST engine defs: 11081200
09:02:13.126 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:02:13.136 Disk 0 Vendor: FUJITSU_MHV2060BH 00000025 Size: 57231MB BusType: 3
09:02:15.159 Disk 0 MBR read successfully
09:02:15.159 Disk 0 MBR scan
09:02:15.219 Disk 0 Windows XP default MBR code
09:02:15.219 Disk 0 scanning sectors +117210240
09:02:15.269 Disk 0 scanning C:\WINDOWS\system32\drivers
09:02:27.446 Service scanning
09:02:28.528 Modules scanning
09:02:36.489 Disk 0 trace - called modules:
09:02:36.529 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:02:36.529 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a254ab8]
09:02:36.539 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000008c[0x8a23cf18]
09:02:36.940 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a276940]
09:02:37.150 AVAST engine scan C:\WINDOWS
09:02:48.597 AVAST engine scan C:\WINDOWS\system32
09:04:38.505 AVAST engine scan C:\WINDOWS\system32\drivers
09:04:55.820 AVAST engine scan C:\Documents and Settings\rs stump
09:10:26.736 AVAST engine scan C:\Documents and Settings\All Users
09:12:00.891 Scan finished successfully
09:12:53.997 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\rs stump\Desktop\MBR.dat"
09:12:54.017 The log file has been saved successfully to "C:\Documents and Settings\rs stump\Desktop\aswMBR.txt"

-------------------------------------------------------------------------------------

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 08/12/2011 at 11:39:15.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\PROGRA~1\SYMANT~2\VPTray.exe


Rkill completed on 08/12/2011 at 11:39:19.
 
Random very frequent disconnects from internet

I downloaded "broni_1" but it will not install. I get an error message:

"Installer integrity check has failed. Common causes inclued incomplete download and damaged media. Contact the installer's author to obtain a new copy."

I downloaded it twice with the same results.

BTW, I forgot to mention that when I originally tried ComboFix, after it wouldn't work, I downloaded it again and saved it on my desktop with a new name "CBFix" and tried to run it. The results were the same as before.

Thanks.
 
Assuming you downloaded the file to your desktop....
(If it's not on your desktop, move it there).

Go Start>Run, paste this in:
"%userprofile%\desktop\broni_1.exe" /KillAll
(quotes included, watch for a space in front of "/KillAll").
Click OK.

If the above doesn't work try this command instead:
"%userprofile%\desktop\broni_1.exe" /nombr
 
Random very frequent disconnects from internet

Typing it into the "run" command window, I received the exact same error as when I clicked it on the desktop, for both ..../killall and .../nombr.

I also tried downloading it once more and received the same (NSIS) error.
 
How is computer doing overall at this moment?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Random very frequent disconnects from internet

Just noticed that my last post didn't get saved here...it was too long so I will post one file here and the next file in a separate post. Here is the first part of the log results from running OTL.

Computer seems to be running the same as before I first got the virus. Every since running TDS it has stayed connected to the internet. Wonder why after I did a Ghost recover it still had the virus though. Thanks.


OTL logfile created on: 8/12/2011 3:15:33 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\rs stump\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 48.18% Memory free
3.35 Gb Paging File | 2.84 Gb Available in Paging File | 84.75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.65 Gb Total Space | 17.58 Gb Free Space | 31.59% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: rs stump | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/12 15:09:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rs stump\Desktop\OTL.exe
PRC - [2011/07/19 15:40:10 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2011/05/27 20:30:34 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/02/23 21:14:06 | 000,085,184 | ---- | M] (Macrovision ) -- C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
PRC - [2008/11/12 16:01:20 | 002,037,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProTray.exe
PRC - [2008/11/12 16:01:14 | 003,425,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/06/06 13:25:22 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/06/06 13:23:46 | 001,821,376 | ---- | M] (Symantec Corporation) -- c:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/06/06 13:22:34 | 000,031,424 | ---- | M] (Symantec Corporation) -- c:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/05/29 16:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/05/29 16:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/05/29 16:33:22 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2005/11/10 11:24:50 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/08/10 11:15:50 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/08/06 03:18:38 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/08/01 05:10:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/22 22:46:52 | 000,401,408 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/05/31 22:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 21:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/05/19 08:57:36 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2005/03/17 18:37:26 | 000,151,552 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 01:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/10/25 16:23:10 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2004/08/28 01:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


========== Modules (SafeList) ==========

MOD - [2011/08/12 15:09:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rs stump\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/05 12:58:22 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/07/19 15:40:10 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/06/28 04:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/23 21:14:06 | 000,085,184 | ---- | M] (Macrovision ) [Auto | Running] -- C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe -- (InstallShield Licensing Service)
SRV - [2008/11/12 16:01:14 | 003,425,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/06/06 13:24:22 | 000,116,928 | ---- | M] (symantec) [On_Demand | Stopped] -- c:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/06/06 13:23:46 | 001,821,376 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/06/06 13:22:34 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/05/29 16:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/05/29 16:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/03/28 18:52:18 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/08/10 11:15:50 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - [2011/08/05 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110808.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/05 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/08/05 01:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/05 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110808.003\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/04/29 12:11:58 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/03/26 08:13:08 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/23 20:56:32 | 000,003,584 | ---- | M] (Systems Internals) [Kernel | System | Running] -- C:\WINDOWS\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys -- (d8a4fef9-85c1-448f-a6f9-2570fb195020)
DRV - [2008/11/12 15:49:22 | 000,138,080 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2008/01/25 02:12:34 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2007/07/31 17:22:16 | 000,014,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2007/03/28 20:49:42 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/03/28 20:29:10 | 000,037,864 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount)
DRV - [2007/03/28 18:51:48 | 000,189,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/03/28 18:51:42 | 000,024,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/10 16:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- c:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- c:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/11/30 10:12:36 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/15 17:40:24 | 000,043,264 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/15 10:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/10 17:44:12 | 004,064,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/09/19 09:41:00 | 000,241,280 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/08/25 13:23:20 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/08/24 16:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/23 21:12:30 | 000,062,080 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/08/19 18:22:02 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/08/19 04:47:04 | 000,107,904 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2005/08/01 17:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/08/01 05:10:00 | 000,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/08/01 05:10:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/08/01 05:10:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/08/01 05:10:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/08/01 05:10:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/08/01 05:10:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/08/01 05:10:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/07/22 23:02:44 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/07/19 21:14:02 | 003,289,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/07/11 19:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/07/07 09:03:34 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/07 09:02:56 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/06/20 21:30:46 | 000,044,288 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/06/02 04:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/04/06 10:54:44 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/03/02 09:45:24 | 000,004,864 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/01/12 01:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2005/01/06 14:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/08/12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/05/17 16:18:26 | 000,008,573 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 15:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 13:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-3663353955-4136998300-1627265128-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
IE - HKU\S-1-5-21-3663353955-4136998300-1627265128-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3663353955-4136998300-1627265128-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = www.myantispyware.com;myantispyware.com;www.malwarebytes.org;gotrendmicro.com;go.trendmicro.com;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://login.yahoo.com/config/login_verify2?&.src=ym"
FF - prefs.js..network.proxy.no_proxies_on: "www.myantispyware.com,myantispyware.com,www.malwarebytes.org,gotrendmicro.com,go.trendmicro.com,localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/27 20:31:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/27 20:30:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/27 20:31:30 | 000,000,000 | ---D | M]

[2010/09/07 08:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rs stump\Application Data\Mozilla\Extensions
[2010/09/15 12:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rs stump\Application Data\Mozilla\Firefox\Profiles\hl4kkf61.default\extensions
[2010/09/15 11:51:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\rs stump\Application Data\Mozilla\Firefox\Profiles\hl4kkf61.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/07 08:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/10 18:15:31 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Norton Ghost 12.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vptray] c:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-3663353955-4136998300-1627265128-1006..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3663353955-4136998300-1627265128-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3663353955-4136998300-1627265128-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3663353955-4136998300-1627265128-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - c:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/04 19:41:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{19fb9a66-2ded-11df-a3f4-0013ceafe8e1}\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/12 15:09:47 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rs stump\Desktop\OTL.exe
[2011/08/12 14:47:12 | 000,136,706 | ---- | C] (Swearware) -- C:\Documents and Settings\rs stump\Desktop\broni.exe
[2011/08/12 11:25:46 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/08/12 10:29:35 | 000,000,000 | --SD | C] -- C:\CBFix
[2011/08/12 09:18:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/12 09:16:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/12 09:16:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/12 09:16:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/12 09:16:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/12 09:15:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/12 09:15:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/12 08:50:05 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\rs stump\Desktop\aswMBR.exe
[2011/08/11 07:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rs stump\Desktop\MalwareFixes
[2011/08/10 12:57:26 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/10 12:54:59 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/09 14:10:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\rs stump\Start Menu\Programs\Administrative Tools
[2011/08/09 08:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/08 13:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2011/08/06 08:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011/08/06 08:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2005/11/04 20:18:28 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

========== Files - Modified Within 30 Days ==========

[2011/08/12 15:15:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3663353955-4136998300-1627265128-1006.job
[2011/08/12 15:14:59 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3663353955-4136998300-1627265128-1006.job
[2011/08/12 15:09:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rs stump\Desktop\OTL.exe
[2011/08/12 14:47:13 | 000,136,706 | ---- | M] (Swearware) -- C:\Documents and Settings\rs stump\Desktop\broni.exe
[2011/08/12 14:35:03 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/12 12:16:39 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/08/12 12:14:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/12 12:14:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/12 12:13:35 | 1601,683,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/12 11:49:55 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\rs stump\Desktop\rkill.scr
[2011/08/12 10:13:15 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\rs stump\Desktop\rkill.com
[2011/08/12 09:53:19 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/12 09:53:19 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/08/12 09:18:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/12 09:12:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\rs stump\Desktop\MBR.dat
[2011/08/12 08:50:04 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\rs stump\Desktop\aswMBR.exe
[2011/08/10 13:24:53 | 000,525,666 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/10 13:24:53 | 000,096,364 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/10 13:21:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/07 16:49:10 | 000,012,934 | ---- | M] () -- C:\Documents and Settings\rs stump\My Documents\Connect CPU thru cell phone.rtf
[2011/08/05 14:29:04 | 000,348,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/05 13:17:56 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/08/05 11:39:44 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/08/05 10:47:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/25 08:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/07/19 16:25:32 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\smrgdf.exe
[2011/07/19 16:25:22 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\iolobtdfg.exe
[2011/07/19 15:42:44 | 002,083,464 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator32.dll
[2011/07/15 06:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

========== Files Created - No Company Name ==========

[2011/08/12 11:49:45 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\rs stump\Desktop\rkill.scr
[2011/08/12 10:59:19 | 1601,683,456 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/12 10:13:05 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\rs stump\Desktop\rkill.com
[2011/08/12 09:18:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/12 09:18:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/12 09:16:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/12 09:16:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/12 09:16:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/12 09:16:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/12 09:16:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/12 09:12:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\rs stump\Desktop\MBR.dat
[2011/08/07 16:49:10 | 000,012,934 | ---- | C] () -- C:\Documents and Settings\rs stump\My Documents\Connect CPU thru cell phone.rtf
[2011/06/24 17:13:31 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/06/05 20:23:13 | 000,390,728 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3663353955-4136998300-1627265128-1006-0.dat
[2011/06/05 20:23:07 | 000,288,402 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/05/11 17:45:18 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/11 17:45:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/03/26 08:21:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/02/24 08:40:56 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/02/24 08:40:56 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\5D65976D13.sys
[2010/02/15 11:14:13 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/01/03 16:45:43 | 000,000,700 | ---- | C] () -- C:\WINDOWS\SKCMSUSR.INI
[2010/01/03 16:45:40 | 000,412,014 | ---- | C] () -- C:\WINDOWS\c4dll16.dll
[2009/10/15 20:06:51 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/10/15 12:15:36 | 000,116,841 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/10/15 11:38:19 | 000,179,865 | ---- | C] () -- C:\WINDOWS\hpwins14.dat
[2009/10/15 11:38:19 | 000,001,108 | ---- | C] () -- C:\WINDOWS\hpwmdl14.dat
[2009/10/15 07:58:15 | 000,012,858 | ---- | C] () -- C:\WINDOWS\hpwscr14.dat
[2009/10/14 18:03:23 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2009/10/14 18:02:10 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2009/10/14 12:34:53 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/10/14 10:02:53 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2009/10/14 09:54:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/05/27 12:56:42 | 000,508,200 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/12/01 21:20:38 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/12/01 21:20:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/12/01 21:20:38 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/12/01 21:20:38 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/11/29 17:35:18 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/29 17:35:18 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/29 17:35:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/29 17:35:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/29 17:35:18 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/29 17:35:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/29 17:24:50 | 000,004,528 | R--- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2005/11/29 17:23:18 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/11/29 17:13:40 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2005/11/29 17:13:40 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2005/11/29 17:13:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/29 17:13:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/11/11 15:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/08 14:47:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/04 21:36:53 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2005/11/04 21:27:36 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/04 21:25:51 | 000,000,308 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/04 20:54:58 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2005/11/04 20:51:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/11/04 20:38:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2005/11/04 20:18:28 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/11/04 19:42:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/11/04 19:39:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/11/04 19:38:04 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/04 18:20:12 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/04 18:16:56 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/11/04 18:16:50 | 000,525,666 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/11/04 18:16:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/11/04 18:16:50 | 000,096,364 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/11/04 18:16:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/11/04 18:16:48 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/11/04 18:16:47 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/11/04 18:16:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/11/04 18:16:33 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/11/04 18:16:33 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/11/04 18:16:20 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/11/04 18:16:09 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/11/04 11:34:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/11/04 11:33:27 | 000,348,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/24 16:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/06/22 17:11:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/13 19:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2000/02/24 07:03:04 | 000,061,502 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 01:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/08/12 12:13:29 | 000,082,636 | ---- | M] () -- C:\aaw7boot.log
[2005/11/04 19:41:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/08/05 11:39:44 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/08/12 09:18:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2005/11/04 19:41:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/11/28 05:20:09 | 000,219,780 | ---- | M] () -- C:\EULA.pdf
[2009/10/16 14:29:44 | 000,000,084 | ---- | M] () -- C:\EventLOG.txt
[2011/08/12 12:13:35 | 1601,683,456 | -HS- | M] () -- C:\hiberfil.sys
[2005/11/04 19:41:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/12/08 20:42:57 | 000,004,194 | ---- | M] () -- C:\ioloUpdate.log
[2005/11/04 21:29:01 | 000,001,222 | -H-- | M] () -- C:\IPH.PH
[2005/11/04 19:41:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/10/14 13:54:24 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/08/12 12:13:31 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/06/10 18:21:34 | 000,001,730 | ---- | M] () -- C:\rapport.txt
[2011/08/12 11:39:19 | 000,000,392 | ---- | M] () -- C:\rkill.log
[2011/08/10 07:39:36 | 000,050,524 | ---- | M] () -- C:\TDSSKiller.2.5.14.0_10.08.2011_07.38.41_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/11/04 19:40:35 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/01 12:00:16 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5jy.dll
[2003/06/18 18:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2004/12/08 17:04:46 | 000,045,056 | ---- | M] (TOSHIBA) -- C:\WINDOWS\cfdemo.scr

[
 
Random very frequent disconnects from internet

This is the next part of the log file from OTL, followed by the Extras file.

color=#A23BEC]< %systemroot%\*._sy >[/color]

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/11/04 11:33:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/11/04 11:33:02 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/11/04 11:33:02 | 000,888,832 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/10/14 13:59:32 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/10/14 14:05:21 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\rs stump\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2002/05/06 11:19:45 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\rs stump\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/08/12 08:50:04 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\rs stump\Desktop\aswMBR.exe
[2011/08/12 14:47:13 | 000,136,706 | ---- | M] (Swearware) -- C:\Documents and Settings\rs stump\Desktop\broni.exe
[2011/08/12 15:09:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rs stump\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >
[2001/03/21 13:49:00 | 000,031,232 | ---- | M] () -- C:\WINDOWS\Driver Cache\DrvUpdt.exe
[2005/11/04 20:28:07 | 000,032,864 | ---- | M] () -- C:\WINDOWS\Driver Cache\INFCACHE.1
[2005/11/02 13:05:54 | 000,379,259 | ---- | M] () -- C:\WINDOWS\Driver Cache\lan.exe
[2005/09/26 09:41:00 | 000,040,040 | ---- | M] () -- C:\WINDOWS\Driver Cache\yk51x86.cat
[2005/09/19 09:41:00 | 000,014,977 | ---- | M] () -- C:\WINDOWS\Driver Cache\yk51x86.htm
[2005/09/19 09:41:00 | 000,370,280 | ---- | M] () -- C:\WINDOWS\Driver Cache\yk51x86.inf
[2005/11/04 20:28:06 | 000,137,108 | ---- | M] () -- C:\WINDOWS\Driver Cache\yk51x86.PNF
[2005/09/19 09:41:00 | 000,241,280 | ---- | M] (Marvell) -- C:\WINDOWS\Driver Cache\yk51x86.sys
[2005/09/19 09:41:00 | 000,012,856 | ---- | M] () -- C:\WINDOWS\Driver Cache\yk51x86.txt

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/01/22 17:37:35 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\rs stump\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/08/12 15:14:59 | 000,704,512 | ---- | M] () -- C:\Documents and Settings\rs stump\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2005/07/23 00:24:10 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
[2005/08/01 14:24:00 | 001,003,215 | ---- | M] () -- C:\WINDOWS\Installer\ms_office_trial.exe
[2005/10/03 12:51:00 | 004,673,840 | ---- | M] () -- C:\WINDOWS\Installer\welcomeTour.exe

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 02:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 02:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 02:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-10 20:25:12


< End of report >
-------------------------------------------------------------------------

OTL Extras logfile created on: 8/12/2011 3:15:33 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\rs stump\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 48.18% Memory free
3.35 Gb Paging File | 2.84 Gb Available in Paging File | 84.75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.65 Gb Total Space | 17.58 Gb Free Space | 31.59% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: rs stump | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3036:TCP" = 3036:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
"C:\Documents and Settings\rs stump\Local Settings\Temp\7zS55.tmp\setup\HPZnui01.exe" = C:\Documents and Settings\rs stump\Local Settings\Temp\7zS55.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\rs stump\Local Settings\Temp\7zS55.tmp\setup\hponicifs01.exe" = C:\Documents and Settings\rs stump\Local Settings\Temp\7zS55.tmp\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe
"C:\Documents and Settings\rs stump\Local Settings\Temp\7zSD.tmp\setup\HPZnui01.exe" = C:\Documents and Settings\rs stump\Local Settings\Temp\7zSD.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\rs stump\Local Settings\Temp\7zSD.tmp\setup\hponicifs01.exe" = C:\Documents and Settings\rs stump\Local Settings\Temp\7zSD.tmp\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Documents and Settings\rs stump\Local Settings\Temp\7zSB.tmp\setup\HPZnui01.exe" = C:\Documents and Settings\rs stump\Local Settings\Temp\7zSB.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\rs stump\Local Settings\Temp\7zSB.tmp\setup\hponicifs01.exe" = C:\Documents and Settings\rs stump\Local Settings\Temp\7zSB.tmp\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\rs stump\temp\TeamViewer\Version4\TeamViewer.exe" = C:\Documents and Settings\rs stump\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe" = C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{000AB2ED-5741-4C30-A1A4-0FCB8A529000}" = WordPerfect Office X4
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0501FE15-FBF0-486E-B05A-C20CD2E10476}" = e-Sword
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}" = Microsoft Project 2000
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{50E125D1-88E5-48CE-80AE-98EC9698E639}" = Symantec AntiVirus
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{79F86C69-2B17-4368-9234-472A23639E16}" = Ad-Aware
"{7CD7A451-7224-49C8-95EF-9A1859C66607}" = mZConfig
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B7B20F4-6504-47FB-A061-308840E175D8}" = Nitro PDF Professional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEB95804-A937-49E6-940A-37A606C16D5D}" = DeLorme Street Atlas USA 2009 Plus
"{B0255743-165B-4BD5-8DA8-37DFB9930012}" = Norton Ghost
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Metamail (Toshiba Registration Utility)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E18E644D-4FC1-4E7F-87B7-A0288A14A322}" = TIxx21/x515
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Akamai" = Akamai NetSession Interface
"Autodesk Design Review 2012" = Autodesk Design Review 2012
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"InstallShield_{E18E644D-4FC1-4E7F-87B7-A0288A14A322}" = Texas Instruments PCIxx21/x515 drivers.
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Money2006a" = MSN Money Investment Toolbox
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel(R) PROSet/Wireless Software
"QuickTime" = QuickTime
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 4" = TeamViewer 4
"The Word" = theWord
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Trailer Life Directory Campground Navigator 2008_is1" = Trailer Life Directory Campground Navigator 2008
"Uninstaller_60003CCB_Quick View Plus" = Quick View Plus (Shared Components)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3663353955-4136998300-1627265128-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 8/12/2011 1:27:15 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 8/12/2011 1:28:42 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 8/12/2011 1:59:40 PM | Computer Name = TOSHIBA-USER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.101 for the Network Card with network
address 0013CEAFE8E1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 8/12/2011 1:59:44 PM | Computer Name = TOSHIBA-USER | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0013CEAFE8E1. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 8/12/2011 2:01:58 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/12/2011 2:23:26 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034
Description = The iolo System Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/12/2011 2:26:45 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034
Description = The Swupdtmr service terminated unexpectedly. It has done this 1
time(s).

Error - 8/12/2011 2:31:57 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/12/2011 3:16:22 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/12/2011 5:04:16 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10010
Description = The server {657C7A59-4FEC-4C06-A354-607B1EB184FB} did not register
with DCOM within the required timeout.


< End of report >
 
Wonder why after I did a Ghost recover it still had the virus though
Click to expand...
I suggest you delete that image and you create new one when we're done here.

=================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKU\S-1-5-21-3663353955-4136998300-1627265128-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = www.myantispyware.com;myantispyware.com;www.malwarebytes.org;gotrendmicro.com;go.trendmicro.com;<local>
FF - prefs.js..network.proxy.no_proxies_on: "www.myantispyware.com,myantispyware.com,www.malwarebytes.org,gotrendmicro. com,go.trendmicro.com,localhost,127.0.0.1"
O4 - HKLM..\Run: [] File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2010/02/24 08:40:56 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/02/24 08:40:56 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\5D65976D13.sys


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Random very frequent disconnects from internet

Here are the results to OTL RunFix and Security check:

All processes killed
========== OTL ==========
HKU\S-1-5-21-3663353955-4136998300-1627265128-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "www.myantispyware.com,myantispyware.com,www.malwarebytes.org,gotrendmicro. com,go.trendmicro.com,localhost,127.0.0.1" removed from network.proxy.no_proxies_on
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\5D65976D13.sys moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 76309 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2936317 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: rs stump
->Temp folder emptied: 140031732 bytes
->Temporary Internet Files folder emptied: 31142285 bytes
->Java cache emptied: 1014855 bytes
->FireFox cache emptied: 40942689 bytes
->Flash cache emptied: 135536 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2305727 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 182753927 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 383.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: rs stump
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08152011_152418

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\rs stump\Local Settings\Temp\Perflib_Perfdata_eb4.dat not found!
C:\Documents and Settings\rs stump\Local Settings\Temp\~DFFA61.tmp moved successfully.
File\Folder C:\Documents and Settings\rs stump\Local Settings\Temp\~DFFA6E.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_76c.dat not found!

Registry entries deleted on Reboot...

------------------------------------------------------------------------------------
------------------------------------------------------------------------------------

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Symantec AntiVirus
iolo technologies' System Mechanic
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Adobe Flash Player
Adobe Reader 9.3.2
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus Rtvscan.exe
iolo Common Lib ioloServiceManager.exe
``````````End of Log````````````
 
Uninstall iolo technologies' System Mechanic .
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


=============================================================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

================================================================

Upgrade Firefox to the latest version 5.0

...and Eset...
 
Random very frequent disconnects from internet

Ran ESET scanner and no files were reported. Thanks.
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Random very frequent disconnects from internet

OTL cleanup log.



All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: rs stump
->Temp folder emptied: 415909 bytes
->Temporary Internet Files folder emptied: 500345 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 305623 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: rs stump
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!



OTL by OldTimer - Version 3.2.26.1 log created on 08162011_110148

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\rs stump\Local Settings\Temp\Perflib_Perfdata_b80.dat not found!
C:\Documents and Settings\rs stump\Local Settings\Temp\~DF7B4F.tmp moved successfully.
File\Folder C:\Documents and Settings\rs stump\Local Settings\Temp\~DF7B6F.tmp not found!
File\Folder C:\WINDOWS\temp\fb_2064.lck not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_3a8.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_bc8.dat not found!

Registry entries deleted on Reboot...
 
Status
Not open for further replies.

Similar threads

M
Web Meeting disconnects even though internet is connected
Replies
1
Views
613
madhav04
M
pcnthuziast
W11 start menu bug
Replies
0
Views
412
pcnthuziast
pcnthuziast
midian182
California considers "right to disconnect" bill to prevent bosses contacting workers out of hours
Replies
23
Views
292
takaozo
takaozo

Latest posts

Back