Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus can't use computer at all. [Solved]

Started by Bobcat Bob , Jul 16 2012 07:25 PM

  • This topic is locked This topic is locked

#31
Bobcat Bob
Posted 18 July 2012 - 03:43 AM

Bobcat Bob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
Icons have returned
  • 0

Advertisements

#32
Bobcat Bob
Posted 18 July 2012 - 04:00 AM

Bobcat Bob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
========== PROCESSES ==========
All processes killed
========== OTL ==========
========== FILES ==========
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\x64 scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\temp scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\skin\sounds scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\skin\loc\ru\images scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\skin\loc\ru scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\skin\loc\fr scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\skin\loc\en\images scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\skin\loc\en scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\skin\loc\de scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\skin\loc scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\skin\layout scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\skin\images\tasks scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\skin\images\radar scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\skin\images scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\skin scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\Report\0C scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\Report\0B scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\Report\0A scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\Report\09 scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\Report\08 scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\Report\07 scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\Report\06 scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\Report\05 scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\Report\04 scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\Report\03 scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\Report\02 scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\Report\01 scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\Report\00 scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\Report scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\QB scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\Doc\ru scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\Doc\fr scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\Doc\en scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\Doc\de scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\Doc scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\bases\Stat scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529\bases scheduled to be moved on reboot.
Folder move failed. c:\users\Book Worm\AppData\Local\Temp\8243529 scheduled to be moved on reboot.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.54.0 log created on 07182012_044524
  • 0

#33
Bobcat Bob
Posted 18 July 2012 - 04:20 AM

Bobcat Bob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
OTL logfile created on: 7/18/2012 5:05:19 AM - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Book Worm\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.56% Memory free
7.93 Gb Paging File | 6.93 Gb Available in Paging File | 87.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.35 Gb Total Space | 190.61 Gb Free Space | 66.57% Space Free | Partition Type: NTFS
Drive D: | 3.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BOOKWORM-PC | User Name: Book Worm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/16 20:36:09 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/07/16 20:28:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Book Worm\Desktop\OTL.exe
PRC - [2009/04/16 20:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
PRC - [2009/03/30 18:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/03/06 19:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/24 13:40:26 | 000,242,176 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/03/17 13:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/03/06 20:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/02/19 16:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV:64bit: - [2008/08/22 12:26:52 | 000,535,608 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2007/11/21 18:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012/07/16 20:36:12 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/16 20:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009/03/30 18:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/03/06 19:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/03 18:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/17 18:56:21 | 000,556,632 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\3262941drv.sys -- (3262941drv)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/06/23 10:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/08/18 13:59:44 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 13:48:00 | 000,573,440 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl819xp.sys -- (rtl819xpn64) Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/03 04:39:42 | 000,234,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/03/25 19:23:26 | 000,035,392 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/03/19 15:52:02 | 000,016,392 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PMCF.sys -- (PMCF)
DRV:64bit: - [2009/03/18 13:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/02/12 17:28:00 | 000,057,344 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/02/11 19:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/01/14 15:50:50 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2007/12/11 16:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 16:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/04 12:29:04 | 000,014,872 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2007/04/23 15:15:48 | 000,031,016 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RtlProt.sys -- (RtlProt)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D9FF2B7C-515B-4143-A51E-EFF739B0B122}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{D9FF2B7C-515B-4143-A51E-EFF739B0B122}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB
IE - HKLM\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.co...age={startPage}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{11D7C32B-22AB-0D04-AB2E-9B7673A21173}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...s}&locale=en_US
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7TSHB_enUS337
IE - HKCU\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files (x86)\eMusic Download Manager\xulrunner\components [2011/09/20 15:33:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files (x86)\eMusic Download Manager\xulrunner\plugins [2011/09/20 15:33:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/09/20 15:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/09/20 15:34:23 | 000,000,000 | ---D | M]

[2011/09/20 15:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Book Worm\AppData\Roaming\Mozilla\Extensions
[2010/07/29 14:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Book Worm\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/09/20 15:33:48 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2011/09/20 15:33:48 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2011/09/20 15:33:48 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]

O1 HOSTS File: ([2012/07/18 02:39:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" File not found
O4 - HKLM..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun File not found
O4 - HKCU..\Run: [Google] C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Google\ccsjzu.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Book Worm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_38772662.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29E1443A-312E-43AA-8A69-EA08E720E14C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5458E34-ABD2-4FD2-B65C-EB976008761B}: DhcpNameServer = 168.94.0.15 168.94.0.14
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O30:64bit: - LSA: Security Packages - (s) - File not found
O30 - LSA: Security Packages - (s) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/12 04:38:58 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/18 04:29:29 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Book Worm\Desktop\unhide.exe
[2012/07/18 03:09:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/18 02:39:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/17 11:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/17 11:53:12 | 000,556,632 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\3262941drv.sys
[2012/07/17 04:35:23 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Book Worm\Desktop\aswMBR.exe
[2012/07/17 04:26:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/17 04:22:17 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Book Worm\Desktop\tdsskiller.exe
[2012/07/17 03:23:54 | 004,579,127 | R--- | C] (Swearware) -- C:\Users\Book Worm\Desktop\ComboFix.exe
[2012/07/17 03:16:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/16 20:36:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/07/16 20:28:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Book Worm\Desktop\OTL.exe
[2012/07/16 19:52:05 | 000,000,000 | ---D | C] -- C:\Users\Book Worm\AppData\Local\ElevatedDiagnostics
[2012/07/08 22:27:32 | 000,000,000 | ---D | C] -- C:\found.002
[2012/07/07 09:14:32 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

========== Files - Modified Within 30 Days ==========

[2012/07/18 05:02:54 | 000,011,104 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/18 05:02:54 | 000,011,104 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/18 04:55:37 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/18 04:55:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/18 04:55:24 | 3192,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/18 04:37:09 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/18 04:29:32 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Book Worm\Desktop\unhide.exe
[2012/07/18 02:39:15 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/18 02:14:42 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/07/17 18:56:21 | 000,556,632 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\3262941drv.sys
[2012/07/17 11:53:35 | 000,001,021 | ---- | M] () -- C:\Users\Book Worm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_38772662.lnk
[2012/07/17 11:48:25 | 000,002,316 | ---- | M] () -- C:\Users\Book Worm\Desktop\AVPTool.htm
[2012/07/17 04:40:27 | 000,000,512 | ---- | M] () -- C:\Users\Book Worm\Desktop\MBR.dat
[2012/07/17 04:39:27 | 000,000,512 | ---- | M] () -- C:\Users\Book Worm\Documents\MBR.dat
[2012/07/17 04:35:46 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Book Worm\Desktop\aswMBR.exe
[2012/07/17 04:22:41 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Book Worm\Desktop\tdsskiller.exe
[2012/07/17 04:04:42 | 398,249,076 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/17 03:23:58 | 004,579,127 | R--- | M] (Swearware) -- C:\Users\Book Worm\Desktop\ComboFix.exe
[2012/07/16 20:36:14 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/16 20:28:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Book Worm\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2012/07/18 02:14:42 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/07/17 11:53:35 | 000,001,021 | ---- | C] () -- C:\Users\Book Worm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_38772662.lnk
[2012/07/17 11:47:21 | 000,002,316 | ---- | C] () -- C:\Users\Book Worm\Desktop\AVPTool.htm
[2012/07/17 04:40:27 | 000,000,512 | ---- | C] () -- C:\Users\Book Worm\Desktop\MBR.dat
[2012/07/17 04:39:27 | 000,000,512 | ---- | C] () -- C:\Users\Book Worm\Documents\MBR.dat
[2012/07/16 20:36:14 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/09/03 08:03:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/03 08:03:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/03 08:03:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/03 08:03:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/03 08:03:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/08 10:23:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/08/25 17:02:55 | 000,000,000 | ---- | C] () -- C:\Users\Book Worm\jagex__preferences3.dat
[2010/08/25 17:02:47 | 000,000,099 | ---- | C] () -- C:\Users\Book Worm\jagex_runescape_preferences2.dat
[2010/08/25 17:01:26 | 000,000,046 | ---- | C] () -- C:\Users\Book Worm\jagex_runescape_preferences.dat

========== LOP Check ==========

[2011/09/20 15:50:22 | 000,000,000 | ---D | M] -- C:\Users\Book Worm\AppData\Roaming\eMusic
[2011/09/20 15:50:24 | 000,000,000 | ---D | M] -- C:\Users\Book Worm\AppData\Roaming\Merscom
[2011/09/20 15:50:30 | 000,000,000 | ---D | M] -- C:\Users\Book Worm\AppData\Roaming\PowerCinema
[2011/09/20 15:50:32 | 000,000,000 | ---D | M] -- C:\Users\Book Worm\AppData\Roaming\toshiba
[2011/09/20 15:50:32 | 000,000,000 | ---D | M] -- C:\Users\Book Worm\AppData\Roaming\WildTangent
[2011/09/20 15:50:32 | 000,000,000 | ---D | M] -- C:\Users\Book Worm\AppData\Roaming\WinBatch
[2011/09/20 15:50:32 | 000,000,000 | ---D | M] -- C:\Users\Book Worm\AppData\Roaming\Xilisoft
[2012/07/18 04:01:59 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< End of report >
  • 0

#34
maliprog
Posted 18 July 2012 - 04:27 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You didn't do OTL scan as described in my step. Please read it again. You must press button named None and paste some contest in OTL textbox before you press Quick Scan button.
  • 0

#35
Bobcat Bob
Posted 18 July 2012 - 11:04 AM

Bobcat Bob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
Sorry I could have sworn I did here is the new attemop.


OTL logfile created on: 7/18/2012 11:47:13 AM - Run 4
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Book Worm\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 3.04 Gb Available Physical Memory | 76.58% Memory free
7.93 Gb Paging File | 6.94 Gb Available in Paging File | 87.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.35 Gb Total Space | 190.60 Gb Free Space | 66.56% Space Free | Partition Type: NTFS
Drive D: | 3.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BOOKWORM-PC | User Name: Book Worm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/16 20:36:09 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/07/16 20:28:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Book Worm\Desktop\OTL.exe
PRC - [2009/04/16 20:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
PRC - [2009/03/30 18:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/03/06 19:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/24 13:40:26 | 000,242,176 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/03/17 13:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/03/06 20:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/02/19 16:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV:64bit: - [2008/08/22 12:26:52 | 000,535,608 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2007/11/21 18:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012/07/16 20:36:12 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/16 20:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009/03/30 18:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/03/06 19:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/03 18:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/17 18:56:21 | 000,556,632 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\3262941drv.sys -- (3262941drv)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/06/23 10:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/08/18 13:59:44 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 13:48:00 | 000,573,440 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl819xp.sys -- (rtl819xpn64) Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/03 04:39:42 | 000,234,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/03/25 19:23:26 | 000,035,392 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/03/19 15:52:02 | 000,016,392 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PMCF.sys -- (PMCF)
DRV:64bit: - [2009/03/18 13:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/02/12 17:28:00 | 000,057,344 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/02/11 19:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/01/14 15:50:50 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2007/12/11 16:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 16:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/04 12:29:04 | 000,014,872 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2007/04/23 15:15:48 | 000,031,016 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RtlProt.sys -- (RtlProt)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D9FF2B7C-515B-4143-A51E-EFF739B0B122}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{D9FF2B7C-515B-4143-A51E-EFF739B0B122}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB
IE - HKLM\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.co...age={startPage}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{11D7C32B-22AB-0D04-AB2E-9B7673A21173}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...s}&locale=en_US
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7TSHB_enUS337
IE - HKCU\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files (x86)\eMusic Download Manager\xulrunner\components [2011/09/20 15:33:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files (x86)\eMusic Download Manager\xulrunner\plugins [2011/09/20 15:33:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/09/20 15:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/09/20 15:34:23 | 000,000,000 | ---D | M]

[2011/09/20 15:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Book Worm\AppData\Roaming\Mozilla\Extensions
[2010/07/29 14:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Book Worm\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/09/20 15:33:48 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2011/09/20 15:33:48 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2011/09/20 15:33:48 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]

O1 HOSTS File: ([2012/07/18 02:39:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" File not found
O4 - HKLM..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun File not found
O4 - HKCU..\Run: [Google] C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Google\ccsjzu.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Book Worm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_38772662.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29E1443A-312E-43AA-8A69-EA08E720E14C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5458E34-ABD2-4FD2-B65C-EB976008761B}: DhcpNameServer = 168.94.0.15 168.94.0.14
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O30:64bit: - LSA: Security Packages - (s) - File not found
O30 - LSA: Security Packages - (s) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/12 04:38:58 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/18 04:29:29 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Book Worm\Desktop\unhide.exe
[2012/07/18 03:09:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/18 02:39:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/17 11:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/17 11:53:12 | 000,556,632 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\3262941drv.sys
[2012/07/17 04:35:23 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Book Worm\Desktop\aswMBR.exe
[2012/07/17 04:26:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/17 04:22:17 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Book Worm\Desktop\tdsskiller.exe
[2012/07/17 03:23:54 | 004,579,127 | R--- | C] (Swearware) -- C:\Users\Book Worm\Desktop\ComboFix.exe
[2012/07/17 03:16:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/16 20:36:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/07/16 20:28:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Book Worm\Desktop\OTL.exe
[2012/07/16 19:52:05 | 000,000,000 | ---D | C] -- C:\Users\Book Worm\AppData\Local\ElevatedDiagnostics
[2012/07/08 22:27:32 | 000,000,000 | ---D | C] -- C:\found.002
[2012/07/07 09:14:32 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

========== Files - Modified Within 30 Days ==========

[2012/07/18 11:49:44 | 000,011,104 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/18 11:49:44 | 000,011,104 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/18 11:42:20 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/18 11:42:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/18 11:42:08 | 3192,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/18 04:37:09 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/18 04:29:32 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Book Worm\Desktop\unhide.exe
[2012/07/18 02:39:15 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/18 02:14:42 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/07/17 18:56:21 | 000,556,632 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\3262941drv.sys
[2012/07/17 11:53:35 | 000,001,021 | ---- | M] () -- C:\Users\Book Worm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_38772662.lnk
[2012/07/17 11:48:25 | 000,002,316 | ---- | M] () -- C:\Users\Book Worm\Desktop\AVPTool.htm
[2012/07/17 04:40:27 | 000,000,512 | ---- | M] () -- C:\Users\Book Worm\Desktop\MBR.dat
[2012/07/17 04:39:27 | 000,000,512 | ---- | M] () -- C:\Users\Book Worm\Documents\MBR.dat
[2012/07/17 04:35:46 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Book Worm\Desktop\aswMBR.exe
[2012/07/17 04:22:41 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Book Worm\Desktop\tdsskiller.exe
[2012/07/17 04:04:42 | 398,249,076 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/17 03:23:58 | 004,579,127 | R--- | M] (Swearware) -- C:\Users\Book Worm\Desktop\ComboFix.exe
[2012/07/16 20:36:14 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/16 20:28:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Book Worm\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2012/07/18 02:14:42 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/07/17 11:53:35 | 000,001,021 | ---- | C] () -- C:\Users\Book Worm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_38772662.lnk
[2012/07/17 11:47:21 | 000,002,316 | ---- | C] () -- C:\Users\Book Worm\Desktop\AVPTool.htm
[2012/07/17 04:40:27 | 000,000,512 | ---- | C] () -- C:\Users\Book Worm\Desktop\MBR.dat
[2012/07/17 04:39:27 | 000,000,512 | ---- | C] () -- C:\Users\Book Worm\Documents\MBR.dat
[2012/07/16 20:36:14 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/09/03 08:03:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/03 08:03:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/03 08:03:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/03 08:03:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/03 08:03:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/08 10:23:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/08/25 17:02:55 | 000,000,000 | ---- | C] () -- C:\Users\Book Worm\jagex__preferences3.dat
[2010/08/25 17:02:47 | 000,000,099 | ---- | C] () -- C:\Users\Book Worm\jagex_runescape_preferences2.dat
[2010/08/25 17:01:26 | 000,000,046 | ---- | C] () -- C:\Users\Book Worm\jagex_runescape_preferences.dat

========== LOP Check ==========

[2011/09/20 15:50:22 | 000,000,000 | ---D | M] -- C:\Users\Book Worm\AppData\Roaming\eMusic
[2011/09/20 15:50:24 | 000,000,000 | ---D | M] -- C:\Users\Book Worm\AppData\Roaming\Merscom
[2011/09/20 15:50:30 | 000,000,000 | ---D | M] -- C:\Users\Book Worm\AppData\Roaming\PowerCinema
[2011/09/20 15:50:32 | 000,000,000 | ---D | M] -- C:\Users\Book Worm\AppData\Roaming\toshiba
[2011/09/20 15:50:32 | 000,000,000 | ---D | M] -- C:\Users\Book Worm\AppData\Roaming\WildTangent
[2011/09/20 15:50:32 | 000,000,000 | ---D | M] -- C:\Users\Book Worm\AppData\Roaming\WinBatch
[2011/09/20 15:50:32 | 000,000,000 | ---D | M] -- C:\Users\Book Worm\AppData\Roaming\Xilisoft
[2012/07/18 04:01:59 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< End of report >
  • 0

#36
maliprog
Posted 18 July 2012 - 02:54 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Strange. Let's try this step.

Download Farbar Recovery Scan Tool and save it to your desktop.

Run tool by double click.

Type the following in the edit box after "Search:".

sfcfiles.*;ipsec.*

Note: The file names should be separated by semicolon (;)

Click Search File(s) button and post the log (Search.txt) it makes to your next reply.
  • 0

#37
Bobcat Bob
Posted 18 July 2012 - 05:08 PM

Bobcat Bob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 16-07-2012 01
Ran by Book Worm at 18-07-2012 18:06:35
Running from C:\Users\Book Worm\Desktop
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.The operation completed successfully.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-07-18 18:05 - 2012-07-18 18:06 - 00000000 ____D C:\FRST
2012-07-18 18:04 - 2012-07-18 18:04 - 00891630 ____A (Farbar) C:\Users\Book Worm\Desktop\FRST.exe
2012-07-18 04:29 - 2012-07-18 04:38 - 00003544 ____A C:\Users\Book Worm\Desktop\unhide.txt
2012-07-18 04:29 - 2012-07-18 04:29 - 00399264 ____A (Bleeping Computer, LLC) C:\Users\Book Worm\Desktop\unhide.exe
2012-07-18 03:14 - 2012-07-18 03:14 - 00033558 ____A C:\Users\Book Worm\Desktop\Comfix.txt
2012-07-17 19:35 - 2012-07-17 19:35 - 00011916 ____A C:\Kaspersky.txt
2012-07-17 11:53 - 2012-07-17 11:53 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-07-17 11:50 - 2012-07-17 11:53 - 143332192 ____A C:\Users\Book Worm\Downloads\setup_11.0.0.1245.x01_2012_07_17_18_56.exe
2012-07-17 11:47 - 2012-07-17 11:48 - 00002316 ____A C:\Users\Book Worm\Desktop\AVPTool.htm
2012-07-17 11:43 - 2012-07-18 12:00 - 00062864 ____A C:\Users\Book Worm\Desktop\OTL.Txt
2012-07-17 04:40 - 2012-07-17 04:40 - 00001795 ____A C:\Users\Book Worm\Desktop\aswMBR.txt
2012-07-17 04:40 - 2012-07-17 04:40 - 00000512 ____A C:\Users\Book Worm\Desktop\MBR.dat
2012-07-17 04:39 - 2012-07-17 04:39 - 00001598 ____A C:\Users\Book Worm\Documents\aswMBR.txt
2012-07-17 04:39 - 2012-07-17 04:39 - 00000512 ____A C:\Users\Book Worm\Documents\MBR.dat
2012-07-17 04:35 - 2012-07-17 04:35 - 04731392 ____A (AVAST Software) C:\Users\Book Worm\Desktop\aswMBR.exe
2012-07-17 04:26 - 2012-07-17 04:50 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-17 04:22 - 2012-07-17 04:22 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Book Worm\Desktop\tdsskiller.exe
2012-07-17 04:04 - 2012-07-17 04:04 - 00277296 ____A C:\Windows\Minidump\071712-36441-01.dmp
2012-07-17 03:23 - 2012-07-17 03:23 - 04579127 ____R (Swearware) C:\Users\Book Worm\Desktop\ComboFix.exe
2012-07-17 03:16 - 2012-07-17 03:16 - 00000000 ____D C:\_OTL
2012-07-16 20:36 - 2012-07-16 20:36 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-16 20:36 - 2012-07-16 20:36 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-16 20:36 - 2012-07-16 20:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-16 20:28 - 2012-07-16 20:28 - 00596480 ____A (OldTimer Tools) C:\Users\Book Worm\Desktop\OTL.exe
2012-07-16 19:50 - 2012-07-16 19:50 - 00277312 ____A C:\Windows\Minidump\071612-23743-01.dmp
2012-07-12 16:45 - 2012-07-12 16:45 - 00277304 ____A C:\Windows\Minidump\071212-43851-01.dmp
2012-07-11 23:00 - 2012-07-11 23:00 - 00277304 ____A C:\Windows\Minidump\071112-48391-01.dmp
2012-07-10 09:21 - 2012-07-10 09:21 - 00277304 ____A C:\Windows\Minidump\071012-77782-01.dmp
2012-07-09 19:26 - 2012-07-09 19:26 - 00277304 ____A C:\Windows\Minidump\070912-48157-01.dmp
2012-07-09 13:31 - 2012-07-09 13:31 - 00277304 ____A C:\Windows\Minidump\070912-47720-01.dmp
2012-07-09 09:05 - 2012-07-09 09:05 - 00277320 ____A C:\Windows\Minidump\070912-77719-01.dmp
2012-07-08 22:27 - 2012-07-08 22:27 - 00000000 ____D C:\found.002
2012-07-07 09:14 - 2012-07-07 09:14 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-07 09:14 - 2012-07-07 09:14 - 00000000 __SHD C:\Windows\System32\%APPDATA%

============ 3 Months Modified Files ========================

2012-07-18 18:04 - 2012-07-18 18:04 - 00891630 ____A (Farbar) C:\Users\Book Worm\Desktop\FRST.exe
2012-07-18 18:03 - 2010-01-27 11:28 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-18 15:15 - 2011-09-20 16:11 - 01962522 ____A C:\Windows\WindowsUpdate.log
2012-07-18 12:00 - 2012-07-17 11:43 - 00062864 ____A C:\Users\Book Worm\Desktop\OTL.Txt
2012-07-18 11:42 - 2010-11-20 22:47 - 00215020 ____A C:\Windows\PFRO.log
2012-07-18 11:42 - 2010-01-27 11:28 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-18 11:42 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-18 11:42 - 2009-07-13 23:51 - 02122289 ____A C:\Windows\setupact.log
2012-07-18 04:38 - 2012-07-18 04:29 - 00003544 ____A C:\Users\Book Worm\Desktop\unhide.txt
2012-07-18 04:29 - 2012-07-18 04:29 - 00399264 ____A (Bleeping Computer, LLC) C:\Users\Book Worm\Desktop\unhide.exe
2012-07-18 04:01 - 2009-07-14 00:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-18 03:14 - 2012-07-18 03:14 - 00033558 ____A C:\Users\Book Worm\Desktop\Comfix.txt
2012-07-18 03:09 - 2011-09-03 08:29 - 00033558 ____A C:\ComboFix.txt
2012-07-18 02:39 - 2006-11-02 07:34 - 00000215 ____A C:\Windows\system.ini
2012-07-17 19:35 - 2012-07-17 19:35 - 00011916 ____A C:\Kaspersky.txt
2012-07-17 11:53 - 2012-07-17 11:50 - 143332192 ____A C:\Users\Book Worm\Downloads\setup_11.0.0.1245.x01_2012_07_17_18_56.exe
2012-07-17 11:48 - 2012-07-17 11:47 - 00002316 ____A C:\Users\Book Worm\Desktop\AVPTool.htm
2012-07-17 04:40 - 2012-07-17 04:40 - 00001795 ____A C:\Users\Book Worm\Desktop\aswMBR.txt
2012-07-17 04:40 - 2012-07-17 04:40 - 00000512 ____A C:\Users\Book Worm\Desktop\MBR.dat
2012-07-17 04:39 - 2012-07-17 04:39 - 00001598 ____A C:\Users\Book Worm\Documents\aswMBR.txt
2012-07-17 04:39 - 2012-07-17 04:39 - 00000512 ____A C:\Users\Book Worm\Documents\MBR.dat
2012-07-17 04:35 - 2012-07-17 04:35 - 04731392 ____A (AVAST Software) C:\Users\Book Worm\Desktop\aswMBR.exe
2012-07-17 04:22 - 2012-07-17 04:22 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Book Worm\Desktop\tdsskiller.exe
2012-07-17 04:04 - 2012-07-17 04:04 - 00277296 ____A C:\Windows\Minidump\071712-36441-01.dmp
2012-07-17 04:04 - 2012-02-25 11:51 - 398249076 ____A C:\Windows\MEMORY.DMP
2012-07-17 03:23 - 2012-07-17 03:23 - 04579127 ____R (Swearware) C:\Users\Book Worm\Desktop\ComboFix.exe
2012-07-16 20:36 - 2012-07-16 20:36 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-16 20:36 - 2012-07-16 20:36 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-16 20:36 - 2012-07-16 20:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-16 20:28 - 2012-07-16 20:28 - 00596480 ____A (OldTimer Tools) C:\Users\Book Worm\Desktop\OTL.exe
2012-07-16 19:50 - 2012-07-16 19:50 - 00277312 ____A C:\Windows\Minidump\071612-23743-01.dmp
2012-07-12 16:45 - 2012-07-12 16:45 - 00277304 ____A C:\Windows\Minidump\071212-43851-01.dmp
2012-07-11 23:00 - 2012-07-11 23:00 - 00277304 ____A C:\Windows\Minidump\071112-48391-01.dmp
2012-07-10 09:21 - 2012-07-10 09:21 - 00277304 ____A C:\Windows\Minidump\071012-77782-01.dmp
2012-07-09 19:26 - 2012-07-09 19:26 - 00277304 ____A C:\Windows\Minidump\070912-48157-01.dmp
2012-07-09 13:31 - 2012-07-09 13:31 - 00277304 ____A C:\Windows\Minidump\070912-47720-01.dmp
2012-07-09 09:05 - 2012-07-09 09:05 - 00277320 ____A C:\Windows\Minidump\070912-77719-01.dmp
2012-05-28 19:06 - 2012-05-28 19:06 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-28 19:06 - 2012-05-28 19:06 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-28 19:06 - 2012-05-28 19:06 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-05-28 19:06 - 2012-05-28 19:06 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-05-28 18:10 - 2011-09-03 08:54 - 00002127 ____A C:\Windows\epplauncher.mif
2012-05-07 13:50 - 2012-05-07 13:50 - 00277304 ____A C:\Windows\Minidump\050712-44382-01.dmp
2012-05-05 19:01 - 2012-05-05 19:00 - 00277304 ____A C:\Windows\Minidump\050512-43352-01.dmp

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2011-09-21 07:38] - [2011-02-25 01:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.

========================= Memory info ======================

Percentage of memory in use: 35%
Total physical RAM: 4059.18 MB
Available physical RAM: 2609.54 MB
Total Pagefile: 8116.55 MB
Available Pagefile: 6672.95 MB
Total Virtual: 4095.88 MB
Available Virtual: 3976.19 MB

======================= Partitions =========================

1 Drive c: (TI101800V0D ) (Fixed) (Total:286.35 GB) (Free:190.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (GSP1RMCHPXFREO_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 286 GB 1501 MB
Partition 3 Primary 10 GB 287 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI101800V0D NTFS Partition 286 GB Healthy System (partition with boot components)

==================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================
======================= End Of Log ==========================
  • 0

#38
maliprog
Posted 18 July 2012 - 11:09 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You hit wrong button. You clicked Scan instead Search File(s) button. Please read my step once then do it as described:

Run Farbar Recovery Scan Tool[/url] again.

Type the following in the edit box after "Search:".

sfcfiles.*;ipsec.*

Note: The file names should be separated by semicolon (;)

Click Search File(s) button and post the log (Search.txt) it makes to your next reply.
  • 0

#39
Bobcat Bob
Posted 18 July 2012 - 11:37 PM

Bobcat Bob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
Farbar Recovery Scan Tool Version: 16-07-2012 01
Ran by Book Worm at 2012-07-19 00:36:49
Running from C:\Users\Book Worm\Desktop

================== Search: "sfcfiles. : *;ipsec.*" ===================

=== End Of Search ===
  • 0

#40
maliprog
Posted 18 July 2012 - 11:50 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Malware infected your system files and I can't find replacement for them. Can you see if you have your Windows installation disk and let me know.
  • 0

Advertisements

#41
Bobcat Bob
Posted 18 July 2012 - 11:58 PM

Bobcat Bob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
Thats what I was afraid of I will have to look for it in the morning and let you know.
  • 0

#42
Bobcat Bob
Posted 19 July 2012 - 11:14 AM

Bobcat Bob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
I tore the house apart looking for it and can't find it. :(

I have the windows 7 disk not sure if that will help but not the one for Toshiba

Edited by Bobcat Bob, 19 July 2012 - 11:34 AM.

  • 0

#43
maliprog
Posted 19 July 2012 - 02:12 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's try that disk. We will try easy way first.

Insert disk into drive D.

  • Open an elevated command prompt. To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
  • Type the following command, and then press ENTER: 

    sfc /scannow

Let me know if this command finish successfully.
  • 0

#44
Bobcat Bob
Posted 19 July 2012 - 02:36 PM

Bobcat Bob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
It finished and said "Windows resource protection did not find any integrity violations."
  • 0

#45
maliprog
Posted 19 July 2012 - 02:40 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
That's great! Can you please run Combofix again as you did before and post log here for me. I need to see where we stand now.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP