Tech Support banner

Status
Not open for further replies.
1 - 20 of 20 Posts

·
Registered
Joined
·
31 Posts
Discussion Starter #1
For the past few days, I have been getting redirected to mywebface or wizard101.com when I visit some websites, not all, but they are normal and safe websites that I visit and have always visited, but now I'm getting this redirection. I will refresh the website and it will redirect again. This only happens maybe once or twice a day, but no matter what I've tried to remove it (malwarebytes, webroot), it hasn't worked. How can I get rid of it? Also, I do not have a Boot CD or a Windows Install Disc. Thanks for your help.

I couldn't attach the GMER scan because after I did that scan, it said: GMER hasn't found any system modification. It doesn't give me an option to select Sections or anything above Services. Those are blanked out and won't let me check them off. So this is all I can give you for now. The DDS text and the Attach zip.

The contents of my DDS text:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Ryan at 13:23:17.41 on Sun 01/30/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2474 [GMT -5:00]

AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\SSU.EXE
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Ryan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Ryan\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sslvpn.ghmne.com/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
mRun-x64: [(Default)]
mRun-x64: [cAudioFilterAgent] "C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [TosVolRegulator] "C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe"
mRun-x64: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun-x64: [SmartAudio] "C:\Program Files\CONEXANT\SAII\SAIICpl.exe" /t

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ga03fi3s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857572&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Ryan\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-6-9 202752]
R2 ssfmonm;ssfmonm;C:\Windows\System32\drivers\ssfmonm.sys [2010-9-14 55360]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe [2010-9-14 3872776]
R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2010-8-26 3066528]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-6-9 6403072]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-6-9 188928]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-2-22 75304]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-6-9 35008]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-4-26 1103904]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-9 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-14 135664]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2008-4-1 24576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-1 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-6-9 239136]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-16 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2011-01-29 13:59:00 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Malwarebytes
2011-01-29 13:58:44 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-29 13:58:41 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-01-29 13:58:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-28 23:11:40 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{DC797D3D-AA38-48A4-BD54-CD2E61673698}\mpengine.dll

==================== Find3M ====================

2011-01-29 14:33:27 14083 ----a-w- C:\DetectionData.tmp
2011-01-29 14:33:27 121220 ----a-w- C:\InformationalData.tmp
2010-11-29 22:38:30 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2010-11-04 06:35:53 1194496 ----a-w- C:\windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2010-11-02 05:21:51 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2010-11-02 05:18:59 662528 ----a-w- C:\windows\System32\XpsPrint.dll
2010-11-02 05:18:59 229888 ----a-w- C:\windows\System32\XpsRasterService.dll
2010-11-02 05:18:58 470016 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2010-11-02 05:18:17 524288 ----a-w- C:\windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\windows\System32\schedsvc.dll
2010-11-02 05:12:53 1133568 ----a-w- C:\windows\System32\FntCache.dll
2010-11-02 05:12:25 1540608 ----a-w- C:\windows\System32\DWrite.dll
2010-11-02 05:12:08 1837568 ----a-w- C:\windows\System32\d3d10warp.dll
2010-11-02 05:12:07 320512 ----a-w- C:\windows\System32\d3d10_1core.dll
2010-11-02 05:12:06 902656 ----a-w- C:\windows\System32\d2d1.dll
2010-11-02 05:12:06 197120 ----a-w- C:\windows\System32\d3d10_1.dll
2010-11-02 05:10:47 464384 ----a-w- C:\windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\windows\System32\schtasks.exe
2010-11-02 04:59:08 144384 ----a-w- C:\windows\System32\cdd.dll
2010-11-02 04:41:36 442880 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- C:\windows\SysWow64\XpsRasterService.dll
2010-11-02 04:40:36 496128 ----a-w- C:\windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\windows\SysWow64\taskcomp.dll
2010-11-02 04:35:51 1074176 ----a-w- C:\windows\SysWow64\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- C:\windows\SysWow64\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- C:\windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\windows\SysWow64\schtasks.exe
2010-11-02 02:50:58 258048 ----a-w- C:\windows\System32\drivers\dxgmms1.sys

============= FINISH: 13:25:16.38 ===============
 

Attachments

·
Registered
Joined
·
3,217 Posts
Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

A guide and tutorial on using ComboFix

Windows XP Users: Please ensure you install the recovery console when requested

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
 

·
Registered
Joined
·
3,217 Posts
Hi there

Delete the version of combofix that you currently have

Please download ComboFix from one of these locations:

Link 1
Link 2

Rename it to woodman123.exe before saving it to your desktop.

Double click on the renamed ComboFix.exe & follow the prompts.

  • When finished it will produce a log at C:\ComboFix.txt for you
  • Please include the log in your next reply.
 

·
Registered
Joined
·
31 Posts
Discussion Starter #5
that seems to have worked, however when I went to do the scan, it got through stage four completed and was still scanning for more than 2 hours. I aborted the scan. How long does the scan usually take? It said 10 minutes, maybe more for really infected computers, but my computer is fairly new, so I can't see it being extremely infected.
 

·
Registered
Joined
·
3,217 Posts
Hi there

Did you manage to complete the scan at all?

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    Code:
          netsvcs
          %SYSTEMDRIVE%\*.exe
          /md5start
          eventlog.dll
          scecli.dll
          netlogon.dll
          cngaudit.dll
          sceclt.dll
          ntelogon.dll
          logevent.dll
          iaStor.sys
          nvstor.sys
          atapi.sys
          IdeChnDr.sys
          viasraid.sys
          AGP440.sys
          vaxscsi.sys
          nvatabus.sys
          viamraid.sys
          nvata.sys
          nvgts.sys
          iastorv.sys
          ViPrt.sys
          eNetHook.dll
          ahcix86.sys
          KR10N.sys
          nvstor32.sys
          ahcix86s.sys
          nvrd32.sys
          /md5stop
          %systemroot%\*. /mp /s
          CREATERESTOREPOINT
          %systemroot%\system32\*.dll /lockedfiles
          %systemroot%\Tasks\*.job /lockedfiles
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Copy and paste them back here
 

·
Registered
Joined
·
31 Posts
Discussion Starter #7
I realized what the problem was. It was only one site that I went to that redirected me, and that was the site of my blog, so it appears as if someone has hijacked my blog and now redirects people to other sites. Now I have to figure out a way to fix that! ugh. thanks for the help. sorry, I feel as if I wasted your time.
 

·
Registered
Joined
·
31 Posts
Discussion Starter #8
hold on. I"m going to try it. It appears as if there may be a problem with my blog and my computer. I'll try the OTL and follow the instructions.
 

·
Registered
Joined
·
31 Posts
Discussion Starter #9
OTL logfile created on: 2/11/2011 10:57:58 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Ryan\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.55 Gb Total Space | 213.52 Gb Free Space | 74.51% Space Free | Partition Type: NTFS

Computer Name: WOODY21PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/11 22:40:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
PRC - [2011/01/04 11:05:06 | 000,083,440 | ---- | M] (Google) -- C:\Users\Ryan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/12/10 14:10:02 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/10 14:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/12/10 07:29:00 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/12/10 07:28:56 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/11/19 13:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/11 19:12:54 | 003,066,528 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2010/10/11 19:12:44 | 001,286,960 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2010/09/22 12:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (Antivirus Software, Antispyware & Internet Security | Webroot)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2010/09/22 12:41:30 | 000,157,536 | ---- | M] (Webroot Software, Inc. (Antivirus Software, Antispyware & Internet Security | Webroot)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2010/09/22 12:19:36 | 000,273,672 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe
PRC - [2010/03/23 20:09:25 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/02/24 03:54:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe


========== Modules (SafeList) ==========

MOD - [2011/02/11 22:40:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/06 13:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/03/15 11:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/23 19:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 00:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/12/10 07:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/11 19:12:54 | 003,066,528 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/09/22 12:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (Antivirus Software, Antispyware & Internet Security | Webroot)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/17 13:49:12 | 000,136,224 | ---- | M] (Webroot Software, Inc. (Antivirus Software, Antispyware & Internet Security | Webroot)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2010/06/17 13:49:10 | 000,055,360 | ---- | M] (Webroot Software, Inc. (Antivirus Software, Antispyware & Internet Security | Webroot)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2010/06/16 13:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/04/26 16:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/03/30 22:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/03/15 12:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/15 11:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/22 20:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/08 23:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 15:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/04/01 13:33:16 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1.12 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2857572&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/25 08:56:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/07 15:52:15 | 000,000,000 | ---D | M]

[2011/02/07 23:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2011/02/07 23:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/12/31 15:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ga03fi3s.default\extensions
[2010/12/30 17:16:22 | 000,000,919 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ga03fi3s.default\searchplugins\conduit.xml
[2010/10/15 20:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/02/07 17:33:44 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sslvpn.ghmne.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c5875469-0ee9-11e0-9bf7-c80aa9b1b2d2}\Shell - "" = AutoRun
O33 - MountPoints2\{c5875469-0ee9-11e0-9bf7-c80aa9b1b2d2}\Shell\AutoRun\command - "" = E:\MI.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/11 22:40:13 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2011/02/08 19:31:48 | 000,000,000 | --SD | C] -- C:\woodman123
[2011/02/08 19:31:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/02/08 19:31:15 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/02/08 18:38:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/02/08 18:38:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/02/08 18:38:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/02/07 23:06:54 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\TomTom
[2011/02/07 23:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2011/02/07 23:06:31 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\TomTom
[2011/02/07 23:06:31 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\TomTom
[2011/02/07 23:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2011/02/07 23:06:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V
[2011/02/07 23:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom HOME 2
[2011/02/07 22:27:42 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/02/07 22:27:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/07 15:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2011/02/07 15:43:39 | 001,136,304 | ---- | C] (LogMeIn, Inc.) -- C:\Users\Ryan\Desktop\Support-LogMeInRescue(2).exe
[2011/02/06 20:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
[2011/02/06 20:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2011/02/06 20:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2011/02/06 09:28:42 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Breakers and WPS
[2011/01/29 08:59:00 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Malwarebytes
[2011/01/29 08:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/29 08:58:41 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/01/29 08:58:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/11 22:43:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/11 22:40:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2011/02/11 22:38:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3802544481-4592965-101221923-1001UA.job
[2011/02/11 20:34:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/02/11 19:54:57 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/02/11 19:54:57 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/02/11 19:54:57 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/02/11 19:53:46 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3802544481-4592965-101221923-1001Core.job
[2011/02/11 08:41:25 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/11 08:41:25 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/11 08:33:41 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/11 08:33:22 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/10 21:45:49 | 000,018,582 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\wklnhst.dat
[2011/02/10 18:39:07 | 000,001,140 | ---- | M] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/02/09 20:51:15 | 000,343,576 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/02/07 16:01:36 | 000,002,693 | ---- | M] () -- C:\Users\Ryan\Desktop\Microsoft Office Outlook 2003.lnk
[2011/02/07 15:52:38 | 000,000,376 | ---- | M] () -- C:\windows\ODBC.INI
[2011/02/07 15:43:56 | 001,136,304 | ---- | M] (LogMeIn, Inc.) -- C:\Users\Ryan\Desktop\Support-LogMeInRescue(2).exe
[2011/02/06 20:04:33 | 000,002,239 | ---- | M] () -- C:\Users\Ryan\Desktop\LIG Development.LNK
[2011/02/06 20:03:15 | 000,001,594 | ---- | M] () -- C:\windows\VPNInstall.MIF
[2011/02/06 20:02:20 | 000,002,653 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/08 18:38:06 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/02/08 18:38:06 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/02/08 18:38:06 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/02/08 18:38:06 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/02/08 18:38:06 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/02/07 16:01:42 | 000,001,140 | ---- | C] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/02/07 16:01:36 | 000,002,693 | ---- | C] () -- C:\Users\Ryan\Desktop\Microsoft Office Outlook 2003.lnk
[2011/02/07 15:52:38 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011/02/06 20:04:33 | 000,002,239 | ---- | C] () -- C:\Users\Ryan\Desktop\LIG Development.LNK
[2011/02/06 20:02:20 | 000,002,653 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2011/02/06 20:02:06 | 000,001,594 | ---- | C] () -- C:\windows\VPNInstall.MIF
[2010/10/25 17:32:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/03 22:07:45 | 000,000,616 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Rim.Desktop.Exception.log
[2010/10/03 22:06:53 | 000,001,960 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/09/14 21:09:23 | 000,018,582 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\wklnhst.dat
[2010/09/14 20:23:15 | 000,030,424 | ---- | C] () -- C:\windows\SysWow64\wrLZMA.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2010/11/26 01:14:15 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\acccore
[2010/10/13 21:29:18 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Blackberry Desktop
[2010/09/24 18:56:55 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Juniper Networks
[2010/10/03 22:07:54 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Research In Motion
[2010/09/14 21:09:24 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Template
[2011/02/07 23:06:31 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\TomTom
[2010/09/18 09:03:24 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Toshiba
[2010/09/14 20:01:36 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\WinBatch
[2010/11/02 00:08:18 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Windows Live Writer
[2010/12/06 16:42:30 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/09/22 12:41:42 | 000,030,424 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\wrLZMA.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >



OTL Extras logfile created on: 2/11/2011 10:57:58 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Ryan\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.55 Gb Total Space | 213.52 Gb Free Space | 74.51% Space Free | Partition Type: NTFS

Computer Name: WOODY21PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21E2A283-1416-AF26-6DA1-92FDE02224EB}" = ccc-utility64
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5792CD64-61B4-C448-0D22-3C51DD73AB2A}" = ATI Catalyst Install Manager
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy Software Installer
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02950E10-1AA3-DF62-FED5-42CBD4ADC5C1}" = CCC Help Dutch
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = [email protected] 1.0
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{118F5964-DA03-7B46-BDEA-7C3FA203D293}" = CCC Help Spanish
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1CF51B76-7485-410C-D06D-23D1060974D3}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21759FAC-AE5F-F171-EB4C-D2FBF66EDD04}" = CCC Help Czech
"{219B4856-468A-F0BB-8249-E630AD4E86C2}" = ccc-core-static
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23EA31D7-28CD-F7B3-024C-6EB784F1BC79}" = CCC Help Russian
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3669F19D-D7C2-3240-C4EC-A57DECC124FC}" = CCC Help Japanese
"{37C5A56A-00EA-347B-B7A1-5628BED56702}" = Google Talk Plugin
"{38A0161D-7CD3-51AD-0ACB-F46DD34D2FF6}" = CCC Help Greek
"{39670BCD-6300-21D8-78A4-ECD68D0C4D95}" = CCC Help Chinese Standard
"{46A46830-50AA-3326-7A57-72BB03E6B3EC}" = CCC Help Hungarian
"{47984ADB-54E9-BE8F-E39F-8B1FAAD4B192}" = CCC Help Polish
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5570C266-C606-85BC-6E23-C858566E02DB}" = CCC Help Swedish
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E620377-939F-3E6B-F328-4A69D9CA0D1B}" = CCC Help French
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65F5F454-0029-045D-82ED-126F650B5C8F}" = Catalyst Control Center Graphics Previews Vista
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{836775DC-DC27-BC0C-7770-68E2591F6CC6}" = CCC Help Norwegian
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86236CB1-023D-82B2-A706-74ECFFA91A8E}" = Catalyst Control Center Graphics Previews Common
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{8B4BD0EF-A058-3F42-0AD8-763267A735D0}" = Catalyst Control Center Graphics Full New
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{8BE504E9-0677-87AC-07D2-1A1428E17A92}" = Catalyst Control Center InstallProxy
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90E00409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91D25D3C-A6D8-78D4-CDE7-F70B93389A03}" = CCC Help Italian
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9CD5AC28-04E5-07A5-100D-953D2B3A8747}" = Catalyst Control Center Graphics Full Existing
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AD8D84C3-D43A-776D-E4A8-2A4433BCBD32}" = CCC Help Korean
"{B0402CE4-783A-773C-239B-FF45BDFB400E}" = Catalyst Control Center Localization All
"{B32B60B9-C31B-3193-257A-2381305A0851}" = CCC Help German
"{B3B66630-DA7C-BD66-DFA4-F37AC82873EE}" = CCC Help Danish
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B8615768-6D66-5E53-C4E1-6F7EC8D9BFFE}" = CCC Help English
"{C289841E-5B5F-0198-F3FF-CB361D007DA3}" = CCC Help Thai
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7BC4EBB-D88F-019D-8ED0-F42F89096B18}" = CCC Help Turkish
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D10D079D-EFDA-9601-98F8-F935A2A411A0}" = CCC Help Chinese Traditional
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFD723B7-1762-73EC-32BC-A7D9E838808D}" = Catalyst Control Center Graphics Light
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E51FFEFB-68E2-4516-B293-35DC83B9767E}" = LeapFrog Tag Plugin
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E819AA87-4215-D35A-6872-BF97C32A9DB3}" = CCC Help Finnish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FD1F254C-48B2-A188-0127-03855BA15D16}" = CCC Help Portuguese
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABC Amber BlackBerry Converter" = ABC Amber BlackBerry Converter
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Best Buy Software Installer" = Best Buy Software Installer
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"TomTom HOME" = TomTom HOME 2.8.0.2146
"UPCShell" = LeapFrog Connect
"Webroot Software" = Webroot Software
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/7/2011 4:21:57 PM | Computer Name = Woody21PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 999

Error - 2/7/2011 4:21:57 PM | Computer Name = Woody21PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 999

Error - 2/7/2011 4:21:58 PM | Computer Name = Woody21PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/7/2011 4:21:58 PM | Computer Name = Woody21PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2184

Error - 2/7/2011 4:21:58 PM | Computer Name = Woody21PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2184

Error - 2/7/2011 5:05:47 PM | Computer Name = Woody21PC | Source = EventSystem | ID = 4621
Description =

Error - 2/7/2011 7:48:12 PM | Computer Name = Woody21PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/7/2011 7:48:12 PM | Computer Name = Woody21PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1170

Error - 2/7/2011 7:48:12 PM | Computer Name = Woody21PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1170

Error - 2/8/2011 12:06:27 AM | Computer Name = Woody21PC | Source = TomTomHOMEService | ID = 10000
Description =

[ System Events ]
Error - 11/28/2010 4:23:14 PM | Computer Name = Woody21PC | Source = DCOM | ID = 10010
Description =

Error - 12/2/2010 11:17:13 PM | Computer Name = Woody21PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/2/2010 11:17:42 PM | Computer Name = Woody21PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/2/2010 11:18:42 PM | Computer Name = Woody21PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056

Error - 12/13/2010 1:39:30 PM | Computer Name = Woody21PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 12/25/2010 8:37:53 AM | Computer Name = Woody21PC | Source = Service Control Manager | ID = 7030
Description = The LeapFrog Connect Device Service service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.

Error - 12/25/2010 9:57:38 AM | Computer Name = Woody21PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/28/2010 9:46:44 AM | Computer Name = Woody21PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Webroot
Spy Sweeper Engine service to connect.

Error - 12/28/2010 9:46:44 AM | Computer Name = Woody21PC | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%1053

Error - 12/31/2010 11:06:22 AM | Computer Name = Woody21PC | Source = DCOM | ID = 10010
Description =


< End of report >
 

·
Registered
Joined
·
3,217 Posts
Hi there

Lets clear out some system junk.....

1. Download Temp File Cleaner by OldTimer to your desktop, or other location.
2. Save any unsaved work. TFC will close all open application windows.
3. Double-click TFC.exe to run the program.
4. If prompted, click "Yes" to reboot.

Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

------------------------------------

Please download Malwarebytes Anti-Malware (MBAM) and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application. (If using Windows Vista, be sure to "Run As Administrator")
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

------------------------------------

Please run this online scan to help look for remnants. One vendor's definitions may find what another's does not. This scan will take an hour or two, please don't use the machine for anything else while the scan is ongoing.

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.
------------------------------------

Please post back with:
The log from MBAM
The log from ESET
Also keep me updated on how things are running.
 

·
Registered
Joined
·
31 Posts
Discussion Starter #11
I could not find the log file from Eset, however it said nothing was found when it did the scan (no infected files). here's the log from MBAM
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 5754

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/13/2011 11:34:48 AM
mbam-log-2011-02-13 (11-34-48).txt

Scan type: Quick scan
Objects scanned: 162205
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

·
Registered
Joined
·
31 Posts
Discussion Starter #12
check that, this is my new malware bytes log
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 5754

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/13/2011 9:16:27 PM
mbam-log-2011-02-13 (21-16-27).txt

Scan type: Quick scan
Objects scanned: 162122
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
c:\Users\Ryan\AppData\Local\Temp\grueskqxi\nvxsglxsika.exe (Trojan.Downloader) -> 4020 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vsvvarkc (Trojan.Downloader) -> Value: vsvvarkc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Ryan\AppData\Local\Temp\grueskqxi\nvxsglxsika.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Ryan\AppData\Local\Temp\0.8797399268702477.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
 

·
Registered
Joined
·
3,217 Posts
Hi there

Please go to: VirusTotal

In the middle of the page you'll find a "Browse" button.

  • Click the "Browse" button
  • Copy and paste the following into the filename box requester:
C:\install.exe

  • Click "Open".
  • Then click the "Send File" button at the bottom of the VirusTotal page.
This will scan the file. Please be patient.
If you get a message saying File has already been analysed: click Reanalyse file now

Copy and paste the results into your next reply
 

·
Registered
Joined
·
31 Posts
Discussion Starter #14
these are the results. I may have typed them in here multiple times.



Version Last Update Result
AhnLab-V3 2011.02.14.02 2011.02.14 -
AntiVir 7.11.3.55 2011.02.14 -
Antiy-AVL 2.0.3.7 2011.02.13 -
Avast 4.8.1351.0 2011.02.13 -
Avast5 5.0.677.0 2011.02.13 -
AVG 10.0.0.1190 2011.02.14 -
BitDefender 7.2 2011.02.14 -
CAT-QuickHeal 11.00 2011.02.14 -
ClamAV 0.96.4.0 2011.02.14 -
Commtouch 5.2.11.5 2011.02.14 -
Comodo 7682 2011.02.14 -
DrWeb 5.0.2.03300 2011.02.14 -
Emsisoft 5.1.0.2 2011.02.14 -
eSafe 7.0.17.0 2011.02.13 -
eTrust-Vet 36.1.8157 2011.02.14 -
F-Prot 4.6.2.117 2011.02.04 -
F-Secure 9.0.16160.0 2011.02.14 -
Fortinet 4.2.254.0 2011.02.14 -
GData 21 2011.02.14 -
Ikarus T3.1.1.97.0 2011.02.14 -
Jiangmin 13.0.900 2011.02.14 -
K7AntiVirus 9.83.3847 2011.02.14 -
Kaspersky 7.0.0.125 2011.02.14 -
McAfee 5.400.0.1158 2011.02.14 -
McAfee-GW-Edition 2010.1C 2011.02.14 -
Microsoft 1.6502 2011.02.14 -
NOD32 5872 2011.02.14 -
Norman 6.07.03 2011.02.14 -
nProtect 2011-01-27.01 2011.02.02 -
Panda 10.0.3.5 2011.02.13 -
PCTools 7.0.3.5 2011.02.13 -
Prevx 3.0 2011.02.14 -
Rising 23.45.00.00 2011.02.14 -
Sophos 4.61.0 2011.02.14 -
SUPERAntiSpyware 4.40.0.1006 2011.02.14 -
Symantec 20101.3.0.103 2011.02.14 -
TheHacker 6.7.0.1.130 2011.02.13 -
TrendMicro 9.200.0.1012 2011.02.14 -
TrendMicro-HouseCall 9.200.0.1012 2011.02.14 -
VBA32 3.12.14.3 2011.02.14 -
VIPRE 8415 2011.02.14 -
ViRobot 2011.2.14.4309 2011.02.14 -
VirusBuster 13.6.198.0 2011.02.13 -



* Table
* Tabulated
* CSV
* HTML
* BBCode
* Show positives only

Antivirus Version Last update Result
AhnLab-V3 2011.02.14.02 2011.02.14 -
AntiVir 7.11.3.55 2011.02.14 -
Antiy-AVL 2.0.3.7 2011.02.13 -
Avast 4.8.1351.0 2011.02.13 -
Avast5 5.0.677.0 2011.02.13 -
AVG 10.0.0.1190 2011.02.14 -
BitDefender 7.2 2011.02.14 -
CAT-QuickHeal 11.00 2011.02.14 -
ClamAV 0.96.4.0 2011.02.14 -
Commtouch 5.2.11.5 2011.02.14 -
Comodo 7682 2011.02.14 -
DrWeb 5.0.2.03300 2011.02.14 -
Emsisoft 5.1.0.2 2011.02.14 -
eSafe 7.0.17.0 2011.02.13 -
eTrust-Vet 36.1.8157 2011.02.14 -
F-Prot 4.6.2.117 2011.02.04 -
F-Secure 9.0.16160.0 2011.02.14 -
Fortinet 4.2.254.0 2011.02.14 -
GData 21 2011.02.14 -
Ikarus T3.1.1.97.0 2011.02.14 -
Jiangmin 13.0.900 2011.02.14 -
K7AntiVirus 9.83.3847 2011.02.14 -
Kaspersky 7.0.0.125 2011.02.14 -
McAfee 5.400.0.1158 2011.02.14 -
McAfee-GW-Edition 2010.1C 2011.02.14 -
Microsoft 1.6502 2011.02.14 -
NOD32 5872 2011.02.14 -
Norman 6.07.03 2011.02.14 -
nProtect 2011-01-27.01 2011.02.02 -
Panda 10.0.3.5 2011.02.13 -
PCTools 7.0.3.5 2011.02.13 -
Prevx 3.0 2011.02.14 -
Rising 23.45.00.00 2011.02.14 -
Sophos 4.61.0 2011.02.14 -
SUPERAntiSpyware 4.40.0.1006 2011.02.14 -
Symantec 20101.3.0.103 2011.02.14 -
TheHacker 6.7.0.1.130 2011.02.13 -
TrendMicro 9.200.0.1012 2011.02.14 -
TrendMicro-HouseCall 9.200.0.1012 2011.02.14 -
VBA32 3.12.14.3 2011.02.14 -
VIPRE 8415 2011.02.14 -
ViRobot 2011.2.14.4309 2011.02.14 -
VirusBuster 13.6.198.0 2011.02.13 -
MD5: 520a6d1cbcc9cf642c625fe814c93c58
SHA1: fb517abb38e9ccc67de411d4f18a9446c11c0923
SHA256: 08966ce743aa1cbed0874933e104ef7b913188ecd8f0c679f7d8378516c51da2
File size: 562688 bytes
Scan date: 2011-02-14 11:48:13 (UTC)

Antivirus Version Last update Result

AhnLab-V3 2011.02.14.02 2011.02.14 -

AntiVir 7.11.3.55 2011.02.14 -

Antiy-AVL 2.0.3.7 2011.02.13 -

Avast 4.8.1351.0 2011.02.13 -

Avast5 5.0.677.0 2011.02.13 -

AVG 10.0.0.1190 2011.02.14 -

BitDefender 7.2 2011.02.14 -

CAT-QuickHeal 11.00 2011.02.14 -

ClamAV 0.96.4.0 2011.02.14 -

Commtouch 5.2.11.5 2011.02.14 -

Comodo 7682 2011.02.14 -

DrWeb 5.0.2.03300 2011.02.14 -

Emsisoft 5.1.0.2 2011.02.14 -

eSafe 7.0.17.0 2011.02.13 -

eTrust-Vet 36.1.8157 2011.02.14 -

F-Prot 4.6.2.117 2011.02.04 -

F-Secure 9.0.16160.0 2011.02.14 -

Fortinet 4.2.254.0 2011.02.14 -

GData 21 2011.02.14 -

Ikarus T3.1.1.97.0 2011.02.14 -

Jiangmin 13.0.900 2011.02.14 -

K7AntiVirus 9.83.3847 2011.02.14 -

Kaspersky 7.0.0.125 2011.02.14 -

McAfee 5.400.0.1158 2011.02.14 -

McAfee-GW-Edition 2010.1C 2011.02.14 -

Microsoft 1.6502 2011.02.14 -

NOD32 5872 2011.02.14 -

Norman 6.07.03 2011.02.14 -

nProtect 2011-01-27.01 2011.02.02 -

Panda 10.0.3.5 2011.02.13 -

PCTools 7.0.3.5 2011.02.13 -

Prevx 3.0 2011.02.14 -

Rising 23.45.00.00 2011.02.14 -

Sophos 4.61.0 2011.02.14 -

SUPERAntiSpyware 4.40.0.1006 2011.02.14 -

Symantec 20101.3.0.103 2011.02.14 -

TheHacker 6.7.0.1.130 2011.02.13 -

TrendMicro 9.200.0.1012 2011.02.14 -

TrendMicro-HouseCall 9.200.0.1012 2011.02.14 -

VBA32 3.12.14.3 2011.02.14 -

VIPRE 8415 2011.02.14 -

ViRobot 2011.2.14.4309 2011.02.14 -

VirusBuster 13.6.198.0 2011.02.13 -

MD5: 520a6d1cbcc9cf642c625fe814c93c58

SHA1: fb517abb38e9ccc67de411d4f18a9446c11c0923

SHA256: 08966ce743aa1cbed0874933e104ef7b913188ecd8f0c679f7d8378516c51da2

File size: 562688 bytes

Scan date: 2011-02-14 11:48:13 (UTC)

"Antivirus", "Version", "Last update", "Result"
"AhnLab-V3", "2011.02.14.02", "2011.02.14", "-"
"AntiVir", "7.11.3.55", "2011.02.14", "-"
"Antiy-AVL", "2.0.3.7", "2011.02.13", "-"
"Avast", "4.8.1351.0", "2011.02.13", "-"
"Avast5", "5.0.677.0", "2011.02.13", "-"
"AVG", "10.0.0.1190", "2011.02.14", "-"
"BitDefender", "7.2", "2011.02.14", "-"
"CAT-QuickHeal", "11.00", "2011.02.14", "-"
"ClamAV", "0.96.4.0", "2011.02.14", "-"
"Commtouch", "5.2.11.5", "2011.02.14", "-"
"Comodo", "7682", "2011.02.14", "-"
"DrWeb", "5.0.2.03300", "2011.02.14", "-"
"Emsisoft", "5.1.0.2", "2011.02.14", "-"
"eSafe", "7.0.17.0", "2011.02.13", "-"
"eTrust-Vet", "36.1.8157", "2011.02.14", "-"
"F-Prot", "4.6.2.117", "2011.02.04", "-"
"F-Secure", "9.0.16160.0", "2011.02.14", "-"
"Fortinet", "4.2.254.0", "2011.02.14", "-"
"GData", "21", "2011.02.14", "-"
"Ikarus", "T3.1.1.97.0", "2011.02.14", "-"
"Jiangmin", "13.0.900", "2011.02.14", "-"
"K7AntiVirus", "9.83.3847", "2011.02.14", "-"
"Kaspersky", "7.0.0.125", "2011.02.14", "-"
"McAfee", "5.400.0.1158", "2011.02.14", "-"
"McAfee-GW-Edition", "2010.1C", "2011.02.14", "-"
"Microsoft", "1.6502", "2011.02.14", "-"
"NOD32", "5872", "2011.02.14", "-"
"Norman", "6.07.03", "2011.02.14", "-"
"nProtect", "2011-01-27.01", "2011.02.02", "-"
"Panda", "10.0.3.5", "2011.02.13", "-"
"PCTools", "7.0.3.5", "2011.02.13", "-"
"Prevx", "3.0", "2011.02.14", "-"
"Rising", "23.45.00.00", "2011.02.14", "-"
"Sophos", "4.61.0", "2011.02.14", "-"
"SUPERAntiSpyware", "4.40.0.1006", "2011.02.14", "-"
"Symantec", "20101.3.0.103", "2011.02.14", "-"
"TheHacker", "6.7.0.1.130", "2011.02.13", "-"
"TrendMicro", "9.200.0.1012", "2011.02.14", "-"
"TrendMicro-HouseCall", "9.200.0.1012", "2011.02.14", "-"
"VBA32", "3.12.14.3", "2011.02.14", "-"
"VIPRE", "8415", "2011.02.14", "-"
"ViRobot", "2011.2.14.4309", "2011.02.14", "-"
"VirusBuster", "13.6.198.0", "2011.02.13", "-"
"MD5", "520a6d1cbcc9cf642c625fe814c93c58"
"SHA1", "fb517abb38e9ccc67de411d4f18a9446c11c0923"
"SHA256", "08966ce743aa1cbed0874933e104ef7b913188ecd8f0c679f7d8378516c51da2"
"File size", "562688 bytes"
"Scan date", "2011-02-14 11:48:13 (UTC)"
<table id="filescan">
<tr>
<th>Antivirus</th>
<th>Version</th>
<th>Last update</th>
<th>Result</th>
</tr>
<tr>
<td>AhnLab-V3</td>
<td>2011.02.14.02</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>AntiVir</td>
<td>7.11.3.55</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>Antiy-AVL</td>
<td>2.0.3.7</td>
<td>2011.02.13</td>
<td>-</td>
</tr>
<tr>
<td>Avast</td>
<td>4.8.1351.0</td>
<td>2011.02.13</td>
<td>-</td>
</tr>
<tr>
<td>Avast5</td>
<td>5.0.677.0</td>
<td>2011.02.13</td>
<td>-</td>
</tr>
<tr>
<td>AVG</td>
<td>10.0.0.1190</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>BitDefender</td>
<td>7.2</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>CAT-QuickHeal</td>
<td>11.00</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>ClamAV</td>
<td>0.96.4.0</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>Commtouch</td>
<td>5.2.11.5</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>Comodo</td>
<td>7682</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>DrWeb</td>
<td>5.0.2.03300</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>Emsisoft</td>
<td>5.1.0.2</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>eSafe</td>
<td>7.0.17.0</td>
<td>2011.02.13</td>
<td>-</td>
</tr>
<tr>
<td>eTrust-Vet</td>
<td>36.1.8157</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>F-Prot</td>
<td>4.6.2.117</td>
<td>2011.02.04</td>
<td>-</td>
</tr>
<tr>
<td>F-Secure</td>
<td>9.0.16160.0</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>Fortinet</td>
<td>4.2.254.0</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>GData</td>
<td>21</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>Ikarus</td>
<td>T3.1.1.97.0</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>Jiangmin</td>
<td>13.0.900</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>K7AntiVirus</td>
<td>9.83.3847</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>Kaspersky</td>
<td>7.0.0.125</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>McAfee</td>
<td>5.400.0.1158</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>McAfee-GW-Edition</td>
<td>2010.1C</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>Microsoft</td>
<td>1.6502</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>NOD32</td>
<td>5872</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>Norman</td>
<td>6.07.03</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>nProtect</td>
<td>2011-01-27.01</td>
<td>2011.02.02</td>
<td>-</td>
</tr>
<tr>
<td>Panda</td>
<td>10.0.3.5</td>
<td>2011.02.13</td>
<td>-</td>
</tr>
<tr>
<td>PCTools</td>
<td>7.0.3.5</td>
<td>2011.02.13</td>
<td>-</td>
</tr>
<tr>
<td>Prevx</td>
<td>3.0</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>Rising</td>
<td>23.45.00.00</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>Sophos</td>
<td>4.61.0</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>SUPERAntiSpyware</td>
<td>4.40.0.1006</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>Symantec</td>
<td>20101.3.0.103</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>TheHacker</td>
<td>6.7.0.1.130</td>
<td>2011.02.13</td>
<td>-</td>
</tr>
<tr>
<td>TrendMicro</td>
<td>9.200.0.1012</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>TrendMicro-HouseCall</td>
<td>9.200.0.1012</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>VBA32</td>
<td>3.12.14.3</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>VIPRE</td>
<td>8415</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>ViRobot</td>
<td>2011.2.14.4309</td>
<td>2011.02.14</td>
<td>-</td>
</tr>
<tr>
<td>VirusBuster</td>
<td>13.6.198.0</td>
<td>2011.02.13</td>
<td>-</td>
</tr>
<table>

<table id="fileinfo">
<tr>
<th>Additional information</th>
</tr>
<tr>
<td><strong>MD5:</strong> 520a6d1cbcc9cf642c625fe814c93c58</td>
</tr>
<tr>
<td><strong>SHA1:</strong> fb517abb38e9ccc67de411d4f18a9446c11c0923</td>
</tr>
<tr>
<td><strong>SHA256:</strong> 08966ce743aa1cbed0874933e104ef7b913188ecd8f0c679f7d8378516c51da2</td>
</tr>
<tr>
<td><strong>File size:</strong> 562688 bytes</td>
</tr>
<tr>
<td><strong>Scan date:</strong> 2011-02-14 11:48:13 (UTC)</td>
</tr>
</table>
Antivirus results
AhnLab-V3 - 2011.02.14.02 - 2011.02.14 - -
AntiVir - 7.11.3.55 - 2011.02.14 - -
Antiy-AVL - 2.0.3.7 - 2011.02.13 - -
Avast - 4.8.1351.0 - 2011.02.13 - -
Avast5 - 5.0.677.0 - 2011.02.13 - -
AVG - 10.0.0.1190 - 2011.02.14 - -
BitDefender - 7.2 - 2011.02.14 - -
CAT-QuickHeal - 11.00 - 2011.02.14 - -
ClamAV - 0.96.4.0 - 2011.02.14 - -
Commtouch - 5.2.11.5 - 2011.02.14 - -
Comodo - 7682 - 2011.02.14 - -
DrWeb - 5.0.2.03300 - 2011.02.14 - -
Emsisoft - 5.1.0.2 - 2011.02.14 - -
eSafe - 7.0.17.0 - 2011.02.13 - -
eTrust-Vet - 36.1.8157 - 2011.02.14 - -
F-Prot - 4.6.2.117 - 2011.02.04 - -
F-Secure - 9.0.16160.0 - 2011.02.14 - -
Fortinet - 4.2.254.0 - 2011.02.14 - -
GData - 21 - 2011.02.14 - -
Ikarus - T3.1.1.97.0 - 2011.02.14 - -
Jiangmin - 13.0.900 - 2011.02.14 - -
K7AntiVirus - 9.83.3847 - 2011.02.14 - -
Kaspersky - 7.0.0.125 - 2011.02.14 - -
McAfee - 5.400.0.1158 - 2011.02.14 - -
McAfee-GW-Edition - 2010.1C - 2011.02.14 - -
Microsoft - 1.6502 - 2011.02.14 - -
NOD32 - 5872 - 2011.02.14 - -
Norman - 6.07.03 - 2011.02.14 - -
nProtect - 2011-01-27.01 - 2011.02.02 - -
Panda - 10.0.3.5 - 2011.02.13 - -
PCTools - 7.0.3.5 - 2011.02.13 - -
Prevx - 3.0 - 2011.02.14 - -
Rising - 23.45.00.00 - 2011.02.14 - -
Sophos - 4.61.0 - 2011.02.14 - -
SUPERAntiSpyware - 4.40.0.1006 - 2011.02.14 - -
Symantec - 20101.3.0.103 - 2011.02.14 - -
TheHacker - 6.7.0.1.130 - 2011.02.13 - -
TrendMicro - 9.200.0.1012 - 2011.02.14 - -
TrendMicro-HouseCall - 9.200.0.1012 - 2011.02.14 - -
VBA32 - 3.12.14.3 - 2011.02.14 - -
VIPRE - 8415 - 2011.02.14 - -
ViRobot - 2011.2.14.4309 - 2011.02.14 - -
VirusBuster - 13.6.198.0 - 2011.02.13 - -
File info:
MD5: 520a6d1cbcc9cf642c625fe814c93c58
SHA1: fb517abb38e9ccc67de411d4f18a9446c11c0923
SHA256: 08966ce743aa1cbed0874933e104ef7b913188ecd8f0c679f7d8378516c51da2
File size: 562688 bytes
Scan date: 2011-02-14 11:48:13 (UTC)
 

·
Registered
Joined
·
3,217 Posts
HI there

DDS is the log you generated when you first posted. If you have deleted DDS then follow the instructions below.

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click No at the next prompt for Optional Scan.
  • Save the reports to your desktop.
---------------------------------------------------

Please include the contents of DDS.txt in your next reply.
 

·
Registered
Joined
·
31 Posts
Discussion Starter #18
DDS contents

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Ryan at 19:28:10.69 on Tue 02/15/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2530 [GMT -5:00]

AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\SSU.EXE
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Ryan\Desktop\dds(2).scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sslvpn.ghmne.com/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
mRun-x64: [(Default)]
mRun-x64: [cAudioFilterAgent] "C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [TosVolRegulator] "C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe"
mRun-x64: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun-x64: [SmartAudio] "C:\Program Files\CONEXANT\SAII\SAIICpl.exe" /t

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ga03fi3s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857572&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Ryan\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-6-9 202752]
R2 ssfmonm;ssfmonm;C:\Windows\System32\drivers\ssfmonm.sys [2010-9-14 55360]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe [2010-9-14 3872776]
R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2010-8-26 3066528]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-6-9 6403072]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-6-9 188928]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-2-22 75304]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-6-9 35008]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-4-26 1103904]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-9 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-14 135664]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2008-4-1 24576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-1 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-6-9 239136]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-16 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2011-02-13 23:05:39 -------- d-----w- C:\Program Files (x86)\ESET
2011-02-13 16:31:03 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-11 18:38:26 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{790768BB-486E-483D-BEB7-5790D1980110}\mpengine.dll
2011-02-10 01:28:17 714752 ----a-w- C:\windows\System32\kerberos.dll
2011-02-10 01:28:17 541184 ----a-w- C:\windows\SysWow64\kerberos.dll
2011-02-09 00:31:48 -------- d-s---w- C:\woodman123
2011-02-08 23:38:06 98816 ----a-w- C:\windows\sed.exe
2011-02-08 23:38:06 89088 ----a-w- C:\windows\MBR.exe
2011-02-08 23:38:06 256512 ----a-w- C:\windows\PEV.exe
2011-02-08 23:38:06 161792 ----a-w- C:\windows\SWREG.exe
2011-02-08 04:06:52 -------- d-----w- C:\PROGRA~3\TomTom
2011-02-08 04:06:31 -------- d-----w- C:\Users\Ryan\AppData\Roaming\TomTom
2011-02-08 04:06:31 -------- d-----w- C:\Users\Ryan\AppData\Local\TomTom
2011-02-08 04:06:25 -------- d-----w- C:\Program Files (x86)\TomTom International B.V
2011-02-08 04:06:11 -------- d-----w- C:\Program Files (x86)\TomTom HOME 2
2011-02-07 20:52:09 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync
2011-02-07 01:02:16 -------- d-----w- C:\Program Files\Common Files\Deterministic Networks
2011-02-07 01:02:15 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2011-02-06 14:28:27 99840 ----a-w- C:\windows\System32\Spool\prtprocs\x64\HPZPPLHN.DLL
2011-01-29 13:59:00 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Malwarebytes
2011-01-29 13:58:44 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-29 13:58:41 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-01-29 13:58:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

==================== Find3M ====================

2011-01-26 06:53:10 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\windows\System32\cdd.dll
2011-01-07 08:06:50 46080 ----a-w- C:\windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\windows\System32\win32k.sys
2010-12-21 06:16:27 97280 ----a-w- C:\windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\windows\System32\licmgr10.dll
2010-12-18 05:29:40 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2010-12-18 04:55:03 482816 ----a-w- C:\windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2010-11-29 22:38:30 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts

============= FINISH: 19:30:06.76 ===============
 

·
Registered
Joined
·
3,217 Posts
Hi there

All is looking good, unless you are still experiencing any problems you are good to go.

If you had to disable any emulation drivers prior to posting then you can now re-enable them

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

We can now clear up after ourselves....

The following will uninstall combofix and implement some cleanup procedures as well as reset System Restore points:

Windows XP Users: Click Start > Select Run and copy/paste the following bolded text below into the Run box and click OK:
Windows Vista Users: Press the Windows key and r to bring up the run dialogue, copy and paste the text below in purple into the run box and click OK:

ComboFix /Uninstall



-----------------------------------------

Also ensure you remove the following

DDS - Delete the Icon to remove the program.
GMER - Delete the folder to remove the program

-----------------------------------------

Other tools we have used. - You can choose to keep them if you wish, or you can remove them at your discretion.

Temp File Cleaner - Delete the Icon to remove the program.
MBAM - Use add/remove programs from within control panel to remove the program
OTL - Click on OTL to open the program and then click on the CleanUp! Button

-----------------------------------------

Now that you appear to be free from malware lets help you stay that way!

Update windows on a regular basis - If you do not have automatic updates enabled then visit Microsoft's Update Page and update your computer from there.

Update your virus checker on a regular basis - It is no use having a virus checker with out of date definitions.
Keep an eye on your firewall. check what it wants to allow, do not simply allow everything, If there is any processes that you are unsure of then dont be afraid to ask for advice. For more information on firewalls read this article here

Safer Browsing
Use software such as Web of Trust to help you stay away from unsuspecting sites that have malicious purposes.
Use Spywareblaster to help prevent the installation of unwanted BHO's (Browser Helper Objects)

Use an alternative browser
Other browsers tend to be more secure than IE as they do not make use of active x objects, active x objects can be used by spyware as an infection point on your computer. Safer non active x browsers include Opera browser and, more recently, Firefox browser.

NB: Please note that although your browser may be more secure without active x it will not throw a ring of steel around your computer. If you purposly visit sites that are dubious in nature then infection will prevail.

Computer Maintenance
Malware can breed in temporary locations. Use a program such as ccleaner slim to clear out temporary files your computer on a regular basis.

Scan your computer regularly for malware
Scan on a regular basis to keep your computer clean, free software such as Spybot's Search & Destroy can help you stay clear. Other alternative software that runs under licience and monitors your computer continuously in the background for malware is Malwarebytes Anti-Malware (MBAM) and SUPERAntiSpyware- Please note that these products can also be run as free without a licience as a scan on demand scanner.

Secure your router
Change your routers default username and password, do not leave it at factory preset, doing so makes it easy for unauthorised access.

Encrypt your network. Set your wireless network encryption to a minimum level of WPA-PSK [TKIP]. This will help prevent any unauthorised users "piggybacking" onto your network and stealing your bandwidth which you have rightly paid for.

I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preveting malware, and how to stay safe whilst browsing the internet.

-> Staying Safe on the Internet - By Glaswegian
-> How to keep your computer free and legal - By sjb007
-> How to prevent Malware - By miekiemoes
-> I'm not pulling your leg, honest - By Sandi Hardmeie

**Kindly respond one more time and let me know if we may consider this thread resolved.
 
1 - 20 of 20 Posts
Status
Not open for further replies.
Top