Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 7 Redirect Virus


  • This topic is locked This topic is locked

#1
lkaz

lkaz

    Member

  • Member
  • PipPip
  • 43 posts
Hello - I am experiencing symptoms of the Redirect Virus. I have performed the operations listed on a previous post.
I am also getting a repeated IE warning that a website wants to download a file associated with Rundll32. I tell it NOT to download.

Thanks so much for any help you can give me.
Linda K.

I will post the results below in this order:

OTL Extras logfile
OTL logfile
TDSS rootkit
aswMBR


OTL Extras logfile created on: 8/31/2011 6:53:35 PM - Run 1
OTL by OldTimer - Version 3.2.26.7 Folder = C:\Users\Linda\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 44.56% Memory free
7.49 Gb Paging File | 5.30 Gb Available in Paging File | 70.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.42 Gb Total Space | 414.41 Gb Free Space | 91.39% Space Free | Partition Type: NTFS
Drive E: | 247.22 Mb Total Space | 7.80 Mb Free Space | 3.15% Space Free | Partition Type: FAT

Computer Name: LINDA-PC | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{21E2A283-1416-AF26-6DA1-92FDE02224EB}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java™ 7 (64-bit)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE3DFCA2-6F42-509D-555C-68A923314062}" = ATI Catalyst Install Manager
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02950E10-1AA3-DF62-FED5-42CBD4ADC5C1}" = CCC Help Dutch
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = [email protected] 1.0
"{118F5964-DA03-7B46-BDEA-7C3FA203D293}" = CCC Help Spanish
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1CF51B76-7485-410C-D06D-23D1060974D3}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21759FAC-AE5F-F171-EB4C-D2FBF66EDD04}" = CCC Help Czech
"{219B4856-468A-F0BB-8249-E630AD4E86C2}" = ccc-core-static
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23EA31D7-28CD-F7B3-024C-6EB784F1BC79}" = CCC Help Russian
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3669F19D-D7C2-3240-C4EC-A57DECC124FC}" = CCC Help Japanese
"{38A0161D-7CD3-51AD-0ACB-F46DD34D2FF6}" = CCC Help Greek
"{39670BCD-6300-21D8-78A4-ECD68D0C4D95}" = CCC Help Chinese Standard
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46A46830-50AA-3326-7A57-72BB03E6B3EC}" = CCC Help Hungarian
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47984ADB-54E9-BE8F-E39F-8B1FAAD4B192}" = CCC Help Polish
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5570C266-C606-85BC-6E23-C858566E02DB}" = CCC Help Swedish
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E620377-939F-3E6B-F328-4A69D9CA0D1B}" = CCC Help French
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65F5F454-0029-045D-82ED-126F650B5C8F}" = Catalyst Control Center Graphics Previews Vista
"{6DBDC768-CE21-4F59-A819-1CFD5D97C84B}" = Verizon Wireless MiFi-2200 Firmware Updates
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{780F9A1C-6BFE-4691-83A9-095D859E3052}" = VZAccess Manager
"{836775DC-DC27-BC0C-7770-68E2591F6CC6}" = CCC Help Norwegian
"{86236CB1-023D-82B2-A706-74ECFFA91A8E}" = Catalyst Control Center Graphics Previews Common
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B4BD0EF-A058-3F42-0AD8-763267A735D0}" = Catalyst Control Center Graphics Full New
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91D25D3C-A6D8-78D4-CDE7-F70B93389A03}" = CCC Help Italian
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD5AC28-04E5-07A5-100D-953D2B3A8747}" = Catalyst Control Center Graphics Full Existing
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AD8D84C3-D43A-776D-E4A8-2A4433BCBD32}" = CCC Help Korean
"{B0402CE4-783A-773C-239B-FF45BDFB400E}" = Catalyst Control Center Localization All
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B32B60B9-C31B-3193-257A-2381305A0851}" = CCC Help German
"{B3B66630-DA7C-BD66-DFA4-F37AC82873EE}" = CCC Help Danish
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B8615768-6D66-5E53-C4E1-6F7EC8D9BFFE}" = CCC Help English
"{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}" = Toshiba Book Place
"{C289841E-5B5F-0198-F3FF-CB361D007DA3}" = CCC Help Thai
"{C7BC4EBB-D88F-019D-8ED0-F42F89096B18}" = CCC Help Turkish
"{D10D079D-EFDA-9601-98F8-F935A2A411A0}" = CCC Help Chinese Traditional
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DFD723B7-1762-73EC-32BC-A7D9E838808D}" = Catalyst Control Center Graphics Light
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E819AA87-4215-D35A-6872-BF97C32A9DB3}" = CCC Help Finnish
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F19553C5-F843-4C27-BF9F-9DE4D901B895}" = Verizon Mobile Broadband Drivers
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FD1F254C-48B2-A188-0127-03855BA15D16}" = CCC Help Portuguese
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"FileHippo.com" = FileHippo.com Update Checker
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SpywareBlaster_is1" = SpywareBlaster 4.4
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/26/2011 5:16:30 PM | Computer Name = Linda-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16700 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 598 Start
Time: 01cbb32c0f41461f Termination Time: 0 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 2/21/2011 5:27:58 PM | Computer Name = Linda-PC | Source = Application Error | ID = 1000
Description = Faulting application name: VZAccess Manager.exe, version: 7.2.7.1,
time stamp: 0x4b5a63a0 Faulting module name: ntdll.dll, version: 6.1.7600.16695,
time stamp: 0x4cc7ab86 Exception code: 0xc0000374 Fault offset: 0x000cea27 Faulting
process id: 0x1b38 Faulting application start time: 0x01cbd130ffa2f436 Faulting application
path: C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
Faulting
module path: C:\windows\SysWOW64\ntdll.dll Report Id: 73943e12-3e01-11e0-b715-88ae1d5a8347

Error - 5/15/2011 2:38:18 PM | Computer Name = Linda-PC | Source = Application Hang | ID = 1002
Description = The program OIS.EXE version 14.0.4750.1000 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 16f8 Start
Time: 01cc132dfc3a3a15 Termination Time: 0 Application Path: C:\Program Files (x86)\Microsoft
Office\Office14\OIS.EXE Report Id: 73d620f4-7f22-11e0-b058-88ae1d5a8347

Error - 5/24/2011 2:36:00 PM | Computer Name = Linda-PC | Source = Application Error | ID = 1000
Description = Faulting application name: 0.3731283353860232.exe, version: 5.1.2600.5698,
time stamp: 0x4ddbd56d Faulting module name: 0.3731283353860232.exe, version: 5.1.2600.5698,
time stamp: 0x4ddbd56d Exception code: 0xc0000005 Fault offset: 0x0000145f Faulting
process id: 0x253c Faulting application start time: 0x01cc1a416a3c28a1 Faulting application
path: E:\Homeschool 2010-2011\0.3731283353860232.exe Faulting module path: E:\Homeschool
2010-2011\0.3731283353860232.exe Report Id: abc22d32-8634-11e0-b058-88ae1d5a8347

Error - 5/24/2011 2:36:12 PM | Computer Name = Linda-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16766,
time stamp: 0x4d65d5c3 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x67676767 Faulting process id:
0x1ddc Faulting application start time: 0x01cc1a3e6ae67ca3 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: b2b4511d-8634-11e0-b058-88ae1d5a8347

Error - 6/29/2011 11:08:53 AM | Computer Name = Linda-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16800 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 16e8 Start
Time: 01cc30f9df671dc1 Termination Time: 1701 Application Path: C:\Program Files
(x86)\Internet Explorer\iexplore.exe Report Id:

[ Media Center Events ]
Error - 8/29/2011 11:59:22 AM | Computer Name = Linda-PC | Source = MCUpdate | ID = 0
Description = 11:59:20 AM - Error connecting to the internet. 11:59:20 AM - Unable
to contact server..

Error - 8/29/2011 12:59:27 PM | Computer Name = Linda-PC | Source = MCUpdate | ID = 0
Description = 12:59:25 PM - Error connecting to the internet. 12:59:25 PM - Unable
to contact server..

Error - 8/30/2011 8:33:42 AM | Computer Name = Linda-PC | Source = MCUpdate | ID = 0
Description = 8:33:39 AM - Error connecting to the internet. 8:33:39 AM - Unable
to contact server..

Error - 8/30/2011 4:27:39 PM | Computer Name = Linda-PC | Source = MCUpdate | ID = 0
Description = 4:27:39 PM - Error connecting to the internet. 4:27:39 PM - Unable
to contact server..

Error - 8/30/2011 4:27:48 PM | Computer Name = Linda-PC | Source = MCUpdate | ID = 0
Description = 4:27:44 PM - Error connecting to the internet. 4:27:44 PM - Unable
to contact server..

Error - 8/31/2011 8:56:54 AM | Computer Name = Linda-PC | Source = MCUpdate | ID = 0
Description = 8:56:54 AM - Error connecting to the internet. 8:56:54 AM - Unable
to contact server..

Error - 8/31/2011 8:57:01 AM | Computer Name = Linda-PC | Source = MCUpdate | ID = 0
Description = 8:56:59 AM - Error connecting to the internet. 8:56:59 AM - Unable
to contact server..

Error - 8/31/2011 9:57:15 AM | Computer Name = Linda-PC | Source = MCUpdate | ID = 0
Description = 9:57:14 AM - Error connecting to the internet. 9:57:14 AM - Unable
to contact server..

Error - 8/31/2011 9:58:05 AM | Computer Name = Linda-PC | Source = MCUpdate | ID = 0
Description = 9:57:26 AM - Error connecting to the internet. 9:57:26 AM - Unable
to contact server..

Error - 8/31/2011 2:33:41 PM | Computer Name = Linda-PC | Source = MCUpdate | ID = 0
Description = 2:33:39 PM - Error connecting to the internet. 2:33:39 PM - Unable
to contact server..

[ System Events ]
Error - 8/18/2011 3:41:51 PM | Computer Name = Linda-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR6.

Error - 8/18/2011 3:41:51 PM | Computer Name = Linda-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR6.

Error - 8/19/2011 12:21:43 PM | Computer Name = Linda-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.111.129.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 8/19/2011 7:38:38 PM | Computer Name = Linda-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR8.

Error - 8/19/2011 7:38:38 PM | Computer Name = Linda-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR8.

Error - 8/19/2011 7:38:39 PM | Computer Name = Linda-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR8.

Error - 8/22/2011 9:47:39 AM | Computer Name = Linda-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.111.339.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 8/22/2011 9:28:08 PM | Computer Name = Linda-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR10.

Error - 8/22/2011 9:28:08 PM | Computer Name = Linda-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR10.

Error - 8/22/2011 9:28:09 PM | Computer Name = Linda-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR10.


< End of report >

******************************************************************************************************************************************8

OTL logfile created on: 8/31/2011 6:53:35 PM - Run 1
OTL by OldTimer - Version 3.2.26.7 Folder = C:\Users\Linda\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 44.56% Memory free
7.49 Gb Paging File | 5.30 Gb Available in Paging File | 70.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.42 Gb Total Space | 414.41 Gb Free Space | 91.39% Space Free | Partition Type: NTFS
Drive E: | 247.22 Mb Total Space | 7.80 Mb Free Space | 3.15% Space Free | Partition Type: FAT

Computer Name: LINDA-PC | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/31 18:51:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Linda\Desktop\OTL.scr
PRC - [2010/12/09 13:40:04 | 003,826,968 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
PRC - [2010/09/17 14:45:53 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2009/12/25 18:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/30 06:19:44 | 000,114,688 | ---- | M] () -- C:\Users\Linda\AppData\Local\advGLARM\MSNAuthenticationserv.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/04/06 17:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/03/15 12:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/23 20:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 01:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/06/14 11:00:48 | 000,270,848 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe -- (NWVZHelper)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/08 10:52:32 | 000,256,512 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2010/07/08 10:52:32 | 000,217,728 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser2_000.sys -- (NWUSBPort2_000) Novatel Wireless USB Status2 Port Driver (vGEN)
DRV:64bit: - [2010/07/08 10:52:32 | 000,217,728 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser_000.sys -- (NWUSBPort_000) Novatel Wireless USB Status Port Driver (vGEN)
DRV:64bit: - [2010/07/08 10:52:32 | 000,217,728 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbmdm_000.sys -- (NWUSBModem_000) Novatel Wireless USB Modem Driver (vGEN)
DRV:64bit: - [2010/07/08 10:52:32 | 000,025,600 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NwUsbCdFil64.sys -- (NWUSBCDFIL64)
DRV:64bit: - [2010/04/28 14:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/03/15 13:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/15 12:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/12 17:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/07 12:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/02 18:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/31 00:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 12:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSND&bmod=TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSND&bmod=TSND

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://forecast.weat...d2=-81.9642&e=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [MSNAuthenticationserv] C:\Users\Linda\AppData\Local\advGLARM\MSNAuthenticationserv.dll ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{08019d3c-d3d8-11df-ac5d-88ae1d5a8347}\Shell - "" = AutoRun
O33 - MountPoints2\{08019d3c-d3d8-11df-ac5d-88ae1d5a8347}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{08019d4b-d3d8-11df-ac5d-88ae1d5a8347}\Shell - "" = AutoRun
O33 - MountPoints2\{08019d4b-d3d8-11df-ac5d-88ae1d5a8347}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{08019e8b-d3d8-11df-ac5d-88ae1d5a8347}\Shell - "" = AutoRun
O33 - MountPoints2\{08019e8b-d3d8-11df-ac5d-88ae1d5a8347}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
O33 - MountPoints2\{38c1b97d-b09e-11e0-acd6-88ae1d5a8347}\Shell - "" = AutoRun
O33 - MountPoints2\{38c1b97d-b09e-11e0-acd6-88ae1d5a8347}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{4bea8733-e51f-11df-bc8a-88ae1d5a8347}\Shell - "" = AutoRun
O33 - MountPoints2\{4bea8733-e51f-11df-bc8a-88ae1d5a8347}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\welcome.htm
O33 - MountPoints2\{5f6ae253-a342-11e0-acaf-88ae1d5a8347}\Shell - "" = AutoRun
O33 - MountPoints2\{5f6ae253-a342-11e0-acaf-88ae1d5a8347}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\welcome.htm
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/31 18:50:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Linda\Desktop\OTL.scr
[2011/08/31 16:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/08/31 16:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/08/31 15:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2011/08/31 15:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/08/31 15:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2011/08/31 15:38:28 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/31 15:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/31 15:38:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/29 20:16:47 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\advGLARM
[2011/08/29 20:07:35 | 000,000,000 | ---D | C] -- C:\Users\Linda\Desktop\SetUp Files
[2011/08/29 13:59:21 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Skype
[2011/08/29 13:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/08/29 13:59:13 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/08/29 13:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/08/23 10:37:37 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\ElevatedDiagnostics
[2011/08/23 10:16:21 | 000,000,000 | ---D | C] -- C:\windows\pss
[2011/08/22 20:59:07 | 000,000,000 | ---D | C] -- C:\Music MP3
[2011/08/20 08:22:05 | 000,000,000 | ---D | C] -- C:\Users\Linda\Documents\Archeology
[2011/08/16 09:41:13 | 000,000,000 | ---D | C] -- C:\Users\Linda\Documents\GE
[2011/08/11 18:31:38 | 000,000,000 | ---D | C] -- C:\windows\SysNative\SPReview
[2011/08/11 18:31:07 | 000,000,000 | ---D | C] -- C:\windows\SysNative\EventProviders
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/31 18:51:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Linda\Desktop\OTL.scr
[2011/08/31 18:24:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/31 18:07:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/08/31 16:14:59 | 000,001,984 | ---- | M] () -- C:\Users\Linda\Desktop\Update Checker.lnk
[2011/08/31 15:42:46 | 000,001,018 | ---- | M] () -- C:\Users\Linda\Desktop\SpywareBlaster.lnk
[2011/08/31 15:38:28 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/31 11:21:37 | 000,000,000 | -H-- | M] () -- C:\Users\Linda\Documents\Default.rdp
[2011/08/31 10:24:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/30 12:43:20 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 12:43:20 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 12:35:46 | 3016,503,296 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/29 13:59:16 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/29 13:13:15 | 000,007,601 | ---- | M] () -- C:\Users\Linda\AppData\Local\Resmon.ResmonCfg
[2011/08/26 11:49:20 | 000,000,173 | ---- | M] () -- C:\Users\Linda\AppData\Local\msmathematics.qat.Linda
[2011/08/23 11:09:45 | 000,729,688 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/08/23 11:09:45 | 000,626,278 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/08/23 11:09:45 | 000,107,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/08/23 09:39:03 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2011/08/23 09:38:48 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/08/18 11:54:36 | 000,009,132 | -HS- | M] () -- C:\Users\Linda\AppData\Local\7w3r8gvdy50kjw603x4x2e47uo344v2gr0
[2011/08/16 09:26:57 | 000,414,656 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/08/08 11:40:24 | 000,009,254 | -HS- | M] () -- C:\ProgramData\7w3r8gvdy50kjw603x4x2e47uo344v2gr0
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/31 16:07:40 | 000,002,014 | ---- | C] () -- C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2011/08/31 16:07:40 | 000,001,984 | ---- | C] () -- C:\Users\Linda\Desktop\Update Checker.lnk
[2011/08/31 15:42:46 | 000,001,018 | ---- | C] () -- C:\Users\Linda\Desktop\SpywareBlaster.lnk
[2011/08/31 15:38:28 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/31 11:21:37 | 000,000,000 | -H-- | C] () -- C:\Users\Linda\Documents\Default.rdp
[2011/08/29 13:59:16 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/29 13:11:14 | 000,007,601 | ---- | C] () -- C:\Users\Linda\AppData\Local\Resmon.ResmonCfg
[2011/08/23 10:34:16 | 000,001,307 | ---- | C] () -- C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/08/08 11:33:05 | 000,009,254 | -HS- | C] () -- C:\ProgramData\7w3r8gvdy50kjw603x4x2e47uo344v2gr0
[2011/08/08 11:33:05 | 000,009,132 | -HS- | C] () -- C:\Users\Linda\AppData\Local\7w3r8gvdy50kjw603x4x2e47uo344v2gr0
[2011/07/24 14:33:04 | 000,000,173 | ---- | C] () -- C:\Users\Linda\AppData\Local\msmathematics.qat.Linda
[2011/07/08 11:21:42 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/07/07 17:03:24 | 000,000,176 | ---- | C] () -- C:\ProgramData\~36757240r
[2011/07/07 17:03:23 | 000,000,232 | ---- | C] () -- C:\ProgramData\~36757240
[2011/07/07 17:03:13 | 000,000,344 | ---- | C] () -- C:\ProgramData\36757240
[2011/07/07 14:59:16 | 000,000,336 | ---- | C] () -- C:\ProgramData\37412600
[2010/09/17 14:33:46 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2010/09/17 14:29:07 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/09/17 14:26:46 | 000,001,105 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2009/04/28 07:37:00 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll

========== LOP Check ==========

[2011/08/18 13:15:34 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Smith Micro
[2010/10/09 16:50:23 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Toshiba
[2010/10/09 16:02:22 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\WinBatch
[2011/04/12 10:11:11 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Windows Live Writer
[2009/07/14 01:08:49 | 000,014,950 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< >

< End of report >
**************************************************************************************8

2011/08/31 19:05:07.0292 2956 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/31 19:05:08.0009 2956 ================================================================================
2011/08/31 19:05:08.0009 2956 SystemInfo:
2011/08/31 19:05:08.0009 2956
2011/08/31 19:05:08.0009 2956 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/31 19:05:08.0009 2956 Product type: Workstation
2011/08/31 19:05:08.0009 2956 ComputerName: LINDA-PC
2011/08/31 19:05:08.0009 2956 UserName: Linda
2011/08/31 19:05:08.0009 2956 Windows directory: C:\windows
2011/08/31 19:05:08.0009 2956 System windows directory: C:\windows
2011/08/31 19:05:08.0009 2956 Running under WOW64
2011/08/31 19:05:08.0009 2956 Processor architecture: Intel x64
2011/08/31 19:05:08.0009 2956 Number of processors: 2
2011/08/31 19:05:08.0009 2956 Page size: 0x1000
2011/08/31 19:05:08.0009 2956 Boot type: Normal boot
2011/08/31 19:05:08.0009 2956 ================================================================================
2011/08/31 19:05:09.0117 2956 Initialize success
2011/08/31 19:05:18.0742 4552 ================================================================================
2011/08/31 19:05:18.0742 4552 Scan started
2011/08/31 19:05:18.0742 4552 Mode: Manual;
2011/08/31 19:05:18.0742 4552 ================================================================================
2011/08/31 19:05:19.0491 4552 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
2011/08/31 19:05:19.0616 4552 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
2011/08/31 19:05:19.0725 4552 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
2011/08/31 19:05:19.0834 4552 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
2011/08/31 19:05:19.0975 4552 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
2011/08/31 19:05:20.0084 4552 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
2011/08/31 19:05:20.0224 4552 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
2011/08/31 19:05:20.0365 4552 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\windows\system32\DRIVERS\agrsm64.sys
2011/08/31 19:05:20.0489 4552 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
2011/08/31 19:05:20.0599 4552 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
2011/08/31 19:05:20.0723 4552 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
2011/08/31 19:05:20.0833 4552 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
2011/08/31 19:05:21.0113 4552 amdkmdag (aefaf27f1b7e52c705df4fb6c96732f6) C:\windows\system32\DRIVERS\atipmdag.sys
2011/08/31 19:05:21.0363 4552 amdkmdap (8149db73be27950ec72767a1193153a6) C:\windows\system32\DRIVERS\atikmpag.sys
2011/08/31 19:05:21.0472 4552 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
2011/08/31 19:05:21.0566 4552 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\windows\system32\DRIVERS\amdsata.sys
2011/08/31 19:05:21.0691 4552 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
2011/08/31 19:05:21.0800 4552 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\windows\system32\DRIVERS\amdxata.sys
2011/08/31 19:05:21.0909 4552 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
2011/08/31 19:05:22.0034 4552 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
2011/08/31 19:05:22.0143 4552 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
2011/08/31 19:05:22.0268 4552 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
2011/08/31 19:05:22.0393 4552 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
2011/08/31 19:05:22.0517 4552 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\windows\system32\DRIVERS\AtiPcie.sys
2011/08/31 19:05:22.0673 4552 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
2011/08/31 19:05:22.0814 4552 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
2011/08/31 19:05:22.0923 4552 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
2011/08/31 19:05:23.0079 4552 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
2011/08/31 19:05:23.0188 4552 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
2011/08/31 19:05:23.0313 4552 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/08/31 19:05:23.0407 4552 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/08/31 19:05:23.0531 4552 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
2011/08/31 19:05:23.0641 4552 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
2011/08/31 19:05:23.0828 4552 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/08/31 19:05:23.0921 4552 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
2011/08/31 19:05:24.0046 4552 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
2011/08/31 19:05:24.0155 4552 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
2011/08/31 19:05:24.0280 4552 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
2011/08/31 19:05:24.0405 4552 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
2011/08/31 19:05:24.0499 4552 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
2011/08/31 19:05:24.0639 4552 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
2011/08/31 19:05:24.0748 4552 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
2011/08/31 19:05:24.0857 4552 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
2011/08/31 19:05:24.0982 4552 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
2011/08/31 19:05:25.0091 4552 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
2011/08/31 19:05:25.0201 4552 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
2011/08/31 19:05:25.0341 4552 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
2011/08/31 19:05:25.0450 4552 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
2011/08/31 19:05:25.0575 4552 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
2011/08/31 19:05:25.0700 4552 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
2011/08/31 19:05:25.0825 4552 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
2011/08/31 19:05:26.0043 4552 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
2011/08/31 19:05:26.0277 4552 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
2011/08/31 19:05:26.0386 4552 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
2011/08/31 19:05:26.0527 4552 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
2011/08/31 19:05:26.0636 4552 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
2011/08/31 19:05:26.0745 4552 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
2011/08/31 19:05:26.0870 4552 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
2011/08/31 19:05:26.0995 4552 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
2011/08/31 19:05:27.0104 4552 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
2011/08/31 19:05:27.0197 4552 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
2011/08/31 19:05:27.0322 4552 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
2011/08/31 19:05:27.0416 4552 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
2011/08/31 19:05:27.0556 4552 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
2011/08/31 19:05:27.0665 4552 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/08/31 19:05:27.0821 4552 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
2011/08/31 19:05:27.0946 4552 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
2011/08/31 19:05:28.0071 4552 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
2011/08/31 19:05:28.0180 4552 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
2011/08/31 19:05:28.0305 4552 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
2011/08/31 19:05:28.0399 4552 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
2011/08/31 19:05:28.0523 4552 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
2011/08/31 19:05:28.0633 4552 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
2011/08/31 19:05:28.0773 4552 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
2011/08/31 19:05:28.0945 4552 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
2011/08/31 19:05:29.0054 4552 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
2011/08/31 19:05:29.0179 4552 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
2011/08/31 19:05:29.0303 4552 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
2011/08/31 19:05:29.0459 4552 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\windows\system32\drivers\RTKVHD64.sys
2011/08/31 19:05:29.0584 4552 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
2011/08/31 19:05:29.0693 4552 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
2011/08/31 19:05:29.0818 4552 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/08/31 19:05:29.0927 4552 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
2011/08/31 19:05:30.0037 4552 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
2011/08/31 19:05:30.0161 4552 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
2011/08/31 19:05:30.0255 4552 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
2011/08/31 19:05:30.0380 4552 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
2011/08/31 19:05:30.0489 4552 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
2011/08/31 19:05:30.0583 4552 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
2011/08/31 19:05:30.0707 4552 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
2011/08/31 19:05:30.0817 4552 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
2011/08/31 19:05:30.0926 4552 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
2011/08/31 19:05:31.0097 4552 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
2011/08/31 19:05:31.0222 4552 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys
2011/08/31 19:05:31.0363 4552 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/08/31 19:05:31.0472 4552 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/08/31 19:05:31.0581 4552 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/08/31 19:05:31.0706 4552 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/08/31 19:05:31.0831 4552 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
2011/08/31 19:05:31.0940 4552 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
2011/08/31 19:05:32.0049 4552 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
2011/08/31 19:05:32.0174 4552 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
2011/08/31 19:05:32.0283 4552 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
2011/08/31 19:05:32.0392 4552 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
2011/08/31 19:05:32.0517 4552 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
2011/08/31 19:05:32.0626 4552 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
2011/08/31 19:05:32.0751 4552 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
2011/08/31 19:05:32.0860 4552 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
2011/08/31 19:05:32.0985 4552 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
2011/08/31 19:05:33.0110 4552 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
2011/08/31 19:05:33.0219 4552 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
2011/08/31 19:05:33.0313 4552 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/08/31 19:05:33.0422 4552 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/08/31 19:05:33.0515 4552 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/08/31 19:05:33.0625 4552 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
2011/08/31 19:05:33.0718 4552 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
2011/08/31 19:05:33.0859 4552 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
2011/08/31 19:05:34.0108 4552 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
2011/08/31 19:05:34.0155 4552 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
2011/08/31 19:05:34.0280 4552 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
2011/08/31 19:05:34.0405 4552 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
2011/08/31 19:05:34.0529 4552 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
2011/08/31 19:05:34.0639 4552 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
2011/08/31 19:05:34.0763 4552 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
2011/08/31 19:05:34.0873 4552 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
2011/08/31 19:05:34.0966 4552 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
2011/08/31 19:05:35.0075 4552 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
2011/08/31 19:05:35.0200 4552 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
2011/08/31 19:05:35.0387 4552 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
2011/08/31 19:05:35.0512 4552 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
2011/08/31 19:05:35.0606 4552 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
2011/08/31 19:05:35.0715 4552 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
2011/08/31 19:05:35.0824 4552 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
2011/08/31 19:05:35.0918 4552 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
2011/08/31 19:05:36.0011 4552 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
2011/08/31 19:05:36.0105 4552 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
2011/08/31 19:05:36.0245 4552 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
2011/08/31 19:05:36.0355 4552 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/31 19:05:36.0464 4552 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
2011/08/31 19:05:36.0573 4552 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
2011/08/31 19:05:36.0713 4552 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
2011/08/31 19:05:36.0807 4552 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
2011/08/31 19:05:36.0932 4552 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
2011/08/31 19:05:37.0057 4552 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
2011/08/31 19:05:37.0166 4552 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
2011/08/31 19:05:37.0291 4552 NWADI (6eeb54e34603dd417ece187c8402320a) C:\windows\system32\DRIVERS\NWADIenum.sys
2011/08/31 19:05:37.0431 4552 NWUSBCDFIL64 (d944d4341429093f55cb7f0ec87c86b3) C:\windows\system32\DRIVERS\NwUsbCdFil64.sys
2011/08/31 19:05:37.0556 4552 NWUSBModem_000 (877ce72712d7860fd815884438d824b8) C:\windows\system32\DRIVERS\nwusbmdm_000.sys
2011/08/31 19:05:37.0696 4552 NWUSBPort2_000 (877ce72712d7860fd815884438d824b8) C:\windows\system32\DRIVERS\nwusbser2_000.sys
2011/08/31 19:05:37.0837 4552 NWUSBPort_000 (877ce72712d7860fd815884438d824b8) C:\windows\system32\DRIVERS\nwusbser_000.sys
2011/08/31 19:05:37.0977 4552 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
2011/08/31 19:05:38.0102 4552 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
2011/08/31 19:05:38.0195 4552 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
2011/08/31 19:05:38.0305 4552 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
2011/08/31 19:05:38.0414 4552 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
2011/08/31 19:05:38.0507 4552 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
2011/08/31 19:05:38.0617 4552 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
2011/08/31 19:05:38.0726 4552 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
2011/08/31 19:05:38.0866 4552 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
2011/08/31 19:05:39.0022 4552 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
2011/08/31 19:05:39.0163 4552 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
2011/08/31 19:05:39.0303 4552 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
2011/08/31 19:05:39.0428 4552 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
2011/08/31 19:05:39.0537 4552 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
2011/08/31 19:05:39.0631 4552 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
2011/08/31 19:05:39.0724 4552 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
2011/08/31 19:05:39.0833 4552 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/08/31 19:05:39.0911 4552 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/08/31 19:05:40.0021 4552 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
2011/08/31 19:05:40.0130 4552 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
2011/08/31 19:05:40.0239 4552 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
2011/08/31 19:05:40.0333 4552 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
2011/08/31 19:05:40.0426 4552 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/08/31 19:05:40.0551 4552 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
2011/08/31 19:05:40.0645 4552 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
2011/08/31 19:05:40.0754 4552 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
2011/08/31 19:05:40.0894 4552 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
2011/08/31 19:05:41.0035 4552 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
2011/08/31 19:05:41.0159 4552 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys
2011/08/31 19:05:41.0284 4552 RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\windows\system32\drivers\RtHDMIVX.sys
2011/08/31 19:05:41.0409 4552 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\windows\system32\DRIVERS\Rt64win7.sys
2011/08/31 19:05:41.0534 4552 RTL8192Ce (ffc748d848740d1bc8f330a8879c2674) C:\windows\system32\DRIVERS\rtl8192Ce.sys
2011/08/31 19:05:41.0627 4552 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
2011/08/31 19:05:41.0752 4552 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
2011/08/31 19:05:41.0877 4552 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
2011/08/31 19:05:42.0017 4552 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
2011/08/31 19:05:42.0095 4552 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
2011/08/31 19:05:42.0205 4552 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
2011/08/31 19:05:42.0345 4552 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
2011/08/31 19:05:42.0454 4552 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
2011/08/31 19:05:42.0563 4552 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
2011/08/31 19:05:42.0673 4552 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
2011/08/31 19:05:42.0797 4552 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/08/31 19:05:42.0907 4552 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
2011/08/31 19:05:43.0016 4552 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
2011/08/31 19:05:43.0187 4552 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
2011/08/31 19:05:43.0312 4552 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
2011/08/31 19:05:43.0421 4552 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
2011/08/31 19:05:43.0531 4552 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
2011/08/31 19:05:43.0640 4552 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
2011/08/31 19:05:43.0765 4552 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
2011/08/31 19:05:43.0905 4552 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
2011/08/31 19:05:44.0108 4552 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\windows\system32\drivers\tcpip.sys
2011/08/31 19:05:44.0279 4552 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\windows\system32\DRIVERS\tcpip.sys
2011/08/31 19:05:44.0389 4552 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
2011/08/31 19:05:44.0513 4552 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/08/31 19:05:44.0591 4552 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
2011/08/31 19:05:44.0701 4552 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
2011/08/31 19:05:44.0825 4552 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
2011/08/31 19:05:44.0935 4552 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
2011/08/31 19:05:45.0169 4552 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/08/31 19:05:45.0262 4552 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
2011/08/31 19:05:45.0387 4552 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
2011/08/31 19:05:45.0496 4552 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/08/31 19:05:45.0699 4552 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
2011/08/31 19:05:45.0839 4552 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
2011/08/31 19:05:45.0949 4552 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
2011/08/31 19:05:46.0089 4552 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
2011/08/31 19:05:46.0198 4552 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
2011/08/31 19:05:46.0292 4552 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
2011/08/31 19:05:46.0417 4552 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
2011/08/31 19:05:46.0526 4552 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
2011/08/31 19:05:46.0619 4552 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
2011/08/31 19:05:46.0729 4552 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
2011/08/31 19:05:46.0838 4552 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
2011/08/31 19:05:46.0947 4552 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
2011/08/31 19:05:47.0072 4552 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
2011/08/31 19:05:47.0181 4552 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\drivers\USBSTOR.SYS
2011/08/31 19:05:47.0306 4552 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
2011/08/31 19:05:47.0431 4552 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
2011/08/31 19:05:47.0571 4552 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
2011/08/31 19:05:47.0696 4552 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
2011/08/31 19:05:47.0789 4552 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
2011/08/31 19:05:47.0930 4552 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
2011/08/31 19:05:48.0055 4552 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
2011/08/31 19:05:48.0148 4552 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
2011/08/31 19:05:48.0257 4552 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
2011/08/31 19:05:48.0367 4552 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
2011/08/31 19:05:48.0476 4552 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
2011/08/31 19:05:48.0632 4552 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
2011/08/31 19:05:48.0741 4552 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
2011/08/31 19:05:48.0835 4552 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
2011/08/31 19:05:48.0959 4552 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
2011/08/31 19:05:49.0084 4552 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
2011/08/31 19:05:49.0131 4552 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
2011/08/31 19:05:49.0256 4552 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
2011/08/31 19:05:49.0381 4552 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
2011/08/31 19:05:49.0537 4552 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
2011/08/31 19:05:49.0615 4552 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
2011/08/31 19:05:49.0771 4552 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
2011/08/31 19:05:49.0895 4552 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
2011/08/31 19:05:50.0036 4552 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
2011/08/31 19:05:50.0176 4552 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/08/31 19:05:50.0270 4552 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
2011/08/31 19:05:50.0285 4552 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/08/31 19:05:50.0317 4552 Boot (0x1200) (197be55ef42893be1a665a2f0ffd1a48) \Device\Harddisk0\DR0\Partition0
2011/08/31 19:05:50.0332 4552 Boot (0x1200) (a118321ffc05fa90b7948e9b024ca824) \Device\Harddisk1\DR1\Partition0
2011/08/31 19:05:50.0332 4552 ================================================================================
2011/08/31 19:05:50.0332 4552 Scan finished
2011/08/31 19:05:50.0332 4552 ================================================================================
2011/08/31 19:05:50.0348 2924 Detected object count: 0
2011/08/31 19:05:50.0348 2924 Actual detected object count: 0

*****************************************************************************

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-08-31 19:08:01
-----------------------------
19:08:01.755 OS Version: Windows x64 6.1.7601 Service Pack 1
19:08:01.755 Number of processors: 2 586 0x603
19:08:01.755 ComputerName: LINDA-PC UserName: Linda
19:08:03.221 Initialize success
19:08:12.945 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
19:08:12.945 Disk 0 Vendor: TOSHIBA_ GC00 Size: 476940MB BusType: 11
19:08:12.961 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000083
19:08:12.961 Disk 1 Vendor: Size: 476940MB BusType: 0
19:08:15.051 Disk 0 MBR read successfully
19:08:15.051 Disk 0 MBR scan
19:08:15.067 Disk 0 Windows VISTA default MBR code
19:08:15.067 Service scanning
19:08:15.769 Service MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
19:08:16.362 Modules scanning
19:08:16.362 Disk 0 trace - called modules:
19:08:16.408 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800438fee0]<<
19:08:16.408 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c6a060]
19:08:16.424 Scan finished successfully
19:09:10.546 Disk 0 MBR has been saved successfully to "C:\Users\Linda\Desktop\MBR.dat"
19:09:10.561 The log file has been saved successfully to "C:\Users\Linda\Desktop\aswMBR.txt"
  • 0

Advertisements


#2
lkaz

lkaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I followed the directions from this post: http://www.geekstogo...s-in-windows-7/

In aswMBR:

This is YELLOW
19:08:15.769 Service MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

This is RED
19:08:16.408 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800438fee0]<<

Edited by lkaz, 31 August 2011 - 07:21 PM.

  • 0

#3
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello lkaz and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed
Step 1

Can you please ZIP this file

C:\Users\Linda\Desktop\MBR.dat

and attach it in your next reply.

Step 2

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{08019d3c-d3d8-11df-ac5d-88ae1d5a8347}\Shell - "" = AutoRun
    O33 - MountPoints2\{08019d3c-d3d8-11df-ac5d-88ae1d5a8347}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
    O33 - MountPoints2\{08019d4b-d3d8-11df-ac5d-88ae1d5a8347}\Shell - "" = AutoRun
    O33 - MountPoints2\{08019d4b-d3d8-11df-ac5d-88ae1d5a8347}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
    O33 - MountPoints2\{08019e8b-d3d8-11df-ac5d-88ae1d5a8347}\Shell - "" = AutoRun
    O33 - MountPoints2\{08019e8b-d3d8-11df-ac5d-88ae1d5a8347}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
    O33 - MountPoints2\{38c1b97d-b09e-11e0-acd6-88ae1d5a8347}\Shell - "" = AutoRun
    O33 - MountPoints2\{38c1b97d-b09e-11e0-acd6-88ae1d5a8347}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
    O33 - MountPoints2\{4bea8733-e51f-11df-bc8a-88ae1d5a8347}\Shell - "" = AutoRun
    O33 - MountPoints2\{4bea8733-e51f-11df-bc8a-88ae1d5a8347}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\welcome.htm
    O33 - MountPoints2\{5f6ae253-a342-11e0-acaf-88ae1d5a8347}\Shell - "" = AutoRun
    O33 - MountPoints2\{5f6ae253-a342-11e0-acaf-88ae1d5a8347}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\welcome.htm
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
    [2011/08/18 11:54:36 | 000,009,132 | -HS- | M] () -- C:\Users\Linda\AppData\Local\7w3r8gvdy50kjw603x4x2e47uo344v2gr0
    [2011/08/08 11:40:24 | 000,009,254 | -HS- | M] () -- C:\ProgramData\7w3r8gvdy50kjw603x4x2e47uo344v2gr0
    [2011/07/07 17:03:24 | 000,000,176 | ---- | C] () -- C:\ProgramData\~36757240r
    [2011/07/07 17:03:23 | 000,000,232 | ---- | C] () -- C:\ProgramData\~36757240
    [2011/07/07 17:03:13 | 000,000,344 | ---- | C] () -- C:\ProgramData\36757240
    [2011/07/07 14:59:16 | 000,000,336 | ---- | C] () -- C:\ProgramData\37412600

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [resethosts]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Please download MBRCheck.exe to your desktop.

  • Double click to run it
  • It will prompt you with some text
  • A text file named MBRCheck[date].txt will be generated on your desktop
  • Now paste that text here for me.
Step 4

Please don't forget to include these items in your reply:

  • Zipped MBR.dat file
  • OTL fix log
  • MBRCheck log
It would be helpful if you could post each log in separate post
  • 0

#4
lkaz

lkaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hi maliprog -thanks for your help.

(1.) MBR.dat

3ĄˇŠ¼

That's all tha is in there - I used a file opener program to open it.

(2.) OTL fix log

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08019d3c-d3d8-11df-ac5d-88ae1d5a8347}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08019d3c-d3d8-11df-ac5d-88ae1d5a8347}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08019d3c-d3d8-11df-ac5d-88ae1d5a8347}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08019d3c-d3d8-11df-ac5d-88ae1d5a8347}\ not found.
File E:\VZAccess_Manager.exe /z detect not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08019d4b-d3d8-11df-ac5d-88ae1d5a8347}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08019d4b-d3d8-11df-ac5d-88ae1d5a8347}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08019d4b-d3d8-11df-ac5d-88ae1d5a8347}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08019d4b-d3d8-11df-ac5d-88ae1d5a8347}\ not found.
File E:\VZAccess_Manager.exe /z detect not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08019e8b-d3d8-11df-ac5d-88ae1d5a8347}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08019e8b-d3d8-11df-ac5d-88ae1d5a8347}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08019e8b-d3d8-11df-ac5d-88ae1d5a8347}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08019e8b-d3d8-11df-ac5d-88ae1d5a8347}\ not found.
File E:\WIN\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38c1b97d-b09e-11e0-acd6-88ae1d5a8347}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38c1b97d-b09e-11e0-acd6-88ae1d5a8347}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38c1b97d-b09e-11e0-acd6-88ae1d5a8347}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38c1b97d-b09e-11e0-acd6-88ae1d5a8347}\ not found.
File E:\VZAccess_Manager.exe /z detect not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4bea8733-e51f-11df-bc8a-88ae1d5a8347}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4bea8733-e51f-11df-bc8a-88ae1d5a8347}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4bea8733-e51f-11df-bc8a-88ae1d5a8347}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4bea8733-e51f-11df-bc8a-88ae1d5a8347}\ not found.
File C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\welcome.htm not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f6ae253-a342-11e0-acaf-88ae1d5a8347}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f6ae253-a342-11e0-acaf-88ae1d5a8347}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f6ae253-a342-11e0-acaf-88ae1d5a8347}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f6ae253-a342-11e0-acaf-88ae1d5a8347}\ not found.
File C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\welcome.htm not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\VZAccess_Manager.exe /z detect not found.
C:\Users\Linda\AppData\Local\7w3r8gvdy50kjw603x4x2e47uo344v2gr0 moved successfully.
C:\ProgramData\7w3r8gvdy50kjw603x4x2e47uo344v2gr0 moved successfully.
C:\ProgramData\~36757240r moved successfully.
C:\ProgramData\~36757240 moved successfully.
C:\ProgramData\36757240 moved successfully.
C:\ProgramData\37412600 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Linda\Desktop\Virus Removal\cmd.bat deleted successfully.
C:\Users\Linda\Desktop\Virus Removal\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Linda
->Temp folder emptied: 110372697 bytes
->Temporary Internet Files folder emptied: 219753185 bytes
->Java cache emptied: 8757824 bytes
->Flash cache emptied: 145121 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70530420 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 391.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Linda
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.7 log created on 09012011_091749

Files\Folders moved on Reboot...
C:\Users\Linda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Linda\AppData\Local\Temp\~DF8A92AEEFA78E7312.TMP not found!
File\Folder C:\Users\Linda\AppData\Local\Temp\~DFB89D12BA5C9B4432.TMP not found!
File\Folder C:\Users\Linda\AppData\Local\Temp\~DFFE040AC3EFFCA0BA.TMP not found!
File\Folder C:\Users\Linda\AppData\Local\Temp\~DFFFF41036969F68AC.TMP not found!
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W520I6KY\likeCAA4YHNG.htm moved successfully.
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W520I6KY\login_statusCA9QX9WH.htm moved successfully.
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W520I6KY\tc_at12[1].htm moved successfully.
File\Folder C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N9QFXM9E\01[2].htm not found!
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N9QFXM9E\fastbuttonCAAQO9C9.htm moved successfully.
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N9QFXM9E\login_statusCAVC7AWH.htm moved successfully.
File\Folder C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N9QFXM9E\mail[3].htm not found!
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N9QFXM9E\page__pid__2055969[1].htm moved successfully.
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N9QFXM9E\refresh[1].htm moved successfully.
File\Folder C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N9QFXM9E\windows-7[1].htm not found!
File\Folder C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MH5344NN\ADSAdClient31[1].htm not found!
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MH5344NN\mail[5].htm moved successfully.
File\Folder C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KYIR76ET\mail[3].htm not found!
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G5ZEYVCW\windows-7[1].htm moved successfully.
File\Folder C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CX98XCGW\01[3].htm not found!
File\Folder C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CX98XCGW\ADSAdClient31[1].htm not found!
File\Folder C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CX98XCGW\mail[9].htm not found!
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CX98XCGW\openhand[1].cur moved successfully.
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CX98XCGW\weather_gov[1].htm moved successfully.
File\Folder C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5PW3NWDF\likeCA2ZT1EH.htm not found!
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5PW3NWDF\protect-pc[1].htm moved successfully.
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5PW3NWDF\verizonapex-book-webfont[1].eot moved successfully.
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5PW3NWDF\vzw_jquery[1].css moved successfully.
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0OEA3TWF\mail[3].htm moved successfully.

Registry entries deleted on Reboot...
  • 0

#5
lkaz

lkaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
(3.) MBRcheck

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite L675D
Logical Drives Mask: 0x0000005c

Kernel Drivers (total 200):
0x0300D000 \SystemRoot\system32\ntoskrnl.exe
0x035F6000 \SystemRoot\system32\hal.dll
0x00B99000 \SystemRoot\system32\kdcom.dll
0x00C61000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C6E000 \SystemRoot\system32\PSHED.dll
0x00C82000 \SystemRoot\system32\CLFS.SYS
0x00CE0000 \SystemRoot\system32\CI.dll
0x00E9C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F40000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F4F000 \SystemRoot\system32\drivers\ACPI.sys
0x00FA6000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FAF000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FB9000 \SystemRoot\system32\drivers\pci.sys
0x00FEC000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E00000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x00E0F000 \SystemRoot\System32\drivers\partmgr.sys
0x00E24000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E2D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E39000 \SystemRoot\system32\drivers\volmgr.sys
0x00DA0000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E4E000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E68000 \SystemRoot\system32\drivers\pciide.sys
0x00E6F000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E7F000 \SystemRoot\system32\drivers\atapi.sys
0x00C00000 \SystemRoot\system32\drivers\ataport.SYS
0x00E88000 \SystemRoot\system32\drivers\msahci.sys
0x00C2A000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x0104E000 \SystemRoot\system32\DRIVERS\storport.sys
0x010B1000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010BC000 \SystemRoot\system32\drivers\fltmgr.sys
0x01108000 \SystemRoot\system32\drivers\fileinfo.sys
0x01210000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0111C000 \SystemRoot\System32\Drivers\msrpc.sys
0x013B3000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0117A000 \SystemRoot\System32\Drivers\cng.sys
0x013CE000 \SystemRoot\System32\drivers\pcw.sys
0x013DF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01434000 \SystemRoot\system32\drivers\ndis.sys
0x01527000 \SystemRoot\system32\drivers\NETIO.SYS
0x01587000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x016B4000 \SystemRoot\System32\drivers\tcpip.sys
0x018B8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01902000 \SystemRoot\system32\drivers\volsnap.sys
0x0194E000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x01953000 \SystemRoot\System32\Drivers\spldr.sys
0x0195B000 \SystemRoot\System32\drivers\rdyboost.sys
0x01995000 \SystemRoot\System32\Drivers\mup.sys
0x019A7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x019B0000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x019EA000 \SystemRoot\system32\DRIVERS\disk.sys
0x01600000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01630000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x01677000 \SystemRoot\system32\drivers\cdrom.sys
0x015B2000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x016A1000 \SystemRoot\System32\Drivers\Null.SYS
0x016AA000 \SystemRoot\System32\Drivers\Beep.SYS
0x015E3000 \SystemRoot\System32\drivers\vga.sys
0x01400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x013E9000 \SystemRoot\System32\drivers\watchdog.sys
0x01425000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x015F1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01200000 \SystemRoot\system32\drivers\rdprefmp.sys
0x011EC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01000000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01011000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01033000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03A11000 \SystemRoot\system32\drivers\afd.sys
0x03A9A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03ADF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03AE8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B0E000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03B24000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03B33000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03B4E000 \SystemRoot\system32\drivers\termdd.sys
0x03B62000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03BB3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03BBF000 \SystemRoot\system32\drivers\mssmbios.sys
0x03BCA000 \SystemRoot\System32\drivers\discache.sys
0x03BD9000 \SystemRoot\System32\Drivers\dfsc.sys
0x03A00000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02C92000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02CB8000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x0489D000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x04F0C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04800000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04846000 \SystemRoot\system32\drivers\HDAudBus.sys
0x02CEC000 \SystemRoot\system32\DRIVERS\rtl8192Ce.sys
0x0486A000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x02C00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04877000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x04881000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0407F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x040D5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x040E6000 \SystemRoot\system32\drivers\i8042prt.sys
0x04104000 \SystemRoot\system32\drivers\kbdclass.sys
0x04113000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04118000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0416A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0416C000 \SystemRoot\system32\drivers\mouclass.sys
0x0417B000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x04190000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
0x04197000 \SystemRoot\system32\drivers\CompositeBus.sys
0x041A7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x041BD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x041E1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04000000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0402F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0404A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02C51000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0406B000 \SystemRoot\system32\drivers\swenum.sys
0x04236000 \SystemRoot\system32\drivers\ks.sys
0x04279000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0x042BD000 \SystemRoot\system32\drivers\umbus.sys
0x042CF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04329000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0433E000 \SystemRoot\system32\drivers\RtHDMIVX.sys
0x04371000 \SystemRoot\system32\drivers\portcls.sys
0x043AE000 \SystemRoot\system32\drivers\drmk.sys
0x043D0000 \SystemRoot\system32\drivers\ksthunk.sys
0x05808000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x05A38000 \SystemRoot\System32\drivers\Dxapi.sys
0x05A44000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05A52000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x05A5C000 \SystemRoot\System32\Drivers\dump_amdsata.sys
0x05A70000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05A83000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x05A9E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05ABB000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05AE9000 \SystemRoot\system32\DRIVERS\pgeffect.sys
0x05AF0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004F0000 \SystemRoot\System32\TSDDD.dll
0x05AFE000 \SystemRoot\system32\drivers\hidusb.sys
0x05B0C000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x05B25000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x05B2E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00610000 \SystemRoot\System32\cdd.dll
0x05B3B000 \SystemRoot\system32\drivers\luafv.sys
0x05B5E000 \SystemRoot\system32\drivers\WudfPf.sys
0x05B7F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05B94000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05BE7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x043D6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x043EE000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x03802000 \SystemRoot\system32\drivers\HTTP.sys
0x038CB000 \SystemRoot\System32\Drivers\fastfat.SYS
0x03901000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0391F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03937000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03964000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x039B2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0622C000 \SystemRoot\system32\drivers\peauth.sys
0x062D2000 \SystemRoot\System32\Drivers\secdrv.SYS
0x062DD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0630E000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06320000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07033000 \SystemRoot\System32\DRIVERS\srv.sys
0x070CB000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x070E3000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x07185000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x07114000 \SystemRoot\System32\Drivers\RtsUStor.sys
0x779B0000 \Windows\System32\ntdll.dll
0x47A40000 \Windows\System32\smss.exe
0xFFCD0000 \Windows\System32\apisetschema.dll
0xFF780000 \Windows\System32\autochk.exe
0xFFBB0000 \Windows\System32\msctf.dll
0xFFB90000 \Windows\System32\sechost.dll
0xFFB20000 \Windows\System32\gdi32.dll
0xFFA80000 \Windows\System32\comdlg32.dll
0xFF9A0000 \Windows\System32\oleaut32.dll
0xFF990000 \Windows\System32\lpk.dll
0x77B80000 \Windows\System32\normaliz.dll
0xFF7B0000 \Windows\System32\setupapi.dll
0xFF680000 \Windows\System32\rpcrt4.dll
0xFF5B0000 \Windows\System32\usp10.dll
0xFF5A0000 \Windows\System32\nsi.dll
0xFF540000 \Windows\System32\Wldap32.dll
0xFF4C0000 \Windows\System32\difxapi.dll
0x778B0000 \Windows\System32\user32.dll
0xFF4A0000 \Windows\System32\imagehlp.dll
0x77B70000 \Windows\System32\psapi.dll
0xFE710000 \Windows\System32\shell32.dll
0xFE5E0000 \Windows\System32\wininet.dll
0xFE560000 \Windows\System32\shlwapi.dll
0xFE530000 \Windows\System32\imm32.dll
0xFE3B0000 \Windows\System32\urlmon.dll
0xFE360000 \Windows\System32\ws2_32.dll
0xFE2C0000 \Windows\System32\msvcrt.dll
0xFE220000 \Windows\System32\clbcatq.dll
0xFE010000 \Windows\System32\ole32.dll
0x77790000 \Windows\System32\kernel32.dll
0xFDF30000 \Windows\System32\advapi32.dll
0xFDCD0000 \Windows\System32\iertutil.dll
0xFDC90000 \Windows\System32\wintrust.dll
0xFDBF0000 \Windows\System32\comctl32.dll
0xFDBD0000 \Windows\System32\devobj.dll
0xFDB60000 \Windows\System32\KernelBase.dll
0xFD9F0000 \Windows\System32\crypt32.dll
0xFD9B0000 \Windows\System32\cfgmgr32.dll
0xFD9A0000 \Windows\System32\msasn1.dll

Processes (total 67):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
404 csrss.exe
468 C:\Windows\System32\wininit.exe
500 csrss.exe
532 C:\Windows\System32\services.exe
548 C:\Windows\System32\lsass.exe
556 C:\Windows\System32\lsm.exe
644 C:\Windows\System32\winlogon.exe
700 C:\Windows\System32\svchost.exe
772 C:\Windows\System32\svchost.exe
876 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
936 C:\Windows\System32\atiesrxx.exe
968 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
284 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\audiodg.exe
1120 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\atieclxx.exe
1512 C:\Windows\System32\spoolsv.exe
1556 C:\Windows\System32\svchost.exe
1648 C:\Windows\System32\svchost.exe
1760 C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
1824 C:\Windows\System32\svchost.exe
1868 C:\Windows\System32\TODDSrv.exe
1920 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
2004 C:\Program Files\TOSHIBA\TECO\TecoService.exe
2040 C:\Windows\System32\SearchIndexer.exe
2140 C:\Windows\System32\dwm.exe
2164 C:\Windows\explorer.exe
2184 C:\Windows\System32\taskhost.exe
2444 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2564 WUDFHost.exe
2636 C:\Windows\System32\rundll32.exe
2816 C:\Windows\System32\svchost.exe
2096 C:\Windows\notepad.exe
1356 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1600 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
2376 C:\Program Files\Microsoft Security Client\msseces.exe
2972 C:\Program Files\Windows Sidebar\sidebar.exe
1456 C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
2960 C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
2916 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
3124 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3276 C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
3508 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3776 C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
3040 C:\Program Files (x86)\Internet Explorer\iexplore.exe
388 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1912 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
2500 WmiPrvSE.exe
180 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
2724 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
3900 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
3300 C:\Windows\System32\wuauclt.exe
1572 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3916 C:\Windows\notepad.exe
1532 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
3864 C:\Windows\splwow64.exe
5100 C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
4924 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4176 C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
3696 C:\Windows\notepad.exe
4064 C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYT20WCH\MBRCheck[1].exe
3052 C:\Windows\System32\conhost.exe
3064 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK5055GSXN, Rev: GC002M

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!

Edited by lkaz, 01 September 2011 - 08:00 AM.

  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please read Step 1 one more time. I sad ZIP it and attach it to your next reply.

When you click Reply button to answer me there is Browse... button on the end of editor. Click Browse... button and navigate to ZIP archive of:

C:\Users\Linda\Desktop\MBR.dat

Click Attach This File button to add file to your post.
  • 0

#7
lkaz

lkaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
OK - I do believe it is attached as a zip file...

Attached Files


  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Good job! Please test your system for redirection after this step.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#9
lkaz

lkaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
OK - ComboFix log report is below. BUT I can not doubleclick on any icon and run the executable file. I must right-click and the tell it to "Run As Administrator".
The error is the same for any .exe.

Here it is when I try to load IE:
C:\ProgramFiles(x86)\Internet Explorer\iexplore.exe
Illegal operation atempted on a registry key that has been marked for deletion.


****************************************************************************************************************************************************
ComboFix 11-09-01.03 - Linda 09/01/2011 13:52:01.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2374 [GMT -4:00]
Running from: c:\users\Linda\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Linda\AppData\Local\Temp\8D02.tmp
c:\users\Linda\AppData\Roaming\Microsoft\Windows\Recent\pc app.appref-ms
.
.
((((((((((((((((((((((((( Files Created from 2011-08-01 to 2011-09-01 )))))))))))))))))))))))))))))))
.
.
2011-09-01 17:55 . 2011-09-01 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-01 13:51 . 2011-02-10 23:34 6600192 ----a-w- c:\windows\SysWow64\licprotector310.exe
2011-09-01 13:51 . 2011-09-01 13:53 -------- d-----w- c:\users\Linda\AppData\Local\Free File Opener
2011-09-01 13:51 . 2011-09-01 13:51 -------- d-----w- c:\program files (x86)\Free File Opener
2011-09-01 13:17 . 2011-09-01 13:17 -------- d-----w- C:\_OTL
2011-09-01 02:50 . 2011-09-01 02:50 110896 ----a-w- c:\windows\system32\drivers\76734252.sys
2011-09-01 02:38 . 2011-09-01 02:48 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-01 02:38 . 2011-09-01 02:38 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-09-01 02:37 . 2011-09-01 02:45 -------- d-----w- c:\programdata\Hitman Pro
2011-08-31 20:14 . 2011-08-31 20:14 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-31 20:14 . 2011-08-31 20:14 -------- d-----w- c:\program files\Java
2011-08-31 19:49 . 2011-08-31 20:07 -------- d-----w- c:\program files (x86)\FileHippo.com
2011-08-31 19:42 . 2010-01-10 23:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2011-08-31 19:42 . 2011-08-31 19:42 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-08-31 19:38 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-31 19:38 . 2011-08-31 19:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-31 18:11 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E7F5C371-1D05-47E3-886D-D0DD8D7081AB}\mpengine.dll
2011-08-30 16:21 . 2011-08-30 16:21 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-08-29 17:59 . 2011-08-30 00:27 -------- d-----w- c:\users\Linda\AppData\Roaming\Skype
2011-08-29 17:59 . 2011-08-29 17:59 -------- d-----r- c:\program files (x86)\Skype
2011-08-29 17:59 . 2011-08-29 17:59 -------- d-----w- c:\programdata\Skype
2011-08-24 14:31 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 14:31 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 14:37 . 2011-08-30 15:36 -------- d-----w- c:\users\Linda\AppData\Local\ElevatedDiagnostics
2011-08-23 13:38 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-23 00:59 . 2011-08-23 01:50 -------- d-----w- C:\Music MP3
2011-08-11 22:31 . 2011-08-11 22:31 -------- d-----w- c:\windows\system32\SPReview
2011-08-11 22:31 . 2011-08-11 22:31 -------- d-----w- c:\windows\system32\EventProviders
2011-08-11 13:07 . 2011-07-13 14:49 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-11 13:06 . 2011-07-13 14:49 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A279D90F-F6BA-407A-8525-C3A7EB6C7898}\gapaengine.dll
2011-08-10 14:35 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-08-10 14:33 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-10 14:33 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 14:33 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 19:34 . 2010-10-20 12:40 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-08-31 15:00 . 2010-10-25 01:43 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-08-31 14:59 . 2010-10-18 14:10 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-08-31 14:58 . 2010-10-18 13:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-08-29 13:58 . 2010-10-16 13:31 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-08-29 13:47 . 2010-10-16 13:19 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-08-12 04:10 . 2010-11-16 19:03 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-11 22:43 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-11 22:43 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-16 04:26 . 2011-08-10 14:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-06 23:52 . 2011-07-07 22:29 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-11 03:07 . 2011-07-13 14:54 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-23 39408]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 136176]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [x]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [x]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 00:58]
.
2011-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 00:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://forecast.weather.gov/MapClick.php?CityName=Roebuck&state=SC&site=GSP&textField1=34.8761&textField2=-81.9642&e=0
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: Interfaces\{4DD15D8A-DF70-47F2-BA5B-0C680BCBF063}: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-01 14:17:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-01 18:17
.
Pre-Run: 444,547,190,784 bytes free
Post-Run: 444,417,523,712 bytes free
.
- - End Of File - - E4AD03C27F232AC42552DA546D423AC6
  • 0

#10
lkaz

lkaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Icons that give an error when double-clicked:

Verizon
SpyBlaster
Microsoft Essentials
MalwareBytes
Basically every icon on my desktop and in my taskbar.

After clicking OK for the error this window comes up:

Can't open this item.
It might have been moved, renamed, or deleted. do you want to remove item?


I clicked "No" - waiting for your direction...
  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please restart your system and try to run programs again.
  • 0

#12
lkaz

lkaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Looks like all is well. This website takes a while to load - perhaps it is my internet connection - I use an air card.

What did the log files reveal? Was there an infection and does it looked clean now?
Should I delete ComboFix, OTL, and MBR?

What else can I do to prevent this infection?
I have a firewall turned on as part of Windows 7.
I use Microsoft Essentialsfor anti-viral.
I use SpyBlaster for spyware.
I have MalwareBytes - should I use that if I am using Microsoft essential.
I also have the trial version of Hitman Pro 3.5.

Overkill?

I can not tell you how much I appreciate your help - I wish those people who create these nightmares would use ther experise in an honorable way like you guys on geeks to go!

Edited by lkaz, 01 September 2011 - 03:10 PM.

  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
First your questions...

Windows Firewall and Essentials are good and you can keep them. SpyBlaster and MalwareBytes are antimalware programs and you can keep them as long as ONLY ONE real time protection is active.

You can remove Hitman Pro 3.5 because you have trial version and you don't need it beside all these programs you have already installed.

Now please do this scan and post log here for me because we are not done jet :)

Step 1

Please update your Malwarebytes and do Quick Scan then post log here for me.
  • 0

#14
lkaz

lkaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7633

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

9/1/2011 9:28:32 PM
mbam-log-2011-09-01 (21-28-32).txt

Scan type: Full scan (C:\|)
Objects scanned: 296378
Time elapsed: 36 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi lkaz,

I wish those people who create these nightmares would use ther experise in an honorable way like you guys on geeks to go!


I agree with you. Some people enjoy hurting and some enjoy helping others. I'm glad I belong to second group :)

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP