Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Suspected Rootkit.0Access [Solved]

Started by nubiwan , Mar 31 2012 07:28 AM

  • This topic is locked This topic is locked

#1
nubiwan
Posted 31 March 2012 - 07:28 AM

nubiwan

    Member

  • Member
  • PipPip
  • 14 posts
My laptop keeps playing short sound files that sound like parts of infomercials. MY IE is sluggish as well at times. They last perhaps a second and play intermittently all the time. The only thing I can relat this to was that Malware bytes issued a rootkit.0access message about 5 times before the 'infection' began. I responded to quarantine the file, and also ran MBAM. It found the file and made me reboot. i still have the soudfile playing, Most irritating if nothing else.

Here is my OTL log.

OTL logfile created on: 3/31/2012 9:20:24 AM - Run 6
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Tonerama\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 79.42% Memory free
5.85 Gb Paging File | 5.27 Gb Available in Paging File | 90.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 583.51 Gb Total Space | 471.80 Gb Free Space | 80.85% Space Free | Partition Type: NTFS

Computer Name: TONERAMA-PC | User Name: Tonerama | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/22 08:50:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\OTL - Copy.exe
PRC - [2010/11/20 09:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AdfuUd.dll -- (zpcollector)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\YCNTZNENZ.exe -- (YCNTZNENZ)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\transbaseservice.dll -- (nwlnkspx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wlluc48.dll -- (LwUsbHid)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\LQUMIP.exe -- (LQUMIP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s716mgmt.dll -- (isdrv120)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvs.dll -- (Hardlock)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ulcdrhlp.dll -- (bwcsrv)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\BQPFU.exe -- (BQPFU)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\BPLGQPF.exe -- (BPLGQPF)
SRV - [2012/03/31 09:16:46 | 000,351,104 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\temp\KSJVHCZQULC.exe -- (KSJVHCZQULC)
SRV - [2012/03/29 12:38:36 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/09/17 03:00:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/10/12 15:29:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/17 20:26:22 | 000,189,808 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2010/03/14 23:26:08 | 000,172,032 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/03/03 19:12:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/03 19:11:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/02/23 22:23:32 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2010/02/05 22:11:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010/01/28 21:14:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/11/06 02:34:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/10/06 13:51:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/07/28 20:13:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 22:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/10 23:21:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/12/10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 07:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 07:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/04/27 05:52:42 | 001,011,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/03/31 19:19:52 | 000,517,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/03/14 23:35:44 | 005,340,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010/03/14 22:30:44 | 000,152,064 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/02/22 22:33:32 | 000,066,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/02/10 19:31:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/03 10:06:34 | 000,232,960 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2010/02/01 14:59:46 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/09/17 17:24:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/07/30 22:15:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/14 19:58:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 19:43:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/07 13:23:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/22 21:34:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/20 00:01:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSCA
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...TSCA_en___CA449
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/30 15:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}: C:\Users\Tonerama\AppData\Local\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}\ [2012/03/29 12:26:14 | 000,000,000 | ---D | M]

[2012/01/30 15:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tonerama\AppData\Roaming\Mozilla\Extensions
[2012/01/30 15:18:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/29 12:26:14 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\TONERAMA\APPDATA\LOCAL\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}
[2011/12/21 04:54:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 02:00:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 02:00:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/03/29 22:37:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [ACFinder] C:\Users\Tonerama\AppData\Local\AppCore\ACFinder\ACFinder.exe (CDIS)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 142.163.63.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81BA2DF6-ECBB-4EBF-AF3A-121A03E043B5}: DhcpNameServer = 192.168.2.1 142.163.63.129
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/31 09:20:10 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\OTL - Copy.exe
[2012/03/31 09:17:15 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/03/30 11:12:02 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\Desktop\SecureFiles
[2012/03/30 10:53:06 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\OTL.exe
[2012/03/30 10:48:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\TFC.exe
[2012/03/29 22:42:19 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/03/29 22:37:25 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/29 22:35:52 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Local\temp
[2012/03/29 22:23:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/03/29 22:23:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/03/29 22:23:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/03/29 22:23:41 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/03/29 22:23:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/29 22:22:48 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Tonerama\Desktop\RootkitRevealer.exe
[2012/03/29 12:38:36 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/03/29 12:26:14 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Local\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}
[2012/03/29 12:03:09 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Local\AppCore
[2012/03/25 18:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/25 18:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/03/22 08:10:44 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\Documents\P90
[2012/03/16 21:24:16 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Local\ElevatedDiagnostics
[2012/03/16 19:59:56 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\Documents\web pages
[2012/03/16 19:13:42 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\Documents\REI Books
[2012/03/14 09:16:35 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/03/14 09:16:34 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2012/03/14 09:16:24 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll
[2012/03/14 09:16:24 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll
[2012/03/14 09:16:24 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll
[2012/03/14 09:16:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdrmemptylst.exe

========== Files - Modified Within 30 Days ==========

[2012/03/31 09:19:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/31 09:19:31 | 2357,612,544 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/31 09:17:45 | 000,000,644 | ---- | M] () -- C:\windows\System32\secustat.dat
[2012/03/31 09:12:38 | 000,630,928 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/03/31 09:12:38 | 000,111,052 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/03/31 09:05:30 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/31 09:05:30 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/31 09:03:45 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/31 09:03:44 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/31 09:03:03 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/03/31 08:04:17 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At8.job
[2012/03/31 08:04:17 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At6.job
[2012/03/31 08:04:17 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At4.job
[2012/03/31 08:04:17 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At2.job
[2012/03/31 08:04:17 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At18.job
[2012/03/31 08:04:17 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At16.job
[2012/03/31 08:04:17 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At14.job
[2012/03/31 08:04:17 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At12.job
[2012/03/31 08:04:17 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At10.job
[2012/03/31 08:04:17 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At9.job
[2012/03/31 08:04:17 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At7.job
[2012/03/31 08:04:17 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At5.job
[2012/03/31 08:04:17 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At3.job
[2012/03/31 08:04:17 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At17.job
[2012/03/31 08:04:17 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At15.job
[2012/03/31 08:04:17 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At13.job
[2012/03/31 08:04:17 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At11.job
[2012/03/31 08:04:17 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At1.job
[2012/03/30 23:37:05 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At48.job
[2012/03/30 23:37:05 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At46.job
[2012/03/30 23:37:05 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At44.job
[2012/03/30 23:37:05 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At42.job
[2012/03/30 23:37:05 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At40.job
[2012/03/30 23:37:05 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At38.job
[2012/03/30 23:37:05 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At36.job
[2012/03/30 23:37:05 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At34.job
[2012/03/30 23:37:05 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At47.job
[2012/03/30 23:37:05 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At45.job
[2012/03/30 23:37:05 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At43.job
[2012/03/30 23:37:05 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At41.job
[2012/03/30 23:37:05 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At39.job
[2012/03/30 23:37:05 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At37.job
[2012/03/30 23:37:05 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At35.job
[2012/03/30 23:37:05 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At33.job
[2012/03/30 15:04:16 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At32.job
[2012/03/30 15:03:00 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At31.job
[2012/03/30 14:06:22 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At30.job
[2012/03/30 14:03:02 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At29.job
[2012/03/30 13:04:12 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At28.job
[2012/03/30 13:03:00 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At27.job
[2012/03/30 12:07:25 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At25.job
[2012/03/30 12:05:25 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At26.job
[2012/03/30 11:07:59 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At24.job
[2012/03/30 11:03:01 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At23.job
[2012/03/30 10:25:10 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At22.job
[2012/03/30 10:25:10 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At21.job
[2012/03/30 09:12:50 | 000,000,348 | ---- | M] () -- C:\windows\tasks\At20.job
[2012/03/30 09:08:38 | 000,000,346 | ---- | M] () -- C:\windows\tasks\At19.job
[2012/03/29 22:37:24 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/03/29 22:01:03 | 000,000,112 | ---- | M] () -- C:\ProgramData\GWV4LhQ.dat
[2012/03/29 21:47:00 | 000,099,328 | ---- | M] () -- C:\windows\System32\k5BF8M.com_
[2012/03/29 12:38:36 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/03/29 12:38:36 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/03/28 09:13:06 | 000,001,078 | ---- | M] () -- C:\Users\Tonerama\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/03/25 18:45:31 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/03/22 08:50:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\OTL.exe
[2012/03/22 08:50:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\OTL - Copy.exe
[2012/03/22 03:48:17 | 000,879,714 | ---- | M] () -- C:\Users\Tonerama\Desktop\SecurityCheck.exe
[2012/03/15 08:37:42 | 000,409,752 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/03/09 00:45:40 | 000,005,632 | ---- | M] () -- C:\Users\Tonerama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/03/31 09:03:45 | 000,000,886 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/31 09:03:44 | 000,000,882 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/30 10:53:20 | 000,879,714 | ---- | C] () -- C:\Users\Tonerama\Desktop\SecurityCheck.exe
[2012/03/29 22:23:46 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/03/29 22:23:46 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/03/29 22:23:46 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/03/29 22:23:46 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/03/29 22:23:46 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/03/29 21:46:34 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At48.job
[2012/03/29 21:46:34 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At46.job
[2012/03/29 21:46:34 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At44.job
[2012/03/29 21:46:34 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At42.job
[2012/03/29 21:46:34 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At40.job
[2012/03/29 21:46:34 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At47.job
[2012/03/29 21:46:34 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At45.job
[2012/03/29 21:46:34 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At43.job
[2012/03/29 21:46:34 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At41.job
[2012/03/29 21:46:34 | 000,000,112 | ---- | C] () -- C:\ProgramData\GWV4LhQ.dat
[2012/03/29 21:46:33 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At38.job
[2012/03/29 21:46:33 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At36.job
[2012/03/29 21:46:33 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At34.job
[2012/03/29 21:46:33 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At32.job
[2012/03/29 21:46:33 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At30.job
[2012/03/29 21:46:33 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At28.job
[2012/03/29 21:46:33 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At39.job
[2012/03/29 21:46:33 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At37.job
[2012/03/29 21:46:33 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At35.job
[2012/03/29 21:46:33 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At33.job
[2012/03/29 21:46:33 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At31.job
[2012/03/29 21:46:33 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At29.job
[2012/03/29 21:46:33 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At27.job
[2012/03/29 21:46:32 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At26.job
[2012/03/29 21:46:32 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At24.job
[2012/03/29 21:46:32 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At22.job
[2012/03/29 21:46:32 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At20.job
[2012/03/29 21:46:32 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At18.job
[2012/03/29 21:46:32 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At16.job
[2012/03/29 21:46:32 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At25.job
[2012/03/29 21:46:32 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At23.job
[2012/03/29 21:46:32 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At21.job
[2012/03/29 21:46:32 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At19.job
[2012/03/29 21:46:32 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At17.job
[2012/03/29 21:46:32 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At15.job
[2012/03/29 21:46:31 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At8.job
[2012/03/29 21:46:31 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At6.job
[2012/03/29 21:46:31 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At4.job
[2012/03/29 21:46:31 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At14.job
[2012/03/29 21:46:31 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At12.job
[2012/03/29 21:46:31 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At10.job
[2012/03/29 21:46:31 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At9.job
[2012/03/29 21:46:31 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At7.job
[2012/03/29 21:46:31 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At5.job
[2012/03/29 21:46:31 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At3.job
[2012/03/29 21:46:31 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At13.job
[2012/03/29 21:46:31 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At11.job
[2012/03/29 21:46:30 | 000,099,328 | ---- | C] () -- C:\windows\System32\k5BF8M.com_
[2012/03/29 21:46:30 | 000,000,348 | ---- | C] () -- C:\windows\tasks\At2.job
[2012/03/29 21:46:30 | 000,000,346 | ---- | C] () -- C:\windows\tasks\At1.job
[2012/03/29 12:38:37 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/02/07 23:36:01 | 000,005,632 | ---- | C] () -- C:\Users\Tonerama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 18:01:28 | 000,000,644 | ---- | C] () -- C:\windows\System32\secustat.dat
[2011/12/10 23:26:23 | 000,000,598 | ---- | C] () -- C:\windows\System32\secushr.dat
[2011/12/10 23:03:55 | 000,000,025 | ---- | C] () -- C:\windows\libem.INI
[2011/09/29 09:16:12 | 000,000,094 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/09/16 09:35:50 | 000,034,817 | ---- | C] () -- C:\windows\System32\icmrreg.dll
[2011/09/14 19:35:42 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011/09/14 19:21:04 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe
[2010/07/06 23:32:45 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 31 March 2012 - 07:39 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I see you have run combofix, could you post that log please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    ipconfig /flushdns /c
    C:\windows\tasks\At*.job

    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
nubiwan
Posted 31 March 2012 - 08:10 AM

nubiwan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here is the AVAST scan:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-31 11:27:06
-----------------------------
11:27:06.380 OS Version: Windows 6.1.7601 Service Pack 1
11:27:06.380 Number of processors: 2 586 0x2505
11:27:06.380 ComputerName: TONERAMA-PC UserName: Tonerama
11:27:25.958 Initialize success
11:28:11.703 AVAST engine defs: 12033100
11:28:17.662 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:28:17.662 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 610480MB BusType: 3
11:28:17.678 Disk 0 MBR read successfully
11:28:17.678 Disk 0 MBR scan
11:28:17.693 Disk 0 Windows VISTA default MBR code
11:28:17.709 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
11:28:17.724 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 597514 MB offset 3074048
11:28:17.756 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11465 MB offset 1226782720
11:28:17.787 Disk 0 scanning sectors +1250263040
11:28:17.896 Disk 0 scanning C:\windows\system32\drivers
11:28:34.385 Service scanning
11:29:26.630 Modules scanning
11:30:01.496 Disk 0 trace - called modules:
11:30:01.511 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
11:30:01.511 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87d42030]
11:30:01.527 3 CLASSPNP.SYS[8b59c59e] -> nt!IofCallDriver -> [0x8627d938]
11:30:01.527 5 ACPI.sys[8aea73d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86224028]
11:30:02.915 AVAST engine scan C:\windows
11:30:07.003 AVAST engine scan C:\windows\system32
11:30:52.477 File: C:\windows\system32\k5BF8M.com **INFECTED** Win32:Crypt-MEQ [Trj]
11:30:52.570 File: C:\windows\system32\k5BF8M.com_ **INFECTED** Win32:Crypt-MEQ [Trj]
11:33:03.002 AVAST engine scan C:\windows\system32\drivers
11:33:15.685 AVAST engine scan C:\Users\Tonerama
11:33:15.857 File: C:\Users\Tonerama\AppData\Local\AppCore\ACFinder\ACFinder.exe **INFECTED** Win32:Adware-gen [Adw]
11:36:02.512 AVAST engine scan C:\ProgramData
11:36:53.353 Scan finished successfully
11:37:26.050 Disk 0 MBR has been saved successfully to "C:\Users\Tonerama\Desktop\SecureFiles\MBR.dat"
11:37:26.050 The log file has been saved successfully to "C:\Users\Tonerama\Desktop\SecureFiles\aswMBR.txt"


Do you still need the combo fix scan. Where is the log kept? I recall it found a Rootkit problem, but obviouslt never fixed it.

TKS Nubi
  • 0

#4
Essexboy
Posted 31 March 2012 - 08:22 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It should be at C:\combofix.txt

aswMBR has highlighted two further files which I will remove now - then rerun OTL quickscan to see what remains - ensure that all users is selected please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    :Files
    ipconfig /flushdns /c
    C:\windows\system32\k5BF8M.com
    C:\windows\system32\k5BF8M.com_
    C:\Users\Tonerama\AppData\Local\AppCore\ACFinder\ACFinder.exe

    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
nubiwan
Posted 31 March 2012 - 08:47 AM

nubiwan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Cobo Fix log first:
ComboFix 12-03-29.02 - Tonerama 29/03/2012 22:29:27.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2998.2210 [GMT -2.5:30]
Running from: c:\downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tonerama\AppData\Local\Temp\dmamg.dll
c:\users\Tonerama\AppData\Local\Temp\kpstd.dll
c:\windows\$NtUninstallKB17760$
c:\windows\$NtUninstallKB17760$\1663182402\@
c:\windows\$NtUninstallKB17760$\1663182402\cfg.ini
c:\windows\$NtUninstallKB17760$\1663182402\Desktop.ini
c:\windows\$NtUninstallKB17760$\1663182402\L\xadqgnnk
c:\windows\$NtUninstallKB17760$\1663182402\oemid
c:\windows\$NtUninstallKB17760$\1663182402\U\00000001.@
c:\windows\$NtUninstallKB17760$\1663182402\U\00000002.@
c:\windows\$NtUninstallKB17760$\1663182402\U\00000004.@
c:\windows\$NtUninstallKB17760$\1663182402\U\80000000.@
c:\windows\$NtUninstallKB17760$\1663182402\U\80000004.@
c:\windows\$NtUninstallKB17760$\1663182402\U\80000032.@
c:\windows\$NtUninstallKB17760$\1663182402\version
c:\windows\$NtUninstallKB17760$\658382294
c:\windows\system32\cvsnt.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\dlapoolm.dll
c:\windows\system32\Thumbs.db
.
Infected copy of c:\windows\system32\drivers\tdx.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-30 01:05 . 2012-03-30 01:07 -------- d-----w- c:\users\Tonerama\AppData\Local\temp
2012-03-30 01:05 . 2012-03-30 01:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-30 00:57 . 2010-11-20 08:39 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-03-30 00:33 . 2012-03-30 00:17 99328 ----a-w- c:\windows\system32\k5BF8M.com
2012-03-29 15:08 . 2012-03-29 15:08 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 14:56 . 2012-03-29 14:56 -------- d-----w- c:\users\Tonerama\AppData\Local\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}
2012-03-29 14:33 . 2012-03-29 14:33 -------- d-----w- c:\users\Tonerama\AppData\Local\AppCore
2012-03-25 21:15 . 2012-03-25 21:15 -------- d-----w- c:\program files\Common Files\Skype
2012-03-16 23:54 . 2012-03-16 23:54 -------- d-----w- c:\users\Tonerama\AppData\Local\ElevatedDiagnostics
2012-03-14 11:46 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 11:46 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 11:46 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 11:46 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 11:46 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 11:46 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 11:46 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 11:46 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 15:08 . 2011-10-20 20:48 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-21 07:24 . 2012-01-30 17:48 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACFinder"="c:\users\Tonerama\AppData\Local\AppCore\ACFinder\ACFinder.exe" [2012-03-29 47616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 167960]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-22 496184]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-03 742712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-10-20 163840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2010-03-17 1328480]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-24 611672]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-03-09 467816]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Tonerama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-15 5340160]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-15 152064]
R3 BPLGQPF;BPLGQPF;c:\users\Tonerama\AppData\Local\Temp\BPLGQPF.exe [x]
R3 BQPFU;BQPFU;c:\users\Tonerama\AppData\Local\Temp\BQPFU.exe [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 LQUMIP;LQUMIP;c:\users\Tonerama\AppData\Local\Temp\LQUMIP.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 182304]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 111960]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 685424]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-17 1343400]
R3 YCNTZNENZ;YCNTZNENZ;c:\users\Tonerama\AppData\Local\Temp\YCNTZNENZ.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 172032]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2010-01-28 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-03-17 189808]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 132352]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-02-23 66600]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-27 1011232]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Hardlock
LwUsbHid
nwlnkspx
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
sddmi2
zpcollector
procmon10
isdrv120
bwcsrv
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:08]
.
2012-03-30 c:\windows\Tasks\At1.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At10.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At11.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At12.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At13.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At14.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At15.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At16.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At17.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At18.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At19.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At2.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At20.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At21.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At22.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At23.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At24.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At25.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At26.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At27.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At28.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At29.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At3.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At30.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At31.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At32.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At33.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At34.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At35.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At36.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At37.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At38.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At39.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At4.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At40.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At41.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At42.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At43.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At44.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At45.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At46.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At47.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At48.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At5.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At6.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At7.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At8.job
- c:\windows\system32\k5BF8M.com_ [2012-03-30 00:17]
.
2012-03-30 c:\windows\Tasks\At9.job
- c:\windows\system32\k5BF8M.com [2012-03-30 00:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ebay.com/
mStart Page = hxxp://www.toshiba.ca/welcome
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download all by FlashGet3 - c:\users\Tonerama\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Tonerama\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 142.163.63.129
FF - ProfilePath - c:\users\Tonerama\AppData\Roaming\Mozilla\Firefox\Profiles\bwsslsp2.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,9a,86,25,16,b9,39,4e,bc,5b,c4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,9a,86,25,16,b9,39,4e,bc,5b,c4,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\sppsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-03-29 22:42:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-30 01:12
.
Pre-Run: 507,131,551,744 bytes free
Post-Run: 507,334,287,360 bytes free
.
- - End Of File - - D5A017C6DC9F5900EF7CA997EB963D97
  • 0

#6
nubiwan
Posted 31 March 2012 - 08:54 AM

nubiwan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
MY OTL log after your fix:

OTL logfile created on: 3/31/2012 12:18:55 PM - Run 7
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Tonerama\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 63.19% Memory free
5.85 Gb Paging File | 4.68 Gb Available in Paging File | 79.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 583.51 Gb Total Space | 471.59 Gb Free Space | 80.82% Space Free | Partition Type: NTFS

Computer Name: TONERAMA-PC | User Name: Tonerama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/30 23:38:14 | 000,298,608 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/03/22 08:50:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\OTL - Copy.exe
PRC - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/11/20 09:47:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 09:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/03/22 15:07:22 | 000,496,184 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2010/03/17 21:03:10 | 001,328,480 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\Teco.exe
PRC - [2010/03/17 20:26:22 | 000,189,808 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2010/03/14 23:26:38 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/03/14 23:26:08 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/03/09 18:40:50 | 000,467,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
PRC - [2010/03/03 19:12:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 19:11:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/03 18:44:52 | 000,742,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2010/03/03 16:47:48 | 000,030,040 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2010/02/23 22:24:04 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2010/02/23 22:23:32 | 000,685,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2010/02/22 17:53:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/02/05 22:11:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2010/02/05 22:10:44 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2010/01/28 21:14:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/11/11 19:01:32 | 000,022,840 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
PRC - [2009/11/06 02:34:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/11/06 02:34:12 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/10/06 13:53:12 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/10/06 13:51:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/07/29 00:56:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 20:13:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 18:30:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/03/10 23:21:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/09/25 05:40:50 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files\FlashGet\flashget.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 09:35:27 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll
MOD - [2012/02/16 09:34:38 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/16 09:34:30 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/16 09:34:09 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 09:34:02 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/16 09:34:01 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/14 10:29:46 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/14 17:17:23 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2010/03/03 18:44:58 | 000,016,184 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
MOD - [2010/03/03 18:44:56 | 000,016,184 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
MOD - [2010/03/03 18:44:32 | 008,783,160 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2010/02/05 22:10:28 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2009/11/03 17:56:26 | 000,058,680 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009/07/25 15:37:12 | 000,058,704 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2009/06/22 20:08:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2009/03/12 23:38:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/06/15 04:05:38 | 000,626,688 | ---- | M] () -- C:\Program Files\FlashGet\FGBTCORE.dll
MOD - [2007/06/14 08:22:06 | 001,327,184 | ---- | M] () -- C:\Program Files\FlashGet\FGEMCORE.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AdfuUd.dll -- (zpcollector)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\YCNTZNENZ.exe -- (YCNTZNENZ)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\transbaseservice.dll -- (nwlnkspx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wlluc48.dll -- (LwUsbHid)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\LQUMIP.exe -- (LQUMIP)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\KSJVHCZQULC.exe -- (KSJVHCZQULC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s716mgmt.dll -- (isdrv120)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvs.dll -- (Hardlock)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ulcdrhlp.dll -- (bwcsrv)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\BQPFU.exe -- (BQPFU)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\BPLGQPF.exe -- (BPLGQPF)
SRV - [2012/03/29 12:38:36 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/09/17 03:00:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/10/12 15:29:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/17 20:26:22 | 000,189,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2010/03/14 23:26:08 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/03/03 19:12:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/03 19:11:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/02/23 22:23:32 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2010/02/05 22:11:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010/01/28 21:14:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/11/06 02:34:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/10/06 13:51:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/07/28 20:13:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 22:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/10 23:21:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/12/10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 07:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 07:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/04/27 05:52:42 | 001,011,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/03/31 19:19:52 | 000,517,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/03/14 23:35:44 | 005,340,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010/03/14 22:30:44 | 000,152,064 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/02/22 22:33:32 | 000,066,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/02/10 19:31:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/03 10:06:34 | 000,232,960 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2010/02/01 14:59:46 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/09/17 17:24:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/07/30 22:15:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/14 19:58:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 19:43:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/07 13:23:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/22 21:34:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/20 00:01:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSCA
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...TSCA_en___CA449
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/30 15:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}: C:\Users\Tonerama\AppData\Local\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}\ [2012/03/29 12:26:14 | 000,000,000 | ---D | M]

[2012/01/30 15:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tonerama\AppData\Roaming\Mozilla\Extensions
[2012/01/30 15:18:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/29 12:26:14 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\TONERAMA\APPDATA\LOCAL\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}
[2011/12/21 04:54:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 02:00:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 02:00:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/03/29 22:37:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [ACFinder] "C:\Users\Tonerama\AppData\Local\AppCore\ACFinder\ACFinder.exe" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 142.163.63.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81BA2DF6-ECBB-4EBF-AF3A-121A03E043B5}: DhcpNameServer = 192.168.2.1 142.163.63.129
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/31 11:21:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/31 09:20:10 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\OTL - Copy.exe
[2012/03/31 09:17:15 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/03/30 11:12:02 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\Desktop\SecureFiles
[2012/03/30 10:53:06 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\OTL.exe
[2012/03/30 10:48:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\TFC.exe
[2012/03/29 22:42:19 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/03/29 22:37:25 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/29 22:35:52 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Local\temp
[2012/03/29 22:23:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/03/29 22:23:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/03/29 22:23:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/03/29 22:23:41 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/03/29 22:23:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/29 22:22:48 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Tonerama\Desktop\RootkitRevealer.exe
[2012/03/29 12:26:14 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Local\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}
[2012/03/29 12:03:09 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Local\AppCore
[2012/03/25 18:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/25 18:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/03/22 08:10:44 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\Documents\P90
[2012/03/16 21:24:16 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Local\ElevatedDiagnostics
[2012/03/16 19:59:56 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\Documents\web pages
[2012/03/16 19:13:42 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\Documents\REI Books

========== Files - Modified Within 30 Days ==========

[2012/03/31 12:19:09 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/31 12:19:09 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/31 12:17:31 | 000,631,364 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/03/31 12:17:31 | 000,111,456 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/03/31 12:15:09 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/31 12:14:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/03/31 12:13:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At48.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At47.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At46.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At45.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At44.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At43.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At42.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At41.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At40.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At39.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At38.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At37.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At36.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At35.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At34.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At33.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At32.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At31.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At30.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At29.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At28.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At27.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At9.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At8.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At7.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At6.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At5.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At4.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At3.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At24.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At23.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At22.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At21.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At20.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At2.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At19.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At18.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At17.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At16.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At15.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At14.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At13.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At12.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At11.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At10.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At1.job
[2012/03/31 12:11:59 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/31 12:11:57 | 2357,612,544 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/31 12:08:05 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At25.job
[2012/03/31 12:03:38 | 000,000,342 | ---- | M] () -- C:\windows\tasks\At26.job
[2012/03/31 09:17:45 | 000,000,644 | ---- | M] () -- C:\windows\System32\secustat.dat
[2012/03/29 22:37:24 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/03/29 22:01:03 | 000,000,112 | ---- | M] () -- C:\ProgramData\GWV4LhQ.dat
[2012/03/29 21:47:00 | 000,099,328 | ---- | M] () -- C:\ProgramData\d14ad6co.exe
[2012/03/28 09:13:06 | 000,001,078 | ---- | M] () -- C:\Users\Tonerama\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/03/25 18:45:31 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/03/22 08:50:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\OTL.exe
[2012/03/22 08:50:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\OTL - Copy.exe
[2012/03/22 03:48:17 | 000,879,714 | ---- | M] () -- C:\Users\Tonerama\Desktop\SecurityCheck.exe
[2012/03/15 08:37:42 | 000,409,752 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/03/09 00:45:40 | 000,005,632 | ---- | M] () -- C:\Users\Tonerama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/03/31 12:03:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At48.job
[2012/03/31 12:03:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At47.job
[2012/03/31 12:03:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At46.job
[2012/03/31 12:03:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At45.job
[2012/03/31 12:03:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At44.job
[2012/03/31 12:03:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At43.job
[2012/03/31 12:03:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At42.job
[2012/03/31 12:03:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At41.job
[2012/03/31 12:03:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At40.job
[2012/03/31 12:03:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At39.job
[2012/03/31 12:03:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At38.job
[2012/03/31 12:03:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At37.job
[2012/03/31 12:03:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At36.job
[2012/03/31 12:03:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At35.job
[2012/03/31 12:03:04 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At34.job
[2012/03/31 12:03:03 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At33.job
[2012/03/31 12:03:03 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At32.job
[2012/03/31 12:03:03 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At31.job
[2012/03/31 12:03:03 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At30.job
[2012/03/31 12:03:03 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At29.job
[2012/03/31 12:03:03 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At28.job
[2012/03/31 12:03:03 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At27.job
[2012/03/31 12:03:03 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At26.job
[2012/03/31 12:03:03 | 000,000,342 | ---- | C] () -- C:\windows\tasks\At25.job
[2012/03/31 12:03:03 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At24.job
[2012/03/31 12:03:03 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At23.job
[2012/03/31 12:03:03 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At22.job
[2012/03/31 12:03:03 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At21.job
[2012/03/31 12:03:03 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At20.job
[2012/03/31 12:03:03 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At19.job
[2012/03/31 12:03:03 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At18.job
[2012/03/31 12:03:03 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At17.job
[2012/03/31 12:03:03 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At16.job
[2012/03/31 12:03:03 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At15.job
[2012/03/31 12:03:02 | 000,099,328 | ---- | C] () -- C:\ProgramData\d14ad6co.exe
[2012/03/31 12:03:02 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At9.job
[2012/03/31 12:03:02 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At8.job
[2012/03/31 12:03:02 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At7.job
[2012/03/31 12:03:02 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At6.job
[2012/03/31 12:03:02 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At5.job
[2012/03/31 12:03:02 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At4.job
[2012/03/31 12:03:02 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At3.job
[2012/03/31 12:03:02 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At2.job
[2012/03/31 12:03:02 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At14.job
[2012/03/31 12:03:02 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At13.job
[2012/03/31 12:03:02 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At12.job
[2012/03/31 12:03:02 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At11.job
[2012/03/31 12:03:02 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At10.job
[2012/03/31 12:03:02 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At1.job
[2012/03/31 09:03:45 | 000,000,886 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/31 09:03:44 | 000,000,882 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/30 10:53:20 | 000,879,714 | ---- | C] () -- C:\Users\Tonerama\Desktop\SecurityCheck.exe
[2012/03/29 22:23:46 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/03/29 22:23:46 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/03/29 22:23:46 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/03/29 22:23:46 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/03/29 22:23:46 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/03/29 21:46:34 | 000,000,112 | ---- | C] () -- C:\ProgramData\GWV4LhQ.dat
[2012/03/29 12:38:37 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/02/07 23:36:01 | 000,005,632 | ---- | C] () -- C:\Users\Tonerama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 18:01:28 | 000,000,644 | ---- | C] () -- C:\windows\System32\secustat.dat
[2011/12/10 23:26:23 | 000,000,598 | ---- | C] () -- C:\windows\System32\secushr.dat
[2011/12/10 23:03:55 | 000,000,025 | ---- | C] () -- C:\windows\libem.INI
[2011/09/29 09:16:12 | 000,000,094 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/09/16 09:35:50 | 000,034,817 | ---- | C] () -- C:\windows\System32\icmrreg.dll
[2011/09/14 19:35:42 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011/09/14 19:21:04 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe
[2010/07/06 23:32:45 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

========== LOP Check ==========

[2011/09/29 09:16:12 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\AuctionSentry
[2012/01/17 23:55:34 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\BAxBEx
[2012/03/31 09:17:46 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\BITS
[2011/12/10 23:03:28 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\FlashGet
[2011/12/10 23:03:25 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\FlashGetBHO
[2011/10/18 15:52:23 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\Toshiba
[2011/10/08 11:13:23 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\WildTangent
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At1.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At10.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At11.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At12.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At13.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At14.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At15.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At16.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At17.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At18.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At19.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At2.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At20.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At21.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At22.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At23.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At24.job
[2012/03/31 12:08:05 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At25.job
[2012/03/31 12:03:38 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At26.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At27.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At28.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At29.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At3.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At30.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At31.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At32.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At33.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At34.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At35.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At36.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At37.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At38.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At39.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At4.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At40.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At41.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At42.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At43.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At44.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At45.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At46.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At47.job
[2012/03/31 12:12:01 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\At48.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At5.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At6.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At7.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At8.job
[2012/03/31 12:12:01 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At9.job
[2009/07/14 02:23:46 | 000,020,012 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#7
nubiwan
Posted 31 March 2012 - 08:56 AM

nubiwan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
appears combofix tried delteing the same AT files you did. Was still hearing these soundbytes before the last fix you gave me. Does it look clean now? What exatly was it?
  • 0

#8
Essexboy
Posted 31 March 2012 - 09:04 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this can you let me know what problems remain, also could you post the log that pops up on reboot from OTL

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AdfuUd.dll -- (zpcollector)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\YCNTZNENZ.exe -- (YCNTZNENZ)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\transbaseservice.dll -- (nwlnkspx)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wlluc48.dll -- (LwUsbHid)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\LQUMIP.exe -- (LQUMIP)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\KSJVHCZQULC.exe -- (KSJVHCZQULC)
    O4 - HKCU..\Run: [ACFinder] "C:\Users\Tonerama\AppData\Local\AppCore\ACFinder\ACFinder.exe" File not found
    [2012/03/29 22:01:03 | 000,000,112 | ---- | M] () -- C:\ProgramData\GWV4LhQ.dat
    [2012/03/29 21:47:00 | 000,099,328 | ---- | M] () -- C:\ProgramData\d14ad6co.exe

    :Files
    ipconfig /flushdns /c
    C:\windows\tasks\At*.job

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#9
nubiwan
Posted 31 March 2012 - 09:12 AM

nubiwan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Got this log on reboot:
All processes killed
========== OTL ==========
Service zpcollector stopped successfully!
Service zpcollector deleted successfully!
File %systemroot%\system32\AdfuUd.dll not found.
Service YCNTZNENZ stopped successfully!
Service YCNTZNENZ deleted successfully!
File C:\Users\Tonerama\AppData\Local\Temp\YCNTZNENZ.exe not found.
Service nwlnkspx stopped successfully!
Service nwlnkspx deleted successfully!
File %systemroot%\system32\transbaseservice.dll not found.
Service LwUsbHid stopped successfully!
Service LwUsbHid deleted successfully!
File %systemroot%\system32\wlluc48.dll not found.
Service LQUMIP stopped successfully!
Service LQUMIP deleted successfully!
File C:\Users\Tonerama\AppData\Local\Temp\LQUMIP.exe not found.
Service KSJVHCZQULC stopped successfully!
Service KSJVHCZQULC deleted successfully!
File C:\Users\Tonerama\AppData\Local\Temp\KSJVHCZQULC.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ACFinder deleted successfully.
C:\ProgramData\GWV4LhQ.dat moved successfully.
C:\ProgramData\d14ad6co.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Tonerama\Desktop\cmd.bat deleted successfully.
C:\Users\Tonerama\Desktop\cmd.txt deleted successfully.
C:\windows\tasks\At1.job moved successfully.
C:\windows\tasks\At10.job moved successfully.
C:\windows\tasks\At11.job moved successfully.
C:\windows\tasks\At12.job moved successfully.
C:\windows\tasks\At13.job moved successfully.
C:\windows\tasks\At14.job moved successfully.
C:\windows\tasks\At15.job moved successfully.
C:\windows\tasks\At16.job moved successfully.
C:\windows\tasks\At17.job moved successfully.
C:\windows\tasks\At18.job moved successfully.
C:\windows\tasks\At19.job moved successfully.
C:\windows\tasks\At2.job moved successfully.
C:\windows\tasks\At20.job moved successfully.
C:\windows\tasks\At21.job moved successfully.
C:\windows\tasks\At22.job moved successfully.
C:\windows\tasks\At23.job moved successfully.
C:\windows\tasks\At24.job moved successfully.
C:\windows\tasks\At25.job moved successfully.
C:\windows\tasks\At26.job moved successfully.
C:\windows\tasks\At27.job moved successfully.
C:\windows\tasks\At28.job moved successfully.
C:\windows\tasks\At29.job moved successfully.
C:\windows\tasks\At3.job moved successfully.
C:\windows\tasks\At30.job moved successfully.
C:\windows\tasks\At31.job moved successfully.
C:\windows\tasks\At32.job moved successfully.
C:\windows\tasks\At33.job moved successfully.
C:\windows\tasks\At34.job moved successfully.
C:\windows\tasks\At35.job moved successfully.
C:\windows\tasks\At36.job moved successfully.
C:\windows\tasks\At37.job moved successfully.
C:\windows\tasks\At38.job moved successfully.
C:\windows\tasks\At39.job moved successfully.
C:\windows\tasks\At4.job moved successfully.
C:\windows\tasks\At40.job moved successfully.
C:\windows\tasks\At41.job moved successfully.
C:\windows\tasks\At42.job moved successfully.
C:\windows\tasks\At43.job moved successfully.
C:\windows\tasks\At44.job moved successfully.
C:\windows\tasks\At45.job moved successfully.
C:\windows\tasks\At46.job moved successfully.
C:\windows\tasks\At47.job moved successfully.
C:\windows\tasks\At48.job moved successfully.
C:\windows\tasks\At5.job moved successfully.
C:\windows\tasks\At6.job moved successfully.
C:\windows\tasks\At7.job moved successfully.
C:\windows\tasks\At8.job moved successfully.
C:\windows\tasks\At9.job moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tonerama
->Temp folder emptied: 163619 bytes
->Temporary Internet Files folder emptied: 7910878 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 399542 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb



OTL by OldTimer - Version 3.2.39.2 log created on 03312012_123736

Files\Folders moved on Reboot...
C:\Users\Tonerama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4Y6H3J5\eBayISAPI[1].html moved successfully.
C:\Users\Tonerama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ1UPCJ2\eBayISAPI[1].html moved successfully.
C:\Users\Tonerama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ1UPCJ2\RTM_825;cat=11450;sz=414x114;tile=2;ord=1333206150[1].htm moved successfully.
File move failed. C:\Users\Tonerama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B69WC4E4\copt=ist;tile=1;um=0;us=13;eb_trk=172857;pr=20;xp=20;np=20;uz=Unknown;fbi=;sbi=;fbo=;sbo=;fse=;sse=;fvi=11450;svi=15724;cg=632218771360a47a44557505ff101cd8[1].txt scheduled to be moved on reboot.
C:\Users\Tonerama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35ZPO7TA\230767131169[1].txt moved successfully.
C:\Users\Tonerama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35ZPO7TA\fastbutton[1].htm moved successfully.
C:\Users\Tonerama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35ZPO7TA\page__gopid__2139861[1].txt moved successfully.
C:\Users\Tonerama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35ZPO7TA\ViewItemDescV4[1].txt moved successfully.
C:\Users\Tonerama\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

#10
Essexboy
Posted 31 March 2012 - 09:16 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now run a fresh OTL scan to ensure that the jobs have gone. Plus what are your current problems ?
  • 0

Advertisements

#11
nubiwan
Posted 31 March 2012 - 09:17 AM

nubiwan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ant the OTL log now:

OTL logfile created on: 3/31/2012 12:42:17 PM - Run 8
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Tonerama\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 65.55% Memory free
5.85 Gb Paging File | 4.76 Gb Available in Paging File | 81.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 583.51 Gb Total Space | 471.58 Gb Free Space | 80.82% Space Free | Partition Type: NTFS

Computer Name: TONERAMA-PC | User Name: Tonerama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/30 23:38:14 | 000,298,608 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/03/22 08:50:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\OTL - Copy.exe
PRC - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/11/20 09:47:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 09:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/03/22 15:07:22 | 000,496,184 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2010/03/17 21:03:10 | 001,328,480 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\Teco.exe
PRC - [2010/03/17 20:26:22 | 000,189,808 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2010/03/14 23:26:38 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/03/14 23:26:08 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/03/09 18:40:50 | 000,467,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
PRC - [2010/03/03 19:12:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 19:11:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/03 18:44:52 | 000,742,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2010/03/03 16:47:48 | 000,030,040 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2010/02/23 22:24:04 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2010/02/23 22:23:32 | 000,685,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2010/02/22 17:53:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/02/05 22:11:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2010/02/05 22:10:44 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2010/01/28 21:14:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/11/11 19:01:32 | 000,022,840 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
PRC - [2009/11/06 02:34:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/11/06 02:34:12 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/10/06 13:53:12 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/10/06 13:51:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/07/29 00:56:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 20:13:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 18:30:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/03/10 23:21:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/09/25 05:40:50 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files\FlashGet\flashget.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 09:35:27 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll
MOD - [2012/02/16 09:34:38 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/16 09:34:30 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/16 09:34:09 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 09:34:02 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/16 09:34:01 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/14 10:29:46 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/14 17:17:23 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2010/03/03 18:44:58 | 000,016,184 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
MOD - [2010/03/03 18:44:56 | 000,016,184 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
MOD - [2010/03/03 18:44:32 | 008,783,160 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2010/02/05 22:10:28 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2009/11/03 17:56:26 | 000,058,680 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009/07/25 15:37:12 | 000,058,704 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2009/06/22 20:08:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2009/03/12 23:38:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/06/15 04:05:38 | 000,626,688 | ---- | M] () -- C:\Program Files\FlashGet\FGBTCORE.dll
MOD - [2007/06/14 08:22:06 | 001,327,184 | ---- | M] () -- C:\Program Files\FlashGet\FGEMCORE.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s716mgmt.dll -- (isdrv120)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvs.dll -- (Hardlock)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ulcdrhlp.dll -- (bwcsrv)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\BQPFU.exe -- (BQPFU)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\BPLGQPF.exe -- (BPLGQPF)
SRV - [2012/03/29 12:38:36 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/09/17 03:00:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/10/12 15:29:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/17 20:26:22 | 000,189,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2010/03/14 23:26:08 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/03/03 19:12:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/03 19:11:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/02/23 22:23:32 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2010/02/05 22:11:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010/01/28 21:14:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/11/06 02:34:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/10/06 13:51:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/07/28 20:13:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 22:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/10 23:21:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/12/10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 07:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 07:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/04/27 05:52:42 | 001,011,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/03/31 19:19:52 | 000,517,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/03/14 23:35:44 | 005,340,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010/03/14 22:30:44 | 000,152,064 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/02/22 22:33:32 | 000,066,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/02/10 19:31:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/03 10:06:34 | 000,232,960 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2010/02/01 14:59:46 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/09/17 17:24:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/07/30 22:15:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/14 19:58:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 19:43:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/07 13:23:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/22 21:34:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/20 00:01:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSCA
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...TSCA_en___CA449
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/30 15:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}: C:\Users\Tonerama\AppData\Local\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}\ [2012/03/29 12:26:14 | 000,000,000 | ---D | M]

[2012/01/30 15:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tonerama\AppData\Roaming\Mozilla\Extensions
[2012/01/30 15:18:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/29 12:26:14 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\TONERAMA\APPDATA\LOCAL\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}
[2011/12/21 04:54:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 02:00:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 02:00:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/03/31 12:37:38 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 142.163.63.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81BA2DF6-ECBB-4EBF-AF3A-121A03E043B5}: DhcpNameServer = 192.168.2.1 142.163.63.129
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/31 11:21:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/31 09:20:10 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\OTL - Copy.exe
[2012/03/31 09:17:15 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/03/30 11:12:02 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\Desktop\SecureFiles
[2012/03/30 10:53:06 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\OTL.exe
[2012/03/30 10:48:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\TFC.exe
[2012/03/29 22:42:19 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/03/29 22:37:25 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/29 22:35:52 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Local\temp
[2012/03/29 22:23:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/03/29 22:23:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/03/29 22:23:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/03/29 22:23:41 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/03/29 22:23:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/29 22:22:48 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Tonerama\Desktop\RootkitRevealer.exe
[2012/03/29 12:26:14 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Local\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}
[2012/03/29 12:03:09 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Local\AppCore
[2012/03/25 18:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/25 18:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/03/22 08:10:44 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\Documents\P90
[2012/03/16 21:24:16 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Local\ElevatedDiagnostics
[2012/03/16 19:59:56 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\Documents\web pages
[2012/03/16 19:13:42 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\Documents\REI Books

========== Files - Modified Within 30 Days ==========

[2012/03/31 12:39:20 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/31 12:38:55 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/03/31 12:38:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/31 12:38:50 | 2357,612,544 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/31 12:37:38 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2012/03/31 12:19:09 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/31 12:19:09 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/31 12:17:31 | 000,631,364 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/03/31 12:17:31 | 000,111,456 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/03/31 12:13:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/31 09:17:45 | 000,000,644 | ---- | M] () -- C:\windows\System32\secustat.dat
[2012/03/28 09:13:06 | 000,001,078 | ---- | M] () -- C:\Users\Tonerama\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/03/25 18:45:31 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/03/22 08:50:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\OTL.exe
[2012/03/22 08:50:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\OTL - Copy.exe
[2012/03/22 03:48:17 | 000,879,714 | ---- | M] () -- C:\Users\Tonerama\Desktop\SecurityCheck.exe
[2012/03/15 08:37:42 | 000,409,752 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/03/09 00:45:40 | 000,005,632 | ---- | M] () -- C:\Users\Tonerama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/03/31 09:03:45 | 000,000,886 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/31 09:03:44 | 000,000,882 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/30 10:53:20 | 000,879,714 | ---- | C] () -- C:\Users\Tonerama\Desktop\SecurityCheck.exe
[2012/03/29 22:23:46 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/03/29 22:23:46 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/03/29 22:23:46 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/03/29 22:23:46 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/03/29 22:23:46 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/03/29 12:38:37 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/02/07 23:36:01 | 000,005,632 | ---- | C] () -- C:\Users\Tonerama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 18:01:28 | 000,000,644 | ---- | C] () -- C:\windows\System32\secustat.dat
[2011/12/10 23:26:23 | 000,000,598 | ---- | C] () -- C:\windows\System32\secushr.dat
[2011/12/10 23:03:55 | 000,000,025 | ---- | C] () -- C:\windows\libem.INI
[2011/09/29 09:16:12 | 000,000,094 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/09/16 09:35:50 | 000,034,817 | ---- | C] () -- C:\windows\System32\icmrreg.dll
[2011/09/14 19:35:42 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011/09/14 19:21:04 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe
[2010/07/06 23:32:45 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

========== LOP Check ==========

[2011/09/29 09:16:12 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\AuctionSentry
[2012/01/17 23:55:34 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\BAxBEx
[2012/03/31 09:17:46 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\BITS
[2011/12/10 23:03:28 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\FlashGet
[2011/12/10 23:03:25 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\FlashGetBHO
[2011/10/18 15:52:23 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\Toshiba
[2011/10/08 11:13:23 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\WildTangent
[2009/07/14 02:23:46 | 000,020,266 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >



DUDE -my first time in this site. This is fantastic service - is the Paypal option for you, or for the web site? What is the typical fix value? I am not hearing any sound file playing now, but sometimes they don't start for 5-10 minutes. What did I have?

Edited by nubiwan, 31 March 2012 - 09:18 AM.

  • 0

#12
Essexboy
Posted 31 March 2012 - 09:41 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The original infection appeared to be a TDL3 rootkit which Combofix cleared
The ones I removed were basically a generic "lets annoy someone" type thing with possible redirects to a pay by click ad site to get someone a few (thousand) pennies

I would like to run a quick check now for orphans - it will only take a few minutes and confirm my thoughts that you now appear clean

'Tis my personal paypal link... And the choice is as always yours :)


Update Malwarebytes.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#13
nubiwan
Posted 31 March 2012 - 11:09 AM

nubiwan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
mbma log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.31.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Tonerama :: TONERAMA-PC [administrator]

Protection: Enabled

31/03/2012 2:33:59 PM
mbam-log-2012-03-31 (14-33-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187541
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#14
Essexboy
Posted 31 March 2012 - 11:11 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Pretty - any outstanding problems at all ?

Windows updates working ?
  • 0

#15
nubiwan
Posted 31 March 2012 - 12:59 PM

nubiwan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
looks good - sent you a a tenner on paypal. Buy yoyrself a pint on me, or two. Not sure what your norm is. Feel free to let me know. I am probabyl good for a few pints a year they way I surf around :) Cheers from Ex-pat in Canada
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP