Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Returned Laptop to Factory Settings, Virus Still Active!

Started by indiebaby , Mar 13 2011 11:22 PM

  • This topic is locked This topic is locked

#1
indiebaby
Posted 13 March 2011 - 11:22 PM

indiebaby

    Member

  • Member
  • PipPip
  • 15 posts
*Not positive what the exact virus is, but i know its a trojan. I used Malwarebytes but couldnt seem to find more on what to do after that didnt work. So i apoligize for possibly terrible spelling and already answered issues i may bring up. At a loss, just bought this laptop little over a month ago and hoping not to shell out $200.


Got a virus/trojan a couple days ago. Kasperky lit up red said it couldnt fix it but deleted the infected files. Ran scanners, everything seemed fine at that point. After that its just been bad. Wasnt sure what to do, so took it to Staples where i bought it. The tech told me that it would be expensive for them to return it to factory settings and that any virus would be wiped out if i did it myself. Sure why not, save 100$ but that didnt work and i hope i havnt made things worse. Since the tech didnt tell me about the slim chance returning to factory settings would not work maybe someone can help me here with more trustworthy advice.

I am wondering if after i returned it to factory settings my wireless mouse may have haborbed the virus?

I did not download anything when i got this trojan. As soon as i went online, on Mozilla , is when i got the virus. I do not know exactly what kind it is, but its behavior is very annoying. Even typing this i cannot go back and fix a word. The cursor will start to move foward pushing letters, words, ect. When i look at sample pictures once i click on one its as if they are all being clicked on afterwards one by one. Even trying to open up a scroll bar for example, it gets sporadic highlighting all over where i havnt moved the mouse.


I am operating on windows 7, newer laptop as mentioned. What should i know, what can i do? What wont Staples tell me if by chance you know?

Need more information, let me know and i will do my best to provide it. Thanks!
  • 0

Advertisements

#2
maliprog
Posted 14 March 2011 - 02:09 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello indiebaby and welcome to G2G! :D

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image
  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 4

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
  • TDSSKiller log
It would be helpful if you could post each log in separate post
  • 0

#3
indiebaby
Posted 14 March 2011 - 03:10 AM

indiebaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Okay, well Thank you for such a quick response maliprong!

Im going to try step one. Once the information is copied and i post it here should i wait for futher instructions? Or should i do them all at once and give you the log information of 1-4?

Edited by indiebaby, 14 March 2011 - 03:13 AM.

  • 0

#4
maliprog
Posted 14 March 2011 - 03:16 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi indiebaby,

You can do it as you like. Do step by step and post logs after each step or do all steps and post all logs after that. Please post each log in separate post.
  • 0

#5
indiebaby
Posted 14 March 2011 - 03:26 AM

indiebaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Step 1 the first is the OTL.txt & second will be the Extras.txt


OTL logfile created on: 3/14/2011 5:18:02 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\tanya\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.31 Gb Total Space | 263.38 Gb Free Space | 91.99% Space Free | Partition Type: NTFS

Computer Name: TANYA-PC | User Name: tanya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/14 05:16:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\tanya\Downloads\OTL.scr
PRC - [2010/08/01 22:08:21 | 000,285,296 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/08/01 22:04:05 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/05/23 01:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe
PRC - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/02/24 04:54:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2010/01/28 20:34:01 | 000,103,792 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe


========== Modules (SafeList) ==========

MOD - [2011/03/14 05:16:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\tanya\Downloads\OTL.scr
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/02/25 22:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 20:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 01:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/08/01 22:08:50 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/05/23 01:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe -- (NIS)
SRV - [2010/04/03 19:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/01/28 20:34:01 | 000,103,792 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/08/13 14:09:08 | 000,297,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe -- (taisregispinger)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/13 14:28:34 | 000,173,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/21 16:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010/07/01 17:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/05/23 20:41:39 | 000,038,248 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1200000.080\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/05/23 20:41:38 | 000,701,800 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1200000.080\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/05/18 21:35:26 | 000,815,664 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1200000.080\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2010/05/18 21:35:14 | 000,450,096 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1200000.080\SymDS64.sys -- (SymDS)
DRV:64bit: - [2010/05/16 21:07:44 | 000,168,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1200000.080\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/05/10 22:03:35 | 000,380,464 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1200000.080\symnets.sys -- (SymNetS)
DRV:64bit: - [2010/03/24 16:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/22 21:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/20 11:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/12 18:49:16 | 000,877,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
DRV:64bit: - [2010/02/10 18:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/09 00:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 16:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/05/28 05:00:00 | 001,773,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\EX64.SYS -- (NAVEX15)
DRV - [2010/05/28 05:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/05/28 05:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/28 05:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\ENG64.SYS -- (NAVENG)
DRV - [2010/05/18 20:53:52 | 000,942,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20100522.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/05/17 21:10:25 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20100518.002\IDSVia64.sys -- (IDSVia64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSND&bmod=TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSND&bmod=TSND

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSND&bmod=TSND
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://start.toshiba.com/g/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSND&bmod=TSND
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ [2011/03/13 14:29:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn\ [2011/03/13 14:28:47 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/03/14 00:34:42 | 000,000,000 | ---D | C] -- C:\Users\tanya\AppData\Roaming\Malwarebytes
[2011/03/14 00:34:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/03/14 00:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/14 00:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/14 00:34:35 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/03/14 00:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/03/13 21:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/03/13 21:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/03/13 17:28:11 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/03/13 16:58:25 | 000,815,664 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1200000.080\SymEFA64.sys
[2011/03/13 16:58:25 | 000,701,800 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1200000.080\srtsp64.sys
[2011/03/13 16:58:25 | 000,450,096 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1200000.080\SymDS64.sys
[2011/03/13 16:58:25 | 000,380,464 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1200000.080\symnets.sys
[2011/03/13 16:58:25 | 000,168,496 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1200000.080\Ironx64.sys
[2011/03/13 16:58:25 | 000,038,248 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1200000.080\srtspx64.sys
[2011/03/13 16:58:11 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64
[2011/03/13 16:58:11 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1200000.080
[2011/03/13 16:58:08 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/03/13 16:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2011/03/13 16:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Blio
[2011/03/13 16:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetZero
[2011/03/13 16:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Laptop Checkup
[2011/03/13 16:55:49 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NortonPCCheckupx64
[2011/03/13 16:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\Norton PC Checkup
[2011/03/13 16:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup
[2011/03/13 16:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/03/13 16:55:49 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NortonPCCheckupx64\0200030.0C6
[2011/03/13 16:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/03/13 16:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/03/13 16:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Online Backup
[2011/03/13 16:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toshiba Online Backup
[2011/03/13 16:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/03/13 16:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com
[2011/03/13 16:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA Corporation
[2011/03/13 16:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\Intuit
[2011/03/13 16:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intuit
[2011/03/13 16:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangent
[2011/03/13 16:51:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA Games
[2011/03/13 16:50:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems
[2011/03/13 16:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Label@Once
[2011/03/13 16:50:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2011/03/13 16:41:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek WLAN Driver
[2011/03/13 16:41:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2011/03/13 16:40:27 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Atheros_L1e
[2011/03/13 16:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/03/13 16:39:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011/03/13 16:34:15 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2011/03/13 16:33:58 | 000,000,000 | ---D | C] -- C:\Intel
[2011/03/13 16:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2011/03/13 14:54:38 | 000,000,000 | ---D | C] -- C:\Users\tanya\AppData\Local\Diagnostics
[2011/03/13 14:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/03/13 14:28:34 | 000,173,616 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/03/13 14:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/03/13 14:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/03/13 14:26:41 | 000,000,000 | ---D | C] -- C:\Users\tanya\AppData\Local\TOSHIBA_Corporation
[2011/03/13 14:26:41 | 000,000,000 | ---D | C] -- C:\Users\tanya\AppData\Roaming\Toshiba
[2011/03/13 14:20:41 | 000,000,000 | ---D | C] -- C:\Users\tanya\AppData\Roaming\Macromedia
[2011/03/13 14:20:34 | 000,000,000 | ---D | C] -- C:\Users\tanya\AppData\Roaming\Adobe
[2011/03/13 14:20:19 | 000,000,000 | ---D | C] -- C:\Users\tanya\AppData\Roaming\Google
[2011/03/13 14:20:19 | 000,000,000 | ---D | C] -- C:\Users\tanya\AppData\Local\Google
[2011/03/13 14:19:29 | 000,000,000 | ---D | C] -- C:\Users\tanya\AppData\Local\Toshiba
[2011/03/13 14:18:54 | 000,000,000 | R--D | C] -- C:\Users\tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/03/13 14:18:54 | 000,000,000 | R--D | C] -- C:\Users\tanya\Searches
[2011/03/13 14:18:54 | 000,000,000 | R--D | C] -- C:\Users\tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/03/13 14:18:54 | 000,000,000 | -H-D | C] -- C:\Users\tanya\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/03/13 14:18:46 | 000,000,000 | ---D | C] -- C:\Users\tanya\AppData\Roaming\Identities
[2011/03/13 14:18:44 | 000,000,000 | R--D | C] -- C:\Users\tanya\Contacts
[2011/03/13 14:18:43 | 000,000,000 | ---D | C] -- C:\Users\tanya\AppData\Local\VirtualStore
[2011/03/13 14:17:49 | 000,000,000 | ---D | C] -- C:\Users\tanya\AppData\Roaming\WinBatch
[2011/03/13 14:17:28 | 000,000,000 | -HSD | C] -- C:\Users\tanya\AppData\Local\Temporary Internet Files
[2011/03/13 14:17:28 | 000,000,000 | -HSD | C] -- C:\Users\tanya\Templates
[2011/03/13 14:17:28 | 000,000,000 | -HSD | C] -- C:\Users\tanya\Start Menu
[2011/03/13 14:17:28 | 000,000,000 | -HSD | C] -- C:\Users\tanya\SendTo
[2011/03/13 14:17:28 | 000,000,000 | -HSD | C] -- C:\Users\tanya\Recent
[2011/03/13 14:17:28 | 000,000,000 | -HSD | C] -- C:\Users\tanya\PrintHood
[2011/03/13 14:17:28 | 000,000,000 | -HSD | C] -- C:\Users\tanya\NetHood
[2011/03/13 14:17:28 | 000,000,000 | -HSD | C] -- C:\Users\tanya\Documents\My Videos
[2011/03/13 14:17:28 | 000,000,000 | -HSD | C] -- C:\Users\tanya\Documents\My Pictures
[2011/03/13 14:17:28 | 000,000,000 | -HSD | C] -- C:\Users\tanya\Documents\My Music
[2011/03/13 14:17:28 | 000,000,000 | -HSD | C] -- C:\Users\tanya\My Documents
[2011/03/13 14:17:28 | 000,000,000 | -HSD | C] -- C:\Users\tanya\Local Settings
[2011/03/13 14:17:28 | 000,000,000 | -HSD | C] -- C:\Users\tanya\AppData\Local\History
[2011/03/13 14:17:28 | 000,000,000 | -HSD | C] -- C:\Users\tanya\Cookies
[2011/03/13 14:17:28 | 000,000,000 | -HSD | C] -- C:\Users\tanya\Application Data
[2011/03/13 14:17:28 | 000,000,000 | -HSD | C] -- C:\Users\tanya\AppData\Local\Application Data
[2011/03/13 14:17:27 | 000,000,000 | --SD | C] -- C:\Users\tanya\AppData\Roaming\Microsoft
[2011/03/13 14:17:27 | 000,000,000 | R--D | C] -- C:\Users\tanya\Videos
[2011/03/13 14:17:27 | 000,000,000 | R--D | C] -- C:\Users\tanya\Saved Games
[2011/03/13 14:17:27 | 000,000,000 | R--D | C] -- C:\Users\tanya\Pictures
[2011/03/13 14:17:27 | 000,000,000 | R--D | C] -- C:\Users\tanya\Music
[2011/03/13 14:17:27 | 000,000,000 | R--D | C] -- C:\Users\tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/03/13 14:17:27 | 000,000,000 | R--D | C] -- C:\Users\tanya\Links
[2011/03/13 14:17:27 | 000,000,000 | R--D | C] -- C:\Users\tanya\Favorites
[2011/03/13 14:17:27 | 000,000,000 | R--D | C] -- C:\Users\tanya\Downloads
[2011/03/13 14:17:27 | 000,000,000 | R--D | C] -- C:\Users\tanya\My Documents
[2011/03/13 14:17:27 | 000,000,000 | R--D | C] -- C:\Users\tanya\Desktop
[2011/03/13 14:17:27 | 000,000,000 | R--D | C] -- C:\Users\tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/03/13 14:17:27 | 000,000,000 | -H-D | C] -- C:\Users\tanya\AppData
[2011/03/13 14:17:27 | 000,000,000 | ---D | C] -- C:\Users\tanya\AppData\Local\Temp
[2011/03/13 14:17:27 | 000,000,000 | ---D | C] -- C:\Users\tanya\AppData\Local\Microsoft
[2011/03/13 14:17:27 | 000,000,000 | ---D | C] -- C:\Users\tanya\AppData\Roaming\Media Center Programs
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/14 05:13:01 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/14 05:11:50 | 001,241,468 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1200000.080\Cat.DB
[2011/03/14 05:08:07 | 000,015,568 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/14 05:08:07 | 000,015,568 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/14 05:05:53 | 000,713,888 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/03/14 05:05:53 | 000,615,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/03/14 05:05:53 | 000,103,702 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/03/14 05:00:33 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/14 05:00:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/03/14 05:00:04 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/14 00:34:38 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/13 23:50:28 | 000,276,216 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/03/13 21:21:18 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2011/03/13 21:21:14 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2011/03/13 17:12:56 | 000,039,252 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2011/03/13 17:12:56 | 000,039,252 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2011/03/13 16:40:14 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/03/13 16:35:34 | 000,015,792 | ---- | M] () -- C:\windows\SysNative\results.xml
[2011/03/13 14:28:34 | 000,173,616 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/03/13 14:28:34 | 000,007,440 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/03/13 14:28:34 | 000,000,854 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/03/13 14:20:14 | 000,001,452 | ---- | M] () -- C:\Users\tanya\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/13 14:20:12 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/03/13 14:18:20 | 000,000,013 | RHS- | M] () -- C:\windows\SysNative\drivers\fbd.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/14 00:34:38 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/13 21:21:18 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2011/03/13 21:21:14 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2011/03/13 16:58:19 | 000,003,375 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1200000.080\SymEFA.inf
[2011/03/13 16:58:19 | 000,002,792 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1200000.080\SymDS.inf
[2011/03/13 16:58:19 | 000,001,446 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1200000.080\SymNet.inf
[2011/03/13 16:58:19 | 000,001,438 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1200000.080\srtsp64.inf
[2011/03/13 16:58:19 | 000,001,422 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1200000.080\srtspx64.inf
[2011/03/13 16:58:19 | 000,000,772 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1200000.080\Iron.inf
[2011/03/13 16:58:11 | 000,007,414 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1200000.080\srtspx64.cat
[2011/03/13 16:58:11 | 000,007,412 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1200000.080\SymEFA64.cat
[2011/03/13 16:58:11 | 000,007,410 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1200000.080\srtsp64.cat
[2011/03/13 16:58:11 | 000,007,406 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1200000.080\SymDS64.cat
[2011/03/13 16:58:11 | 000,007,402 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1200000.080\iron.cat
[2011/03/13 16:58:11 | 000,007,368 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1200000.080\symnet64.cat
[2011/03/13 16:58:11 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1200000.080\isolate.ini
[2011/03/13 16:55:49 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NortonPCCheckupx64\0200030.0C6\isolate.ini
[2011/03/13 16:55:22 | 000,001,726 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com - Shopping.lnk
[2011/03/13 16:55:14 | 000,001,785 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks Financial Center.lnk
[2011/03/13 16:40:14 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/03/13 16:35:34 | 000,015,792 | ---- | C] () -- C:\windows\SysNative\results.xml
[2011/03/13 16:28:39 | 3062,255,616 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/13 14:28:39 | 001,241,468 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1200000.080\Cat.DB
[2011/03/13 14:28:34 | 000,007,440 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/03/13 14:28:34 | 000,000,854 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/03/13 14:20:14 | 000,001,452 | ---- | C] () -- C:\Users\tanya\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/13 14:20:12 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/03/13 14:18:55 | 000,001,458 | ---- | C] () -- C:\Users\tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/03/13 14:18:20 | 000,000,013 | RHS- | C] () -- C:\windows\SysNative\drivers\fbd.sys
[2011/03/13 14:17:28 | 000,000,290 | ---- | C] () -- C:\Users\tanya\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/03/13 14:17:27 | 000,000,272 | ---- | C] () -- C:\Users\tanya\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/02/20 11:22:24 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/02/20 11:22:24 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/02/20 11:22:24 | 000,104,636 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/02/20 10:27:36 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/02/20 10:27:36 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/03/13 14:26:41 | 000,000,000 | ---D | M] -- C:\Users\tanya\AppData\Roaming\Toshiba
[2011/03/13 14:17:49 | 000,000,000 | ---D | M] -- C:\Users\tanya\AppData\Roaming\WinBatch
[2009/07/14 01:08:49 | 000,005,352 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >





Extras

OTL Extras logfile created on: 3/14/2011 5:18:02 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\tanya\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.31 Gb Total Space | 263.38 Gb Free Space | 91.99% Space Free | Partition Type: NTFS

Computer Name: TANYA-PC | User Name: tanya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}" = Toshiba Book Place
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NIS" = Norton Internet Security
"NortonPCCheckup" = Toshiba Laptop Checkup
"TOSHIBA Game Console" = WildTangent ORB Game Console
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088702" = Plants vs. Zombies
"WT088703" = Build-a-lot 2
"WT088710" = Zuma's Revenge
"WT088739" = FATE
"WT088750" = Jewel Quest - Heritage
"WT088759" = Polar Bowler
"WT088760" = Virtual Villagers 4 - The Tree of Life
"WT088761" = Wheel of Fortune 2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/13/2011 5:06:38 PM | Computer Name = WIN-02V6L56LH68 | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 3/13/2011 5:06:38 PM | Computer Name = WIN-02V6L56LH68 | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 3/13/2011 5:09:08 PM | Computer Name = tanya-PC | Source = Google Update | ID = 20
Description =

Error - 3/13/2011 5:13:05 PM | Computer Name = tanya-PC | Source = Google Update | ID = 20
Description =

Error - 3/14/2011 12:28:45 AM | Computer Name = tanya-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 974 Start
Time: 01cbe1fb47acc588 Termination Time: 15 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: 885df55d-4df3-11e0-aa3d-60eb692188e8


< End of report >





The next one might take me a little time, new to this.
  • 0

#6
indiebaby
Posted 14 March 2011 - 03:55 AM

indiebaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Okay, for the next two. GMER log was empty and said it found no threats. TDSSKILLER as well, reported no issues/threats and there does not seem to be a log either. Its just empty.
  • 0

#7
maliprog
Posted 14 March 2011 - 04:03 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi indiebaby,

For now your logs are clean. Let's look deeper.

Step 1

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply


Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt log in your next reply.

Step 3

Please don't forget to include these items in your reply:

  • aswMBR log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#8
indiebaby
Posted 14 March 2011 - 04:18 AM

indiebaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Im having an issue closeing my Norton Security. If i choose to turn off its services will that be effective? I cant seem to close out of the antivirus while im trying to do combofix. It showed a warning it is still running and contiuneing is at my own risk. Any idea of what Norton's process name is? When i used task manager to try to close it i could not seem to find it. Thanks!
  • 0

#9
maliprog
Posted 14 March 2011 - 04:21 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please continue with antivirus ON. Just continue with the scan...
  • 0

#10
indiebaby
Posted 14 March 2011 - 04:34 AM

indiebaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-03-14 06:06:05
-----------------------------
06:06:05.652 OS Version: Windows x64 6.1.7600
06:06:05.652 Number of processors: 2 586 0x2505
06:06:05.652 ComputerName: TANYA-PC UserName: tanya
06:06:07.196 Initialize success
06:06:15.308 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
06:06:15.308 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 305245MB BusType: 3
06:06:15.355 Disk 0 MBR read successfully
06:06:15.355 Disk 0 MBR scan
06:06:15.371 Service scanning
06:06:16.385 Disk 0 trace - called modules:
06:06:16.416 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
06:06:16.432 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b8c060]
06:06:16.432 3 CLASSPNP.SYS[fffff8800147443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a06050]
06:06:16.447 Scan finished successfully



ComboFix 11-03-12.01 - tanya 03/14/2011 6:21.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2436 [GMT -4:00]
Running from: c:\users\tanya\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\tanya\AppData\Local\Temp\385E.tmp
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 )))))))))))))))))))))))))))))))
.
.
2011-03-14 04:34 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-14 04:34 . 2011-03-14 04:34 -------- d-----w- c:\programdata\Malwarebytes
2011-03-14 04:34 . 2011-03-14 04:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-14 04:34 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-14 01:21 . 2011-03-14 01:21 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-03-13 20:58 . 2011-03-13 20:58 -------- d--h--w- c:\windows\msdownld.tmp
2011-03-13 20:58 . 2011-03-14 10:26 -------- d-----w- c:\windows\system32\drivers\NISx64
2011-03-13 20:58 . 2011-03-13 20:58 -------- d-----w- c:\program files (x86)\Norton Internet Security
2011-03-13 20:56 . 2011-03-13 20:56 -------- d-----w- c:\users\Public\Book Place
2011-03-13 20:56 . 2011-03-13 20:56 -------- d-----w- c:\programdata\Blio
2011-03-13 20:55 . 2011-03-14 04:06 -------- d-----w- c:\programdata\Norton
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\program files (x86)\Norton PC Checkup
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckupx64
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\program files\Norton PC Checkup
2011-03-13 20:55 . 2011-03-13 20:57 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\program files (x86)\Toshiba Online Backup
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\program files (x86)\TOSHIBA Corporation
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\program files\Intuit
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\program files (x86)\Intuit
2011-03-13 20:51 . 2011-03-13 20:55 -------- d-----w- c:\program files (x86)\TOSHIBA Games
2011-03-13 20:51 . 2011-03-13 20:55 -------- d-----w- c:\programdata\WildTangent
2011-03-13 20:50 . 2011-03-13 20:50 -------- d-----w- c:\program files (x86)\Common Files\Ulead Systems
2011-03-13 20:50 . 2011-03-13 20:50 -------- d-----w- c:\program files (x86)\Corel
2011-03-13 20:47 . 2009-06-23 00:06 35008 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2011-03-13 20:43 . 1999-10-13 01:47 24576 ----a-w- c:\windows\SysWow64\TSCI.dll
2011-03-13 20:43 . 1999-10-13 01:45 24576 ----a-w- c:\windows\SysWow64\THCI.dll
2011-03-13 20:41 . 2010-02-12 22:49 877088 ----a-w- c:\windows\system32\drivers\rtl8192Ce.sys
2011-03-13 20:41 . 2011-03-13 20:41 -------- d-----w- c:\program files (x86)\Realtek WLAN Driver
2011-03-13 20:41 . 2011-03-13 20:41 -------- d-----w- c:\program files (x86)\Cisco
2011-03-13 20:40 . 2011-03-13 20:40 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2011-03-13 20:40 . 2011-03-13 20:40 -------- d-----w- c:\program files\Synaptics
2011-03-13 20:39 . 2010-02-09 02:19 8038944 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2011-03-13 20:39 . 2011-03-13 20:39 -------- d-----w- c:\program files (x86)\Realtek
2011-03-13 20:39 . 2010-02-09 04:57 239136 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2011-03-13 20:39 . 2010-02-09 02:19 8038944 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
2011-03-13 20:39 . 2010-02-09 02:19 422432 ----a-w- c:\windows\system32\RtsUStor.dll
2011-03-13 20:36 . 2010-03-24 20:55 540696 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-03-13 20:33 . 2011-03-13 20:33 -------- d-----w- C:\Intel
2011-03-13 20:33 . 2011-03-13 20:33 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2011-03-13 18:50 . 2011-03-13 18:50 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-03-13 18:28 . 2011-03-14 09:30 174640 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-03-13 18:28 . 2011-03-14 09:30 -------- d-----w- c:\program files\Symantec
2011-03-13 18:28 . 2011-03-13 18:28 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-03-13 18:18 . 2011-03-13 18:18 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2011-03-13 18:17 . 2011-03-13 18:18 -------- d-----w- c:\users\tanya
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-08-02 02:08 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-06-03 3218792]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-06-11 552960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 136176]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-08-02 332272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-03-10 1124472]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110311.001\IDSvia64.sys [2010-11-09 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1205000.07D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1205000.07D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-01-29 103792]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2009-08-13 297344]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-28 132656]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 02:08]
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 02:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-08-02 02:08 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 410648]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2011-03-14 06:28:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-14 10:28
.
Pre-Run: 282,078,859,264 bytes free
Post-Run: 281,701,838,848 bytes free
.
- - End Of File - - 5EC0EBC32738107C38D07F46100981F2



Okay, it was fine for maybe 10 mins -_- Issues seem to have come back somehow. Thanks ahead of time.

Edited by indiebaby, 14 March 2011 - 04:48 AM.

  • 0

Advertisements

#11
maliprog
Posted 14 March 2011 - 04:53 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi indiebaby,

Nice to hear that! Please do this step and test your system. Let me know how it is. I will prepare some cleanup for you :D

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [resethosts]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply.

  • 0

#12
indiebaby
Posted 14 March 2011 - 05:01 AM

indiebaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: tanya
->Temp folder emptied: 133120 bytes
->Temporary Internet Files folder emptied: 78384763 bytes
->Google Chrome cache emptied: 8438915 bytes
->Flash cache emptied: 2579 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 83.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: tanya
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 03142011_065512

Files\Folders moved on Reboot...
C:\Users\tanya\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\tanya\AppData\Local\Temp\~DF15F620051AB784E3.TMP not found!
File\Folder C:\Users\tanya\AppData\Local\Temp\~DF46AB3BE8E0A29D4D.TMP not found!
File\Folder C:\Users\tanya\AppData\Local\Temp\~DF6A17B598FA0D6D56.TMP not found!
File\Folder C:\Users\tanya\AppData\Local\Temp\~DFB108C7E943F15D6F.TMP not found!
File\Folder C:\Users\tanya\AppData\Local\Temp\~DFDC98E5141996C251.TMP not found!
File\Folder C:\Users\tanya\AppData\Local\Temp\~DFE366FCFC7E09F136.TMP not found!
File\Folder C:\Users\tanya\AppData\Local\Temp\~DFE63D6EAA68011C66.TMP not found!
File\Folder C:\Users\tanya\AppData\Local\Temp\~DFF58D9BEBADDC2BE6.TMP not found!
File\Folder C:\Users\tanya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYVWHKU5\37-virus-spyware-malware-removal[1].htm not found!
C:\Users\tanya\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...


Once agian just in case you didnt see i had edited my previous post, the virus is still active. Felt so close too!
  • 0

#13
maliprog
Posted 14 March 2011 - 05:11 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Let's try something.

  • Disable your internet.
  • Run Combofix and test your system. Does infection comes back when internet is disabled?
  • Enable internet and test it again.
  • Come back here with results.

  • 0

#14
indiebaby
Posted 14 March 2011 - 05:35 AM

indiebaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ComboFix 11-03-13.01 - tanya 03/14/2011 7:28.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2575 [GMT -4:00]
Running from: c:\users\tanya\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 )))))))))))))))))))))))))))))))
.
.
2011-03-14 11:30 . 2011-03-14 11:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-14 04:34 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-14 04:34 . 2011-03-14 04:34 -------- d-----w- c:\programdata\Malwarebytes
2011-03-14 04:34 . 2011-03-14 04:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-14 04:34 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-14 01:21 . 2011-03-14 01:21 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-03-13 20:58 . 2011-03-14 10:26 -------- d-----w- c:\windows\system32\drivers\NISx64
2011-03-13 20:58 . 2011-03-13 20:58 -------- d-----w- c:\program files (x86)\Norton Internet Security
2011-03-13 20:56 . 2011-03-13 20:56 -------- d-----w- c:\users\Public\Book Place
2011-03-13 20:56 . 2011-03-13 20:56 -------- d-----w- c:\programdata\Blio
2011-03-13 20:55 . 2011-03-14 04:06 -------- d-----w- c:\programdata\Norton
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\program files (x86)\Norton PC Checkup
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckupx64
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\program files\Norton PC Checkup
2011-03-13 20:55 . 2011-03-13 20:57 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\program files (x86)\Toshiba Online Backup
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\program files (x86)\TOSHIBA Corporation
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\program files\Intuit
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\program files (x86)\Intuit
2011-03-13 20:51 . 2011-03-13 20:55 -------- d-----w- c:\program files (x86)\TOSHIBA Games
2011-03-13 20:51 . 2011-03-13 20:55 -------- d-----w- c:\programdata\WildTangent
2011-03-13 20:50 . 2011-03-13 20:50 -------- d-----w- c:\program files (x86)\Common Files\Ulead Systems
2011-03-13 20:50 . 2011-03-13 20:50 -------- d-----w- c:\program files (x86)\Corel
2011-03-13 20:47 . 2009-06-23 00:06 35008 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2011-03-13 20:43 . 1999-10-13 01:47 24576 ----a-w- c:\windows\SysWow64\TSCI.dll
2011-03-13 20:43 . 1999-10-13 01:45 24576 ----a-w- c:\windows\SysWow64\THCI.dll
2011-03-13 20:41 . 2010-02-12 22:49 877088 ----a-w- c:\windows\system32\drivers\rtl8192Ce.sys
2011-03-13 20:41 . 2011-03-13 20:41 -------- d-----w- c:\program files (x86)\Realtek WLAN Driver
2011-03-13 20:41 . 2011-03-13 20:41 -------- d-----w- c:\program files (x86)\Cisco
2011-03-13 20:40 . 2011-03-13 20:40 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2011-03-13 20:40 . 2011-03-13 20:40 -------- d-----w- c:\program files\Synaptics
2011-03-13 20:39 . 2010-02-09 02:19 8038944 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2011-03-13 20:39 . 2011-03-13 20:39 -------- d-----w- c:\program files (x86)\Realtek
2011-03-13 20:39 . 2010-02-09 04:57 239136 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2011-03-13 20:39 . 2010-02-09 02:19 8038944 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
2011-03-13 20:39 . 2010-02-09 02:19 422432 ----a-w- c:\windows\system32\RtsUStor.dll
2011-03-13 20:36 . 2010-03-24 20:55 540696 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-03-13 20:33 . 2011-03-13 20:33 -------- d-----w- C:\Intel
2011-03-13 20:33 . 2011-03-13 20:33 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2011-03-13 18:50 . 2011-03-13 18:50 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-03-13 18:28 . 2011-03-14 09:30 174640 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-03-13 18:28 . 2011-03-14 09:30 -------- d-----w- c:\program files\Symantec
2011-03-13 18:28 . 2011-03-13 18:28 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-03-13 18:18 . 2011-03-13 18:18 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2011-03-13 18:17 . 2011-03-13 18:18 -------- d-----w- c:\users\tanya
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-14_10.26.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-02 01:45 . 2011-03-14 10:59 34344 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-03-14 10:59 32826 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-13 18:29 . 2011-03-14 10:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-13 18:29 . 2011-03-14 09:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-13 18:29 . 2011-03-14 09:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-13 18:29 . 2011-03-14 10:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-13 18:29 . 2011-03-14 10:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-13 18:29 . 2011-03-14 09:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-13 18:29 . 2011-03-14 10:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-13 18:29 . 2011-03-14 09:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-13 18:29 . 2011-03-14 10:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-13 18:29 . 2011-03-14 09:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-13 18:29 . 2011-03-14 10:59 2908 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2630291887-2287508974-1589410634-1001_UserData.bin
- 2011-03-14 10:25 . 2011-03-14 10:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-14 10:57 . 2011-03-14 10:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-14 10:57 . 2011-03-14 10:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-14 10:25 . 2011-03-14 10:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-03-14 09:05 615360 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-03-14 11:02 615360 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-03-14 09:05 103702 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-03-14 11:02 103702 c:\windows\system32\perfc009.dat
- 2009-07-14 02:34 . 2011-03-14 09:11 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-03-14 11:10 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-08-02 02:08 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-06-03 3218792]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-06-11 552960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 136176]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-08-02 332272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-03-10 1124472]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110311.001\IDSvia64.sys [2010-11-09 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1205000.07D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1205000.07D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-01-29 103792]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2009-08-13 297344]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-28 132656]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 02:08]
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 02:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-08-02 02:08 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 410648]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"Teco"="%ProgramFiles%\TOSHIBA\TECO\Teco.exe" [BU]
"SmartFaceVWatcher"="%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosNC"="%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"ComboFix 11-03-13.01 - tanya 03/14/2011 7:28.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2575 [GMT -4:00]
Running from: c:\users\tanya\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 )))))))))))))))))))))))))))))))
.
.
2011-03-14 11:30 . 2011-03-14 11:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-14 04:34 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-14 04:34 . 2011-03-14 04:34 -------- d-----w- c:\programdata\Malwarebytes
2011-03-14 04:34 . 2011-03-14 04:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-14 04:34 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-14 01:21 . 2011-03-14 01:21 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-03-13 20:58 . 2011-03-14 10:26 -------- d-----w- c:\windows\system32\drivers\NISx64
2011-03-13 20:58 . 2011-03-13 20:58 -------- d-----w- c:\program files (x86)\Norton Internet Security
2011-03-13 20:56 . 2011-03-13 20:56 -------- d-----w- c:\users\Public\Book Place
2011-03-13 20:56 . 2011-03-13 20:56 -------- d-----w- c:\programdata\Blio
2011-03-13 20:55 . 2011-03-14 04:06 -------- d-----w- c:\programdata\Norton
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\program files (x86)\Norton PC Checkup
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckupx64
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\program files\Norton PC Checkup
2011-03-13 20:55 . 2011-03-13 20:57 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\program files (x86)\Toshiba Online Backup
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\program files (x86)\TOSHIBA Corporation
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\program files\Intuit
2011-03-13 20:55 . 2011-03-13 20:55 -------- d-----w- c:\program files (x86)\Intuit
2011-03-13 20:51 . 2011-03-13 20:55 -------- d-----w- c:\program files (x86)\TOSHIBA Games
2011-03-13 20:51 . 2011-03-13 20:55 -------- d-----w- c:\programdata\WildTangent
2011-03-13 20:50 . 2011-03-13 20:50 -------- d-----w- c:\program files (x86)\Common Files\Ulead Systems
2011-03-13 20:50 . 2011-03-13 20:50 -------- d-----w- c:\program files (x86)\Corel
2011-03-13 20:47 . 2009-06-23 00:06 35008 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2011-03-13 20:43 . 1999-10-13 01:47 24576 ----a-w- c:\windows\SysWow64\TSCI.dll
2011-03-13 20:43 . 1999-10-13 01:45 24576 ----a-w- c:\windows\SysWow64\THCI.dll
2011-03-13 20:41 . 2010-02-12 22:49 877088 ----a-w- c:\windows\system32\drivers\rtl8192Ce.sys
2011-03-13 20:41 . 2011-03-13 20:41 -------- d-----w- c:\program files (x86)\Realtek WLAN Driver
2011-03-13 20:41 . 2011-03-13 20:41 -------- d-----w- c:\program files (x86)\Cisco
2011-03-13 20:40 . 2011-03-13 20:40 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2011-03-13 20:40 . 2011-03-13 20:40 -------- d-----w- c:\program files\Synaptics
2011-03-13 20:39 . 2010-02-09 02:19 8038944 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2011-03-13 20:39 . 2011-03-13 20:39 -------- d-----w- c:\program files (x86)\Realtek
2011-03-13 20:39 . 2010-02-09 04:57 239136 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2011-03-13 20:39 . 2010-02-09 02:19 8038944 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
2011-03-13 20:39 . 2010-02-09 02:19 422432 ----a-w- c:\windows\system32\RtsUStor.dll
2011-03-13 20:36 . 2010-03-24 20:55 540696 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-03-13 20:33 . 2011-03-13 20:33 -------- d-----w- C:\Intel
2011-03-13 20:33 . 2011-03-13 20:33 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2011-03-13 18:50 . 2011-03-13 18:50 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-03-13 18:28 . 2011-03-14 09:30 174640 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-03-13 18:28 . 2011-03-14 09:30 -------- d-----w- c:\program files\Symantec
2011-03-13 18:28 . 2011-03-13 18:28 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-03-13 18:18 . 2011-03-13 18:18 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2011-03-13 18:17 . 2011-03-13 18:18 -------- d-----w- c:\users\tanya
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-14_10.26.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-02 01:45 . 2011-03-14 10:59 34344 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-03-14 10:59 32826 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-13 18:29 . 2011-03-14 10:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-13 18:29 . 2011-03-14 09:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-13 18:29 . 2011-03-14 09:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-13 18:29 . 2011-03-14 10:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-13 18:29 . 2011-03-14 10:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-13 18:29 . 2011-03-14 09:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-13 18:29 . 2011-03-14 10:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-13 18:29 . 2011-03-14 09:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-13 18:29 . 2011-03-14 10:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-13 18:29 . 2011-03-14 09:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-13 18:29 . 2011-03-14 10:59 2908 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2630291887-2287508974-1589410634-1001_UserData.bin
- 2011-03-14 10:25 . 2011-03-14 10:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-14 10:57 . 2011-03-14 10:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-14 10:57 . 2011-03-14 10:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-14 10:25 . 2011-03-14 10:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-03-14 09:05 615360 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-03-14 11:02 615360 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-03-14 09:05 103702 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-03-14 11:02 103702 c:\windows\system32\perfc009.dat
- 2009-07-14 02:34 . 2011-03-14 09:11 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-03-14 11:10 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-08-02 02:08 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-06-03 3218792]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-06-11 552960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 136176]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-08-02 332272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-03-10 1124472]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110311.001\IDSvia64.sys [2010-11-09 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1205000.07D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1205000.07D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-01-29 103792]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2009-08-13 297344]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-28 132656]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 02:08]
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 02:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-08-02 02:08 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 410648]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"Teco"="%ProgramFiles%\TOSHIBA\TECO\Teco.exe" [BU]
"SmartFaceVWatcher"="%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosNC"="%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-14 07:32:27
ComboFix-quarantined-files.txt 2011-03-14 11:32
ComboFix2.txt 2011-03-14 11:24
ComboFix3.txt 2011-03-14 10:28
.
Pre-Run: 281,310,199,808 bytes free
Post-Run: 281,263,960,064 bytes free
.
- - End Of File - - 67B79B4AD44B9A9DF6957CBD885E1FE5

.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-14 07:32:27
ComboFix-quarantined-files.txt 2011-03-14 11:32
ComboFix2.txt 2011-03-14 11:24
ComboFix3.txt 2011-03-14 10:28
.
Pre-Run: 281,310,199,808 bytes free
Post-Run: 281,263,960,064 bytes free
.
- - End Of File - - 67B79B4AD44B9A9DF6957CBD885E1FE5





This is the log from after i turned on the internet. The only change was combofix had updated. Virus was still active after 1st run with internet off.
  • 0

#15
maliprog
Posted 14 March 2011 - 05:51 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please try use your PC in safe mode. Does it happens in safe mode too?

Please restart in safe mode:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP