Solved Slow Machine - Emails being distributed

wrathall · 2011/02/09

[Resolved] Slow Machine - Emails being distributed

Hello

I've noticed that my computer is running slower than usual, with occasional lag on video. Also my computer has been sending emails with advertisements to everyone on my contact list. Can you help please?

Thank you

broni · 2011/02/09

Please, complete all steps listed here: this post

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

wrathall · 2011/02/09

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5719

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09/02/2011 10:42:19 AM
mbam-log-2011-02-09 (10-42-19).txt

Scan type: Quick scan
Objects scanned: 158640
Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

wrathall · 2011/02/09

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite C650
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 207):
0x02E4D000 \SystemRoot\system32\ntoskrnl.exe
0x02E04000 \SystemRoot\system32\hal.dll
0x00BD3000 \SystemRoot\system32\kdcom.dll
0x00CF4000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D38000 \SystemRoot\system32\PSHED.dll
0x00D4C000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E65000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F09000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F18000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F6F000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F78000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F82000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FB5000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FC2000 \SystemRoot\System32\drivers\partmgr.sys
0x00FD7000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FE0000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x010C8000 \SystemRoot\System32\drivers\volmgrx.sys
0x01124000 \SystemRoot\System32\drivers\mountmgr.sys
0x0113E000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01145000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0124C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01368000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01371000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0139B000 \SystemRoot\system32\DRIVERS\msahci.sys
0x013A6000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x013B1000 \SystemRoot\system32\drivers\fltmgr.sys
0x01155000 \SystemRoot\system32\drivers\NISx64\1108000.005\SYMDS64.SYS
0x01200000 \SystemRoot\system32\drivers\fileinfo.sys
0x011C3000 \SystemRoot\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS
0x01459000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01610000 \SystemRoot\System32\Drivers\cng.sys
0x01683000 \SystemRoot\System32\drivers\pcw.sys
0x01694000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0169E000 \SystemRoot\system32\drivers\ndis.sys
0x01790000 \SystemRoot\system32\drivers\NETIO.SYS
0x0141A000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01801000 \SystemRoot\System32\drivers\tcpip.sys
0x0105E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x00E15000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017F0000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x017F5000 \SystemRoot\System32\Drivers\spldr.sys
0x00DAA000 \SystemRoot\System32\drivers\rdyboost.sys
0x01445000 \SystemRoot\System32\Drivers\mup.sys
0x01600000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01AA1000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01ADB000 \SystemRoot\system32\DRIVERS\disk.sys
0x01AF1000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02F72000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02F9C000 \SystemRoot\System32\Drivers\Null.SYS
0x02FA5000 \SystemRoot\System32\Drivers\Beep.SYS
0x02FAC000 \SystemRoot\System32\drivers\vga.sys
0x02FBA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02FDF000 \SystemRoot\System32\drivers\watchdog.sys
0x02FEF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02E00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02E09000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02E12000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02E1D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01B2F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02E2E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01B4D000 \SystemRoot\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS
0x01BC3000 \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS
0x01A00000 \SystemRoot\system32\drivers\afd.sys
0x03C54000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03C99000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03CA2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03CC8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03CDE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03CED000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03D08000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03D1C000 \SystemRoot\system32\drivers\NISx64\1108000.005\Ironx64.SYS
0x03D43000 \SystemRoot\system32\drivers\NISx64\1108000.005\SRTSPX64.SYS
0x03D57000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x03D61000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03D6B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03DBC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03DC8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03E83000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110208.003\IDSvia64.sys
0x03EFE000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x03F74000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x03F99000 \SystemRoot\System32\drivers\discache.sys
0x03FA8000 \SystemRoot\System32\Drivers\dfsc.sys
0x04011000 \SystemRoot\system32\drivers\NISx64\1108000.005\ccHPx64.sys
0x040AD000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x040BE000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110114.001\BHDrvx64.sys
0x041AB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x041D1000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x041D9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x041EF000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04A09000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x042CB000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04200000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04246000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04253000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x042A9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x043BF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x043E3000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x04432000 \SystemRoot\system32\DRIVERS\athrx.sys
0x045B1000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x045BE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x045DC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03E00000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x045EB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x045ED000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04400000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x0440A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0441A000 \SystemRoot\System32\Drivers\RootMdm.sys
0x04422000 \SystemRoot\system32\drivers\modem.sys
0x053DC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03E52000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x042BA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03FC6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03DD3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03C00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03C21000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x043F8000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x045FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x046AD000 \SystemRoot\system32\DRIVERS\ks.sys
0x046F0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04702000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0475C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0668A000 \SystemRoot\system32\drivers\CHDRT64.sys
0x0673D000 \SystemRoot\system32\drivers\portcls.sys
0x0677A000 \SystemRoot\system32\drivers\drmk.sys
0x0679C000 \SystemRoot\system32\drivers\ksthunk.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x067A2000 \SystemRoot\System32\drivers\Dxapi.sys
0x067AE000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02E3B000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x067BC000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x067CF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005E0000 \SystemRoot\System32\TSDDD.dll
0x00680000 \SystemRoot\System32\cdd.dll
0x067DD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06600000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06619000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06622000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0662F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0664C000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0667A000 \SystemRoot\system32\DRIVERS\pgeffect.sys
0x04771000 \SystemRoot\system32\drivers\luafv.sys
0x04794000 \SystemRoot\system32\drivers\WudfPf.sys
0x067EB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04600000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x04653000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04666000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02A88000 \SystemRoot\system32\drivers\HTTP.sys
0x02B50000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x02B5E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02B7C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02B94000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02A4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06A60000 \SystemRoot\system32\drivers\peauth.sys
0x06B06000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06B11000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06B3E000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06B50000 \SystemRoot\System32\DRIVERS\srv2.sys
0x080ED000 \SystemRoot\System32\DRIVERS\srv.sys
0x08183000 \SystemRoot\System32\drivers\ipnat.sys
0x08000000 \SystemRoot\System32\Drivers\NISx64\1108000.005\SRTSP64.SYS
0x08C01000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110208.037\EX64.SYS
0x08DBB000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110208.037\ENG64.SYS
0x77B50000 \Windows\System32\ntdll.dll
0x479E0000 \Windows\System32\smss.exe
0xFFE70000 \Windows\System32\apisetschema.dll
0xFF6E0000 \Windows\System32\autochk.exe
0x77A50000 \Windows\System32\user32.dll
0xFFE10000 \Windows\System32\ws2_32.dll
0xFFCE0000 \Windows\System32\wininet.dll
0xFFC40000 \Windows\System32\clbcatq.dll
0xFFBC0000 \Windows\System32\difxapi.dll
0xFF9B0000 \Windows\System32\ole32.dll
0x77D20000 \Windows\System32\normaliz.dll
0xFEC20000 \Windows\System32\shell32.dll
0x77930000 \Windows\System32\kernel32.dll
0xFEAF0000 \Windows\System32\rpcrt4.dll
0xFEAD0000 \Windows\System32\sechost.dll
0xFE9F0000 \Windows\System32\oleaut32.dll
0xFE810000 \Windows\System32\setupapi.dll
0xFE770000 \Windows\System32\msvcrt.dll
0xFE6A0000 \Windows\System32\usp10.dll
0xFE5C0000 \Windows\System32\advapi32.dll
0xFE5B0000 \Windows\System32\nsi.dll
0xFE560000 \Windows\System32\Wldap32.dll
0xFE550000 \Windows\System32\lpk.dll
0x77D10000 \Windows\System32\psapi.dll
0xFE3D0000 \Windows\System32\urlmon.dll
0xFE330000 \Windows\System32\comdlg32.dll
0xFE300000 \Windows\System32\imm32.dll
0xFE290000 \Windows\System32\gdi32.dll
0xFE210000 \Windows\System32\shlwapi.dll
0xFE100000 \Windows\System32\msctf.dll
0xFDEA0000 \Windows\System32\iertutil.dll
0xFDE80000 \Windows\System32\imagehlp.dll
0xFDE40000 \Windows\System32\wintrust.dll
0xFDE20000 \Windows\System32\devobj.dll
0xFDCB0000 \Windows\System32\crypt32.dll
0xFDC10000 \Windows\System32\comctl32.dll
0xFDBD0000 \Windows\System32\cfgmgr32.dll
0xFDB60000 \Windows\System32\KernelBase.dll
0xFDB50000 \Windows\System32\msasn1.dll
0x76A60000 \Windows\SysWOW64\normaliz.dll

Processes (total 64):
0 System Idle Process
4 System
308 C:\Windows\System32\smss.exe
412 csrss.exe
492 csrss.exe
500 C:\Windows\System32\wininit.exe
548 C:\Windows\System32\winlogon.exe
608 C:\Windows\System32\services.exe
616 C:\Windows\System32\lsass.exe
632 C:\Windows\System32\lsm.exe
724 C:\Windows\System32\svchost.exe
804 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
388 C:\Windows\System32\svchost.exe
108 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\spoolsv.exe
1312 C:\Windows\System32\svchost.exe
1404 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1432 C:\Windows\System32\svchost.exe
1460 C:\Windows\SysWOW64\svchost.exe
1632 C:\Windows\System32\taskhost.exe
1712 C:\Windows\System32\dwm.exe
1720 C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
1964 C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe
1992 C:\Windows\explorer.exe
1184 C:\Windows\System32\svchost.exe
2212 C:\Windows\System32\TODDSrv.exe
2288 C:\Windows\System32\igfxtray.exe
2324 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
2356 C:\Windows\System32\hkcmd.exe
2368 C:\Windows\System32\igfxpers.exe
2636 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2804 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2840 C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
3032 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2064 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
2084 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1480 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
340 C:\Windows\System32\alg.exe
1884 C:\Windows\System32\svchost.exe
3172 C:\Windows\System32\svchost.exe
3368 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3580 C:\Windows\System32\SearchIndexer.exe
3924 C:\Program Files\Windows Media Player\wmpnetwk.exe
3956 C:\Windows\System32\taskeng.exe
3992 C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
2060 C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
4072 C:\Windows\System32\svchost.exe
4736 dllhost.exe
5072 C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
240 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
4440 C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
4612 C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
4580 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
1564 C:\Windows\System32\wuauclt.exe
4980 C:\Windows\System32\SearchProtocolHost.exe
1768 C:\Windows\System32\audiodg.exe
1220 C:\Windows\System32\SearchFilterHost.exe
3840 dllhost.exe
764 dllhost.exe
1092 C:\Users\Dana\Desktop\MBRCheck.exe
3816 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545050B9A300, Rev: PB4OC64G

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61

Done!

wrathall · 2011/02/09

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-09 11:24:38
Windows 6.1.7600
Running: ckf0vqrv.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ????????wpdbusenum\fs???????????????????? P??????B?????B}???????? ??????????????????????????????`????????e??????????????? P?????????????????{D1B1E15B-6D32-42B1-9139-FF72A0A4ADFE}????????????*???????????d?????TCPIP6TUNNEL?Tcpip6???????????????`?????????????\Device\{D1B1E15B-6D32-42B1-9139-FF72A0A4ADFE}??????????????????????????????????????????????????? ?????????????????????-?????????????????f????????????????????????N????????????D????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????????????????????????????????????? ???????? ????????????0????????????&???????????????????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????????????????????&??????? ?????????????????????0????????????&????????????????????&??? ?????????????????????0????????????????????????????? ?????????????????????0????????????????????????????????????????????????ROOT\*6TO4MP\0011??????????????????d????????????????????????? ??????????????????????????????<??????i?????? ??????4????c.1.??Net
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????U???????????? ??????????????????????????????`????????e??? P??????i?????F8F??{7F7AA459-CE50-4EC3-AD9D-332B1F1BAA44}??6 "????*??????-????d49E??TCPIP6TUNNEL?Tcpip6??T??\Device\{7F7AA459-CE50-4EC3-AD9D-332B1F1BAA44}??cp???????????0??????9B??????????????????????????? ?????????????????????-?????????????????f???????????????? "{8????N??????3?????DAB??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?5-4??? ???????0?????????????,????????$?4?<???????????????????????????????E}??? ?????????????????????,????????z?????#EE2????$??????p???????A??Root\*6TO4MP\0050?????z??????5?????? "T??\\?\Root#*6TO4MP#0050#{cac88484-7515-4c03-82e6-71a87abac361}?3??? ???????1?????????????,??N?????$?4?<???????????????????????????????91??? ?????????????????????,????????????'????????????????????}????????????$??????1???????4??Root\*6TO4MP\0050???????????? "??????B2??\\?\Root#*6TO4MP#0050#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{7F7AA459-CE50-4EC3-AD9D-332B1F1BAA44}?3-??? ???????:?????????????:??????????1?&????????????????????-??? ???????8?????} "??????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ??????????4?????????? ?????????????????s07????????????????????????(??????????p?? "????????????????????????@??????????????? ??????????A??06??????????????? ?????????????????????,??????????????????????s8F3(?? ???????B??????x "??? ?????????????????????-?????????????????f??? ?????????????????????0??L????????? ??????-B4??????????????????????? ?????????????????????0????????????&????????????????????6??*i????????????X??????a???????????????B??-4????X?Microsoft?@?????7?0???~??????3??F2??????????????????? ??????????????????? ?????????????????????,????????????'????????????????????}??? ?????????????????????0????????????????????????????????????? ?????????????????????0????????????&????????????????????????????????6??? ??????????????????????????????<???????????? ??????????????????????????????????????????11??????? ?????????????????????????????? ???????????????Type?????? ??????d????c350??Network Address??????????????????????? ?????????????text????? ?????????????????????????????? ????????????? ??????????????????????????????t?????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ????ic??????Tc??? ???????@???????????????????? ?????????????? ???????????????5??? ??????? "??????t2???????????8?????? "????????@???7???????4??? ???????A?????} "???Disk drive?{CC??? ???????6??????n???6.1.7600.16385?82-???????????p??????????????????????????????? ???????D??????\D??? ?????????????????????0????????????????????? ??????????????????????????????????????????????? ?????????????????????0????????*???????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????&???????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????&????????????????????I??? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????&???????????????????????? ?????????????????????0????????????????????? ?????????????????????0???????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ????" ??????9B??? ???t???a??????47????$?????????????????ROOT\*6TO4MP\0043??????????????????d?????????k???d??????????? ???????v?????etB???????????????3???????????????????0??????01??? ??????????????????? ???????????????????????n???????????????????????D????????????<??????i??????6.1.7600.16385??????? P?????? "?????ip6????*?????? ????d7DA??? .?????????????????Microsoft 6to4 Adapter??????????????????????????????????????????????P???? ???????????????????o??????????`????????e??{EE120798-5DE9-4706-A4B9-4D8DEE268E54}??? "??TCPIP6TUNNEL?Tcpip6??0??????????????tunnel?a27??Microsoft 6to4 Adapter Driver???? ?????????????????????????????? "??? ??????5EF??? ???????-?????4DC??tunnel?}????? "?????? "?????29D??ndis5_ip6_tunnel?C??????????? ???????????????????????????????????????2??????????????? ?????????????????????????????? ????????????}???? ??????0????cDC3??Network Address?}????????????????t???? ??????E??59??text?4??????????? ?????????????????????????????? ???????16???? ??????-????c073??Type?????????????c???t???????????????????3?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???|?|?????????????|?????|????<??|????????h??????????}????N??????|???????}????????????????????????????D??|???????y????:??|????????h?????????????????????????????????????????? ???????|???????? ??|??????????D??????????e????%SystemRoot%\system32\usbperf.dll?????.??|??????????OpenUsbPerformanceData????????0??|??????????CloseUsbPerformanceData???????4??|???????t??CollectUsbPerformanceData????????$???|?????????????????e?????????|?????????e????usbperf.ini??????? ??n??????p???? ??????????????r???????????????????????????????????t????|??? ????????????????????????????????p??????|?|?|?|?|?|?|?|?|?|????? ???????n???????????|??????????f????????i??\SystemRoot\system32\DRIVERS\usbohci.sys??????f??|?????????e??????V??|???????????d???????$???|??Microsoft USB Open Host Controller Miniport Driver????????????????????s?????????????? ???????~??6-21-2006???usbport.inf_amd64_neutral_5a41ca742f7973cc???????|?|?|?|?|?|?|?|??????`??|?????????n????6-21-2006???FwLnk???? ???????n??????????????????????X???????????system32\DRIVERS\usbprint.s
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???s?s??????????????t?????????????????????????????&??s?????????e?????????z??????????????s???Kernel Streaming Thunks???????<??s????????h?????Net????????s?f???u?? A???????????????????????????????????????h??????s???????t???????6???????????????????? ???????n?????s????????????????X?????????????<??s????????h??????????????????????????????????????????????????????s??????????????????????????????????????g????????s???s??ep???????????0??0?????\??s?????????n???? ?p?????system32\DRIVERS\lltdio.sys?????1.00?????????s??system32\DRIVERS\L1C62x64.sys????????????-??????0a???????????s??????0???1????????7??????????? ???????s???????????r????????4????? ????????????????i???????????????????s???????s???0???????s???????????????????????s??? ???????n?????s?????r??????????V????????V?????????????????e?????????????????s?s?s???????????u???????????.??? ?????????????????????s?????????????????????s?????s?????s???????????o??????????????????%SystemRoot%\system32\srvsvc.dll?????????????t??????1.00?????????????!???e??????????Boot Bus Extender??????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???s?f???u?? A???????????????????????????????????????h??????s???????t???????6???????????????????? ???????n?????s????????????????X?????????????<??s????????h??????????????????????????????????????????????????????s??????????????????????????????????????g????????s???s??ep???????????0??0?????\??s?????????n???? ?p?????system32\DRIVERS\lltdio.sys?????1.00?????????s??system32\DRIVERS\L1C62x64.sys????????????-??????0a???????????s??????0???1????????7??????????? ???????s???????????r????????4????? ????????????????i???????????????????s???????s???0???????s???????????????????????s??? ???????n?????s?????r??????????V????????V?????????????????e?????????????????s?s?s???????????u???????????.??? ?????????????????????s?????????????????????s?????s?????s???????????o??????????????????%SystemRoot%\system32\srvsvc.dll?????????????t??????1.00?????????????!???e??????????Boot Bus Extender???????? ?????????????s???????0?????????????????????????????????8??p????????s??? ???????s???????????s????????&????? ??????????????????????????????e????? ?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???o?s????6??n????????h?????FSFilter Virtualization?????CD-ROM Driver???Root\SYSTEM\0000??????R??????????????d????^??t?????????e?????????????????????????????B??????? ??????? ???????$??????????????????????????0???1????????????r?t?t???????T???????5???????n?????????e?????????t???????????v???t??? ?????????????n??????????????????????????????s??????????n??????????????? ???????n?????b???????????????????????????????n????? ???????n?????n?????????? ????????????????????n????? ???????n???????????n??????????????????s???????`?????????s????????n????? ???????n??????????????????????????????????? ???????n?????n???????,????????????????????????????????? ???????n?????n?????????? ????????????????????n???n?????n??????????????? ???????n???????????n??????????????????s???????`?????????s?????? ???????n?????n?????????? "?????????????????? ???????n?????n???????,??????????????????????t?????? ???????n?????n?????????? ??????????????l?????n????? ???????n?????n????????????????????????t???????????? ???????n????????????????4????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???g?s?????f???f????{00000000-0000-0000-ffff-ffffffffffff}????????N??f???p?????D?2???????????0?????sLS????X??f???a???4???n?n?n????N??f??? ?????D?-?????f???f??????N??f????????D??.???????[??????s???{00000000-0000-0000-ffff-ffffffffffff}?000???????[???????6??{4d36e96f-e325-11ce-bfc1-08002be10318}\0000?42??? v???????????????????X??????????/??? ???????f?????????????-?????????????????f??? ???????f?????f???????0??L????????? ????????????f??? ???????f?????f???????-??????????????????????N??f??????????????*SYN1900?*SYN0002?*PNP0F13??19??? ???i?????????0??????X?????????????????????ACPI\ThermalZone?*ThermalZone???????{4d36e96f-e325-11ce-bfc1-08002be10318}?-bf?????? ????????????????????f??????????????? ???h???l???????&???????f???:???:????X??????????????????????????6??{4d36e97d-e325-11ce-bfc1-08002be10318}?6??????X??g??????????Volume?tap???f?fr???Volume???????????????8???????????????i???0?????????n08?????????????g???g????NDIS?????????[??????????? .??f?????????;?????????;???w???e???????????-???????-??? ???i???&?????942??Com
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???s?????????????????????s?????s?????s???????????o??????????????????%SystemRoot%\system32\srvsvc.dll?????????????t??????1.00?????????????!???e??????????Boot Bus Extender???????? ?????????????s???????0?????????????????????????????????8??p????????s??? ???????s???????????s????????&????? ??????????????????????????????e????? ???????n?????s?? ??s????????$?????????c????????s?????????e????@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193??????????????????????????s?????????s????????h????? "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe "?????????????????t??????s?????s?????? ????????????????s?????????n????@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192????????s???+??????? ???s??????????????LocalSystem??????????????????????????????????+???+???s???????s??????????????????SeTcbPrivilege?SeAssignPrimaryTokenPrivilege?SeTakeOwnershipPrivilege?SeBackupPrivilege?SeR
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???s?????????s???????4???????????????n??????????????????????????????????????????????????t????????h???y???v?????s??????t??????|????????`????????????e?????l?s?s?s?s?s?s???????z??????ll??? ???????n???????????s??????????^?????????????^??s?????????e????@%SystemRoot%\system32\drivers\irenum.sys,-100????????????????????????????8??s????????h?????system32\drivers\irenum.sys??????????????+???+????????????????????^??s?????????n????@%SystemRoot%\system32\drivers\irenum.sys,-101???????s?s?s?s?s?s????? ???????n???????????s??????????V???????????@%systemroot%\system32\drivers\luafv.sys,-100???Mouse Class Driver??????????s???Extended base???????????????????????????????????????t?????????????????????????????????????????P??s????????h?????\SystemRoot\system32\DRIVERS\lsi_fc.sys?????????g???? ???????n?????s?????s??????????R???????????????????????t?????????????????????????????????????????R??s????????h?????\SystemRoot\system32\DRIVERS\msiscsi.sys?????? "??s?????????e????iScsiPort Driver??????R??s???????????d??iscsi.inf_amd64_neutral

---- EOF - GMER 1.0.15 ----

wrathall · 2011/02/09

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Dana at 11:27:05.93 on 09/02/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3964.2682 [GMT -4:00]

AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\windows\System32\alg.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\Dana\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshiba.ca/welcome
uWindow Title = Presented by TOSHIBA Leading Innovation >>>
uDefault_Page_URL = hxxp://www.toshiba.ca/welcome
mDefault_Page_URL = hxxp://www.toshiba.ca/welcome
mStart Page = hxxp://www.toshiba.ca/welcome
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office10\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [(Default)]
mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
mRun-x64: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
mRun-x64: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\rs5l3j0b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cbc.ca/ns/|http://www.sympatico.ca/
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1108000.005\symds64.sys [2010-9-24 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1108000.005\symefa64.sys [2010-9-24 221232]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2011-1-18 953904]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1108000.005\cchpx64.sys [2010-9-24 615040]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110208.003\IDSviA64.sys [2011-2-9 476792]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1108000.005\ironx64.sys [2010-9-24 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NISx64\1108000.005\symtdiv.sys [2010-9-24 451120]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [2010-9-24 126392]
R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe [2010-8-6 16680]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-8-6 132656]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-4-30 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-4-30 35008]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-3 136176]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-6 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-30 232992]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-4-30 51512]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2011-02-09 12:48:30 -------- d-----w- C:\Users\Dana\AppData\Local\{51EBABA5-680D-4821-990E-670DAEC2A984}
2011-02-08 20:30:42 -------- d-----w- C:\perflogs
2011-02-08 20:19:54 -------- d-----w- C:\Users\Dana\AppData\Local\{A1B73B6F-3D5C-4D8C-ACC2-0F57407C9AD1}
2011-02-08 01:01:48 -------- d-----w- C:\Users\Dana\AppData\Local\{D9C67204-BE65-441D-9A11-B72B40323B7A}
2011-02-07 13:01:24 -------- d-----w- C:\Users\Dana\AppData\Local\{ACF7902A-F22F-4CA5-A886-6931F8355C25}
2011-02-06 19:21:04 -------- d-----w- C:\Users\Dana\AppData\Local\{13EEDDD7-909B-41D3-B819-03BE0BD48235}
2011-02-05 12:22:01 -------- d-----w- C:\Users\Dana\AppData\Local\{B2E07866-9D7E-45D4-BCC7-0D9DCE1F7ABE}
2011-02-05 00:21:49 -------- d-----w- C:\Users\Dana\AppData\Local\{EF945E49-3F7C-4AB3-8E74-D83E5B8F3E98}
2011-02-04 11:50:30 -------- d-----w- C:\Users\Dana\AppData\Local\{70194821-CCDF-453F-B7F5-79E33B644D9E}
2011-02-03 20:06:43 -------- d-----w- C:\Users\Dana\AppData\Local\{52073581-3788-45B0-9884-251B3B93EC15}
2011-02-02 18:58:14 -------- d-----w- C:\Users\Dana\AppData\Local\{539222D7-B437-462F-BE7A-1F537E8A0787}
2011-02-01 15:08:25 -------- d-----w- C:\Users\Dana\AppData\Local\{D896CCB6-576B-451D-8F52-BE9E1FBD2551}
2011-01-31 15:08:05 -------- d-----w- C:\Users\Dana\AppData\Local\{2EC0588C-6E62-43B0-8CEC-BB58B00FA1CC}
2011-01-30 00:24:26 -------- d-----w- C:\Users\Dana\AppData\Local\{C45DDDBB-D9F3-4110-BAE7-9B316A9DAD5D}
2011-01-29 04:08:31 -------- d-----w- C:\Users\Dana\AppData\Local\{6ACAD9A5-80DE-4E87-853F-E50D8D375D0C}
2011-01-28 12:15:10 -------- d-----w- C:\Users\Dana\AppData\Local\{CA2071C4-EA05-4CDE-9705-A8E2DA795DA2}
2011-01-27 20:04:03 -------- d-----w- C:\Users\Dana\AppData\Local\{52233E07-83A7-4E34-BA98-AA9A156655AA}
2011-01-27 13:35:48 -------- d-----w- C:\Users\Dana\AppData\Local\{F45FD812-12F4-4546-9FD8-24192828DDDC}
2011-01-27 11:40:37 -------- d-----w- C:\Users\Dana\AppData\Roaming\Malwarebytes
2011-01-27 11:40:27 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-27 11:40:26 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-27 11:40:23 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-01-27 11:40:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-26 12:20:10 -------- d-----w- C:\Users\Dana\AppData\Local\{E44875D1-24D0-40D9-8AF9-29DEC917DED3}
2011-01-24 16:23:01 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-3\Microsoft.MediaCenter.Sports.UI.dll
2011-01-24 15:09:38 48648 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-01-24 14:07:11 -------- d-----w- C:\Users\Dana\AppData\Local\{C1191CFB-1DAD-4830-AEB4-82E6B2577786}
2011-01-23 12:43:12 -------- d-----w- C:\Users\Dana\AppData\Local\{B6EEDFA5-AF3C-4228-AD4F-8C0C598BD58A}
2011-01-22 14:49:19 -------- d-----w- C:\Users\Dana\AppData\Local\{973B2748-693A-440F-8D42-5D8B6AAFF3E3}
2011-01-21 13:50:17 -------- d-----w- C:\Users\Dana\AppData\Local\{BDB135B7-D576-4227-A55B-C2B5ABA34E5E}
2011-01-20 17:41:16 -------- d-----w- C:\Users\Dana\AppData\Local\{C2FAD3D7-FC4A-4951-B9BB-1528D6AF0B2C}
2011-01-17 13:27:54 -------- d-----w- C:\Users\Dana\AppData\Local\{0DBF3334-640A-4EC4-9057-A0C962200154}
2011-01-16 12:57:21 -------- d-----w- C:\Users\Dana\AppData\Local\{F2081396-3ABD-4135-AF8E-840965ECBA42}
2011-01-15 15:24:13 -------- d-----w- C:\Users\Dana\AppData\Local\{717B771E-8FDC-438E-9D46-D813A3AB34C3}
2011-01-14 11:56:17 -------- d-----w- C:\Users\Dana\AppData\Local\{F77F34CF-9302-43BE-9A01-0D73813254D2}
2011-01-13 12:58:15 -------- d-----w- C:\Users\Dana\AppData\Local\{42582494-5774-438E-96EE-71F5A6E953EF}

==================== Find3M ====================

============= FINISH: 11:27:39.13 ===============

wrathall · 2011/02/09

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 07/08/2010 12:56:44 AM
System Uptime: 09/02/2011 10:44:07 AM (1 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | CPU | 2300/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 436 GiB total, 364.824 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P1505n
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: Hewlett-Packard
Name: HP LaserJet P1505n
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

==== System Restore Points ===================

RP34: 06/01/2011 7:40:57 PM - Windows Live Essentials
RP35: 06/01/2011 7:41:45 PM - Windows Update
RP36: 06/01/2011 7:42:16 PM - Windows Update
RP37: 06/01/2011 7:43:16 PM - Installed DirectX
RP38: 06/01/2011 7:43:42 PM - Installed DirectX
RP39: 06/01/2011 7:44:37 PM - WLSetup
RP40: 07/01/2011 12:21:26 PM - Windows Update
RP41: 07/01/2011 1:29:05 PM - Windows Update
RP42: 07/01/2011 4:49:46 PM - Installed BlackBerry Desktop Software.
RP43: 07/01/2011 8:22:54 PM - Installed BlackBerry App World Browser Plugin
RP44: 10/01/2011 8:11:53 AM - Windows Update
RP45: 12/01/2011 8:03:19 AM - Windows Update
RP46: 13/01/2011 8:58:07 AM - Windows Update
RP47: 22/01/2011 10:04:25 AM - Windows Update
RP48: 26/01/2011 8:25:48 AM - Removed Microsoft Silverlight

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
Bejeweled 2 Deluxe
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.0.1
BufferChm
C3100
c3100_Help
Chuzzle Deluxe
Compatibility Pack for the 2007 Office system
Copy
D3DX10
Destinations
DeviceDiscovery
DocProc
Escape Rosecliff Island
FATE - The Traitor Soul
Fax
Google Update Helper
GPBaseService2
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 21
Jewel Quest 3
Junk Mail filter update
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.13)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Connector/ODBC 3.51
Norton Internet Security
Penguins!
Polar Bowler
Realtek USB 2.0 Card Reader
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Simply Accounting by Sage 2009
SmartWebPrinting
SolutionCenter
Status
Toolbox
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TrayApp
UnloadSupport
Virtual Families
Virtual Villagers - The Secret City
WebReg
WildTangent Games
WildTangent ORB Game Console
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge

==== Event Viewer Messages From Past Week ========

09/02/2011 9:54:17 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.102, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
09/02/2011 11:24:57 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.101, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
09/02/2011 11:01:56 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
09/02/2011 10:37:36 AM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
09/02/2011 10:16:35 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 169.254.191.33, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
08/02/2011 7:47:16 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
08/02/2011 7:29:26 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.100 with the system having network hardware address FC-0F-E6-07-3C-37. Network operations on this system may be disrupted as a result.
08/02/2011 6:58:39 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.103, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
08/02/2011 6:41:17 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.100, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
08/02/2011 5:59:59 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
08/02/2011 5:58:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
07/02/2011 9:06:23 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR6.
07/02/2011 8:13:18 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9.
05/02/2011 1:58:32 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
05/02/2011 1:13:42 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.100, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
03/02/2011 9:01:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
03/02/2011 4:06:04 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR17.
02/02/2011 9:07:59 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR11.
02/02/2011 4:31:38 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.104, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
02/02/2011 2:57:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

==== End Of File ===========================

wrathall · 2011/02/09

Oops! I already had these done but forgot to post. Thanks!

broni · 2011/02/09

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.

Click the Report tab, then click Scan.

Check Drivers, Stealth, and uncheck the rest.

Click OK.

Wait until it's finished and then go to File > Save Report.

Save the report to your Desktop.

Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".

wrathall · 2011/02/09

Nope! When I click it tells me "Error Loading Driver NTSTATUS Code 0xC000036B.

I also tried downloading the zip file instead but it tells me the same thing

Thanks

broni · 2011/02/09

Ooops, my fault. It won't run on 64-bit.

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

wrathall · 2011/02/09

2011/02/09 16:33:21.0442 4652 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/09 16:33:23.0445 4652 ================================================================================
2011/02/09 16:33:23.0445 4652 SystemInfo:
2011/02/09 16:33:23.0445 4652
2011/02/09 16:33:23.0446 4652 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/09 16:33:23.0446 4652 Product type: Workstation
2011/02/09 16:33:23.0446 4652 ComputerName: DANA-PC
2011/02/09 16:33:23.0446 4652 UserName: Dana
2011/02/09 16:33:23.0446 4652 Windows directory: C:\windows
2011/02/09 16:33:23.0446 4652 System windows directory: C:\windows
2011/02/09 16:33:23.0446 4652 Running under WOW64
2011/02/09 16:33:23.0446 4652 Processor architecture: Intel x64
2011/02/09 16:33:23.0446 4652 Number of processors: 2
2011/02/09 16:33:23.0446 4652 Page size: 0x1000
2011/02/09 16:33:23.0446 4652 Boot type: Normal boot
2011/02/09 16:33:23.0446 4652 ================================================================================
2011/02/09 16:33:24.0040 4652 Initialize success
2011/02/09 16:33:29.0267 5292 ================================================================================
2011/02/09 16:33:29.0267 5292 Scan started
2011/02/09 16:33:29.0267 5292 Mode: Manual;
2011/02/09 16:33:29.0267 5292 ================================================================================
2011/02/09 16:33:29.0678 5292 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
2011/02/09 16:33:29.0714 5292 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
2011/02/09 16:33:29.0756 5292 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
2011/02/09 16:33:29.0915 5292 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
2011/02/09 16:33:30.0033 5292 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
2011/02/09 16:33:30.0124 5292 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
2011/02/09 16:33:30.0237 5292 AFD (b9384e03479d2506bc924c16a3db87bc) C:\windows\system32\drivers\afd.sys
2011/02/09 16:33:30.0337 5292 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
2011/02/09 16:33:30.0388 5292 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
2011/02/09 16:33:30.0409 5292 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
2011/02/09 16:33:30.0458 5292 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
2011/02/09 16:33:30.0550 5292 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
2011/02/09 16:33:30.0579 5292 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys
2011/02/09 16:33:30.0614 5292 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
2011/02/09 16:33:30.0704 5292 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys
2011/02/09 16:33:30.0760 5292 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
2011/02/09 16:33:30.0863 5292 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
2011/02/09 16:33:30.0931 5292 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
2011/02/09 16:33:30.0973 5292 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
2011/02/09 16:33:31.0053 5292 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
2011/02/09 16:33:31.0135 5292 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys
2011/02/09 16:33:31.0311 5292 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
2011/02/09 16:33:31.0413 5292 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
2011/02/09 16:33:31.0513 5292 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
2011/02/09 16:33:31.0715 5292 BHDrvx64 (446b2c459a7d11cd71350235d6977e2a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110114.001\BHDrvx64.sys
2011/02/09 16:33:31.0830 5292 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
2011/02/09 16:33:31.0914 5292 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\windows\system32\DRIVERS\bowser.sys
2011/02/09 16:33:31.0990 5292 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/02/09 16:33:32.0021 5292 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/02/09 16:33:32.0059 5292 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
2011/02/09 16:33:32.0141 5292 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
2011/02/09 16:33:32.0200 5292 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/02/09 16:33:32.0221 5292 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
2011/02/09 16:33:32.0253 5292 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
2011/02/09 16:33:32.0410 5292 ccHP (da66e851e76766d2c84502fe682ab175) C:\windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys
2011/02/09 16:33:32.0504 5292 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
2011/02/09 16:33:32.0539 5292 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
2011/02/09 16:33:32.0661 5292 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
2011/02/09 16:33:32.0722 5292 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
2011/02/09 16:33:32.0870 5292 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
2011/02/09 16:33:33.0052 5292 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
2011/02/09 16:33:33.0114 5292 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
2011/02/09 16:33:33.0217 5292 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\windows\system32\drivers\CHDRT64.sys
2011/02/09 16:33:33.0316 5292 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
2011/02/09 16:33:33.0348 5292 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/02/09 16:33:33.0454 5292 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
2011/02/09 16:33:33.0623 5292 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\windows\system32\Drivers\dfsc.sys
2011/02/09 16:33:33.0673 5292 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
2011/02/09 16:33:33.0773 5292 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
2011/02/09 16:33:33.0848 5292 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys
2011/02/09 16:33:33.0953 5292 Dot4Print (85135ad27e79b689335c08167d917cde) C:\windows\system32\DRIVERS\Dot4Prt.sys
2011/02/09 16:33:34.0019 5292 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys
2011/02/09 16:33:34.0106 5292 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
2011/02/09 16:33:34.0179 5292 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\windows\System32\drivers\dxgkrnl.sys
2011/02/09 16:33:34.0320 5292 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
2011/02/09 16:33:34.0481 5292 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/02/09 16:33:34.0606 5292 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
2011/02/09 16:33:34.0688 5292 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/02/09 16:33:34.0759 5292 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
2011/02/09 16:33:34.0824 5292 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
2011/02/09 16:33:34.0863 5292 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
2011/02/09 16:33:34.0972 5292 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
2011/02/09 16:33:35.0023 5292 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
2011/02/09 16:33:35.0054 5292 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
2011/02/09 16:33:35.0127 5292 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
2011/02/09 16:33:35.0166 5292 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
2011/02/09 16:33:35.0202 5292 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
2011/02/09 16:33:35.0258 5292 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
2011/02/09 16:33:35.0332 5292 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
2011/02/09 16:33:35.0410 5292 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
2011/02/09 16:33:35.0500 5292 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
2011/02/09 16:33:35.0547 5292 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/02/09 16:33:35.0650 5292 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
2011/02/09 16:33:35.0706 5292 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
2011/02/09 16:33:35.0751 5292 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/02/09 16:33:35.0792 5292 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
2011/02/09 16:33:35.0812 5292 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
2011/02/09 16:33:35.0843 5292 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
2011/02/09 16:33:35.0902 5292 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
2011/02/09 16:33:36.0013 5292 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/02/09 16:33:36.0077 5292 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
2011/02/09 16:33:36.0148 5292 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
2011/02/09 16:33:36.0213 5292 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
2011/02/09 16:33:36.0309 5292 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\windows\system32\DRIVERS\iaStor.sys
2011/02/09 16:33:36.0403 5292 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys
2011/02/09 16:33:36.0579 5292 IDSVia64 (6f9b281bc4afff5fe784d7da699d347f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110208.003\IDSvia64.sys
2011/02/09 16:33:36.0871 5292 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys
2011/02/09 16:33:37.0170 5292 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
2011/02/09 16:33:37.0200 5292 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
2011/02/09 16:33:37.0232 5292 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
2011/02/09 16:33:37.0256 5292 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/02/09 16:33:37.0288 5292 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/02/09 16:33:37.0314 5292 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
2011/02/09 16:33:37.0399 5292 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
2011/02/09 16:33:37.0421 5292 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
2011/02/09 16:33:37.0452 5292 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
2011/02/09 16:33:37.0541 5292 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
2011/02/09 16:33:37.0579 5292 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
2011/02/09 16:33:37.0615 5292 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
2011/02/09 16:33:37.0697 5292 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
2011/02/09 16:33:37.0743 5292 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
2011/02/09 16:33:37.0852 5292 L1C (48686c29856f46443952a831424f8d6f) C:\windows\system32\DRIVERS\L1C62x64.sys
2011/02/09 16:33:37.0977 5292 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
2011/02/09 16:33:38.0034 5292 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/02/09 16:33:38.0064 5292 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/02/09 16:33:38.0133 5292 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/02/09 16:33:38.0168 5292 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/02/09 16:33:38.0196 5292 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
2011/02/09 16:33:38.0226 5292 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
2011/02/09 16:33:38.0314 5292 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
2011/02/09 16:33:38.0358 5292 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
2011/02/09 16:33:38.0394 5292 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
2011/02/09 16:33:38.0476 5292 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
2011/02/09 16:33:38.0512 5292 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
2011/02/09 16:33:38.0602 5292 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
2011/02/09 16:33:38.0643 5292 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
2011/02/09 16:33:38.0691 5292 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
2011/02/09 16:33:38.0763 5292 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
2011/02/09 16:33:38.0810 5292 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/02/09 16:33:38.0846 5292 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/02/09 16:33:38.0929 5292 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/02/09 16:33:38.0971 5292 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
2011/02/09 16:33:39.0024 5292 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
2011/02/09 16:33:39.0074 5292 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
2011/02/09 16:33:39.0136 5292 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
2011/02/09 16:33:39.0204 5292 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
2011/02/09 16:33:39.0307 5292 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
2011/02/09 16:33:39.0331 5292 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
2011/02/09 16:33:39.0351 5292 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
2011/02/09 16:33:39.0386 5292 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
2011/02/09 16:33:39.0481 5292 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
2011/02/09 16:33:39.0517 5292 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
2011/02/09 16:33:39.0532 5292 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
2011/02/09 16:33:39.0568 5292 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
2011/02/09 16:33:39.0671 5292 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
2011/02/09 16:33:39.0845 5292 NAVENG (7be93dbb02b66e72872ff76d8a92e662) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110209.002\ENG64.SYS
2011/02/09 16:33:40.0058 5292 NAVEX15 (be99edbba322ca59b3f2fe17b9bf987a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110209.002\EX64.SYS
2011/02/09 16:33:40.0184 5292 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
2011/02/09 16:33:40.0278 5292 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
2011/02/09 16:33:40.0310 5292 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
2011/02/09 16:33:40.0338 5292 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
2011/02/09 16:33:40.0413 5292 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
2011/02/09 16:33:40.0440 5292 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
2011/02/09 16:33:40.0552 5292 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
2011/02/09 16:33:40.0579 5292 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
2011/02/09 16:33:40.0695 5292 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
2011/02/09 16:33:40.0856 5292 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
2011/02/09 16:33:40.0962 5292 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
2011/02/09 16:33:41.0041 5292 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys
2011/02/09 16:33:41.0158 5292 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
2011/02/09 16:33:41.0205 5292 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys
2011/02/09 16:33:41.0264 5292 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys
2011/02/09 16:33:41.0334 5292 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
2011/02/09 16:33:41.0371 5292 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
2011/02/09 16:33:41.0410 5292 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
2011/02/09 16:33:41.0449 5292 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
2011/02/09 16:33:41.0529 5292 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
2011/02/09 16:33:41.0562 5292 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
2011/02/09 16:33:41.0601 5292 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
2011/02/09 16:33:41.0666 5292 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
2011/02/09 16:33:41.0710 5292 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
2011/02/09 16:33:41.0831 5292 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
2011/02/09 16:33:41.0964 5292 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
2011/02/09 16:33:41.0992 5292 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
2011/02/09 16:33:42.0047 5292 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
2011/02/09 16:33:42.0173 5292 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
2011/02/09 16:33:42.0294 5292 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
2011/02/09 16:33:42.0332 5292 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
2011/02/09 16:33:42.0363 5292 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
2011/02/09 16:33:42.0458 5292 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/02/09 16:33:42.0498 5292 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/02/09 16:33:42.0588 5292 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
2011/02/09 16:33:42.0613 5292 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
2011/02/09 16:33:42.0646 5292 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
2011/02/09 16:33:42.0678 5292 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
2011/02/09 16:33:42.0733 5292 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/02/09 16:33:42.0767 5292 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
2011/02/09 16:33:42.0791 5292 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
2011/02/09 16:33:42.0812 5292 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
2011/02/09 16:33:42.0858 5292 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
2011/02/09 16:33:42.0968 5292 RimUsb (71700b4c5797da5412e9250e26894586) C:\windows\system32\Drivers\RimUsb_AMD64.sys
2011/02/09 16:33:43.0011 5292 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/02/09 16:33:43.0089 5292 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys
2011/02/09 16:33:43.0151 5292 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
2011/02/09 16:33:43.0206 5292 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys
2011/02/09 16:33:43.0298 5292 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/02/09 16:33:43.0329 5292 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/02/09 16:33:43.0409 5292 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
2011/02/09 16:33:43.0445 5292 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
2011/02/09 16:33:43.0509 5292 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
2011/02/09 16:33:43.0621 5292 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
2011/02/09 16:33:43.0658 5292 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
2011/02/09 16:33:43.0676 5292 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
2011/02/09 16:33:43.0717 5292 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
2011/02/09 16:33:43.0736 5292 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/02/09 16:33:43.0756 5292 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/02/09 16:33:43.0774 5292 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
2011/02/09 16:33:43.0891 5292 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/02/09 16:33:43.0914 5292 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
2011/02/09 16:33:43.0943 5292 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
2011/02/09 16:33:44.0043 5292 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
2011/02/09 16:33:44.0185 5292 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\windows\System32\Drivers\NISx64\1108000.005\SRTSP64.SYS
2011/02/09 16:33:44.0328 5292 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\windows\system32\drivers\NISx64\1108000.005\SRTSPX64.SYS
2011/02/09 16:33:44.0436 5292 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\windows\system32\DRIVERS\srv.sys
2011/02/09 16:33:44.0550 5292 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\windows\system32\DRIVERS\srv2.sys
2011/02/09 16:33:44.0585 5292 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\windows\system32\DRIVERS\srvnet.sys
2011/02/09 16:33:44.0684 5292 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
2011/02/09 16:33:44.0719 5292 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
2011/02/09 16:33:44.0821 5292 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS
2011/02/09 16:33:44.0983 5292 SymEFA (42c952d131eff724a9959bb6d78c1b63) C:\windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS
2011/02/09 16:33:45.0070 5292 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2011/02/09 16:33:45.0155 5292 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS
2011/02/09 16:33:45.0347 5292 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) C:\windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS
2011/02/09 16:33:45.0453 5292 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
2011/02/09 16:33:45.0567 5292 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\drivers\tcpip.sys
2011/02/09 16:33:45.0725 5292 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\DRIVERS\tcpip.sys
2011/02/09 16:33:45.0826 5292 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
2011/02/09 16:33:45.0886 5292 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/02/09 16:33:45.0966 5292 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
2011/02/09 16:33:45.0998 5292 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
2011/02/09 16:33:46.0028 5292 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
2011/02/09 16:33:46.0053 5292 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
2011/02/09 16:33:46.0198 5292 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/02/09 16:33:46.0241 5292 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
2011/02/09 16:33:46.0341 5292 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/02/09 16:33:46.0384 5292 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
2011/02/09 16:33:46.0471 5292 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
2011/02/09 16:33:46.0520 5292 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/02/09 16:33:46.0570 5292 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
2011/02/09 16:33:46.0638 5292 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
2011/02/09 16:33:46.0682 5292 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys
2011/02/09 16:33:46.0712 5292 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
2011/02/09 16:33:46.0739 5292 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\windows\system32\DRIVERS\usbehci.sys
2011/02/09 16:33:46.0816 5292 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\windows\system32\DRIVERS\usbhub.sys
2011/02/09 16:33:46.0858 5292 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys
2011/02/09 16:33:46.0909 5292 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
2011/02/09 16:33:46.0973 5292 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
2011/02/09 16:33:47.0018 5292 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/02/09 16:33:47.0088 5292 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
2011/02/09 16:33:47.0161 5292 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
2011/02/09 16:33:47.0259 5292 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/02/09 16:33:47.0304 5292 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
2011/02/09 16:33:47.0331 5292 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
2011/02/09 16:33:47.0362 5292 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
2011/02/09 16:33:47.0431 5292 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
2011/02/09 16:33:47.0461 5292 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
2011/02/09 16:33:47.0492 5292 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
2011/02/09 16:33:47.0532 5292 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
2011/02/09 16:33:47.0611 5292 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
2011/02/09 16:33:47.0656 5292 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
2011/02/09 16:33:47.0742 5292 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
2011/02/09 16:33:47.0788 5292 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
2011/02/09 16:33:47.0878 5292 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
2011/02/09 16:33:47.0925 5292 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2011/02/09 16:33:47.0939 5292 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2011/02/09 16:33:48.0059 5292 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
2011/02/09 16:33:48.0114 5292 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
2011/02/09 16:33:48.0254 5292 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
2011/02/09 16:33:48.0279 5292 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
2011/02/09 16:33:48.0423 5292 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/02/09 16:33:48.0495 5292 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
2011/02/09 16:33:48.0589 5292 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
2011/02/09 16:33:48.0618 5292 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/02/09 16:33:48.0698 5292 ================================================================================
2011/02/09 16:33:48.0698 5292 Scan finished
2011/02/09 16:33:48.0698 5292 ================================================================================

No infected files found!

Thanks so far.

broni · 2011/02/09

Good

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

wrathall · 2011/02/10

ComboFix 11-02-09.05 - Dana 10/02/2011 18:09:26.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3964.2712 [GMT -4:00]
Running from: c:\users\Dana\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Install.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-10 to 2011-02-10 )))))))))))))))))))))))))))))))
.

2011-02-10 22:13 . 2011-02-10 22:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-10 20:13 . 2011-02-10 20:13 -------- d-----w- c:\users\Dana\AppData\Local\Adobe
2011-02-10 19:55 . 2011-02-10 19:55 -------- d-----w- c:\users\Dana\AppData\Local\{4BA51944-ECCD-42A3-BBEF-187BC2354CC3}
2011-02-10 00:48 . 2011-02-10 00:49 -------- d-----w- c:\users\Dana\AppData\Local\{E66EF105-5781-4CFD-92DE-FB1C118522FE}
2011-02-09 20:15 . 2011-02-09 20:17 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2011-02-09 12:48 . 2011-02-09 12:48 -------- d-----w- c:\users\Dana\AppData\Local\{51EBABA5-680D-4821-990E-670DAEC2A984}
2011-02-09 12:32 . 2010-12-21 06:15 264192 ----a-w- c:\windows\system32\upnp.dll
2011-02-08 20:30 . 2011-02-08 20:30 -------- d-----w- C:\perflogs
2011-02-08 20:19 . 2011-02-08 20:20 -------- d-----w- c:\users\Dana\AppData\Local\{A1B73B6F-3D5C-4D8C-ACC2-0F57407C9AD1}
2011-02-08 01:01 . 2011-02-08 01:02 -------- d-----w- c:\users\Dana\AppData\Local\{D9C67204-BE65-441D-9A11-B72B40323B7A}
2011-02-07 13:01 . 2011-02-07 13:01 -------- d-----w- c:\users\Dana\AppData\Local\{ACF7902A-F22F-4CA5-A886-6931F8355C25}
2011-02-06 19:21 . 2011-02-06 19:21 -------- d-----w- c:\users\Dana\AppData\Local\{13EEDDD7-909B-41D3-B819-03BE0BD48235}
2011-02-05 12:22 . 2011-02-05 12:22 -------- d-----w- c:\users\Dana\AppData\Local\{B2E07866-9D7E-45D4-BCC7-0D9DCE1F7ABE}
2011-02-05 00:21 . 2011-02-05 00:22 -------- d-----w- c:\users\Dana\AppData\Local\{EF945E49-3F7C-4AB3-8E74-D83E5B8F3E98}
2011-02-04 11:50 . 2011-02-04 11:50 -------- d-----w- c:\users\Dana\AppData\Local\{70194821-CCDF-453F-B7F5-79E33B644D9E}
2011-02-03 20:06 . 2011-02-03 20:06 -------- d-----w- c:\users\Dana\AppData\Local\{52073581-3788-45B0-9884-251B3B93EC15}
2011-02-02 18:58 . 2011-02-02 18:58 -------- d-----w- c:\users\Dana\AppData\Local\{539222D7-B437-462F-BE7A-1F537E8A0787}
2011-02-01 15:08 . 2011-02-01 15:08 -------- d-----w- c:\users\Dana\AppData\Local\{D896CCB6-576B-451D-8F52-BE9E1FBD2551}
2011-01-31 15:08 . 2011-01-31 15:08 -------- d-----w- c:\users\Dana\AppData\Local\{2EC0588C-6E62-43B0-8CEC-BB58B00FA1CC}
2011-01-30 00:24 . 2011-01-30 00:24 -------- d-----w- c:\users\Dana\AppData\Local\{C45DDDBB-D9F3-4110-BAE7-9B316A9DAD5D}
2011-01-29 04:08 . 2011-01-29 04:08 -------- d-----w- c:\users\Dana\AppData\Local\{6ACAD9A5-80DE-4E87-853F-E50D8D375D0C}
2011-01-28 12:15 . 2011-01-28 12:15 -------- d-----w- c:\users\Dana\AppData\Local\{CA2071C4-EA05-4CDE-9705-A8E2DA795DA2}
2011-01-27 20:04 . 2011-01-27 20:04 -------- d-----w- c:\users\Dana\AppData\Local\{52233E07-83A7-4E34-BA98-AA9A156655AA}
2011-01-27 13:35 . 2011-01-27 13:35 -------- d-----w- c:\users\Dana\AppData\Local\{F45FD812-12F4-4546-9FD8-24192828DDDC}
2011-01-27 11:40 . 2011-01-27 11:40 -------- d-----w- c:\users\Dana\AppData\Roaming\Malwarebytes
2011-01-27 11:40 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-27 11:40 . 2011-01-27 11:40 -------- d-----w- c:\programdata\Malwarebytes
2011-01-27 11:40 . 2011-01-27 11:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-27 11:40 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-26 12:20 . 2011-01-26 12:20 -------- d-----w- c:\users\Dana\AppData\Local\{E44875D1-24D0-40D9-8AF9-29DEC917DED3}
2011-01-24 16:23 . 2011-01-24 16:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-3\Microsoft.MediaCenter.Sports.UI.dll
2011-01-24 15:09 . 2011-01-24 15:09 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-01-24 14:07 . 2011-01-25 12:42 -------- d-----w- c:\users\Dana\AppData\Local\{C1191CFB-1DAD-4830-AEB4-82E6B2577786}
2011-01-23 12:43 . 2011-01-23 12:43 -------- d-----w- c:\users\Dana\AppData\Local\{B6EEDFA5-AF3C-4228-AD4F-8C0C598BD58A}
2011-01-22 14:49 . 2011-01-22 14:49 -------- d-----w- c:\users\Dana\AppData\Local\{973B2748-693A-440F-8D42-5D8B6AAFF3E3}
2011-01-21 13:50 . 2011-01-21 13:50 -------- d-----w- c:\users\Dana\AppData\Local\{BDB135B7-D576-4227-A55B-C2B5ABA34E5E}
2011-01-20 17:41 . 2011-01-20 17:41 -------- d-----w- c:\users\Dana\AppData\Local\{C2FAD3D7-FC4A-4951-B9BB-1528D6AF0B2C}
2011-01-17 13:27 . 2011-01-17 13:28 -------- d-----w- c:\users\Dana\AppData\Local\{0DBF3334-640A-4EC4-9057-A0C962200154}
2011-01-16 12:57 . 2011-01-19 12:56 -------- d-----w- c:\users\Dana\AppData\Local\{F2081396-3ABD-4135-AF8E-840965ECBA42}
2011-01-15 15:24 . 2011-01-15 15:26 -------- d-----w- c:\users\Dana\AppData\Local\{717B771E-8FDC-438E-9D46-D813A3AB34C3}
2011-01-14 11:56 . 2011-01-14 23:56 -------- d-----w- c:\users\Dana\AppData\Local\{F77F34CF-9302-43BE-9A01-0D73813254D2}
2011-01-13 12:58 . 2011-01-13 12:58 -------- d-----w- c:\users\Dana\AppData\Local\{42582494-5774-438E-96EE-71F5A6E953EF}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-08 20:20 . 2010-11-29 14:46 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-12-10 23:47 . 2010-12-10 23:47 573760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-11-29 14:47 . 2010-11-29 14:47 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-11-29 14:46 . 2010-11-29 14:46 573760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-02-10_20.37.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-08-07 04:00 . 2011-02-10 20:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-07 04:00 . 2011-02-10 22:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-07 04:00 . 2011-02-10 22:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-07 04:00 . 2011-02-10 20:37 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-07 04:00 . 2011-02-10 20:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-07 04:00 . 2011-02-10 22:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-07 04:00 . 2011-02-10 20:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-07 04:00 . 2011-02-10 22:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-07 04:00 . 2011-02-10 20:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-07 04:00 . 2011-02-10 22:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-10 22:14 . 2011-02-10 22:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-10 20:36 . 2011-02-10 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-10 20:36 . 2011-02-10 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-10 22:14 . 2011-02-10 22:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-06 18:15 . 2011-02-10 21:59 430206 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-02-10 22:01 628460 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-02-10 20:12 628460 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-02-10 22:01 110612 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-02-10 20:12 110612 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-02-10 20:35 306416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-02-10 22:13 306416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2011-02-10 20:49 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-02-10 12:11 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher "= "c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Normandy;Normandy SR2; [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-08 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS [2009-08-30 433200]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS [2010-04-22 221232]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2010-11-23 953904]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys [2010-02-26 615040]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110209.001\IDSvia64.sys [2010-11-23 476792]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS [2010-04-29 150064]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS [2010-05-06 451120]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-03 136176]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe [2008-09-19 16680]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-06 132656]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-05 75816]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-03 13:59]

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-03 13:59]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
"cAudioFilterAgent "= "c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio "= "c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosSENotify "= "c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosVolRegulator "= "c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs "=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshiba.ca/welcome
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.toshiba.ca/welcome
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\rs5l3j0b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cbc.ca/ns/|http://www.sympatico.ca/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath "= "\ "c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \ "NIS\" /m \ "c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@= "c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx "
"ThreadingModel "= "Apartment "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.10 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx "
"ThreadingModel "= "Apartment "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker3 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2011-02-10 18:18:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-10 22:18

Pre-Run: 391,672,807,424 bytes free
Post-Run: 391,607,427,072 bytes free

- - End Of File - - 5199AEB1948C8F6124FCCF95F4F103CE

combofix as requested! I had to run it twice, my computer timed out and shut down

broni · 2011/02/10

Not much there...

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

wrathall · 2011/02/11

OTL logfile created on: 2/11/2011 8:05:08 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Dana\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 435.61 Gb Total Space | 364.56 Gb Free Space | 83.69% Space Free | Partition Type: NTFS

Computer Name: DANA-PC | User Name: Dana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/11 08:04:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Dana\Desktop\OTL.exe
PRC - [2011/01/10 11:33:13 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2011/01/10 11:33:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2010/02/22 16:23:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2009/07/28 23:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/09/19 00:00:00 | 000,016,680 | ---- | M] (Sage Software) -- C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe

========== Modules (SafeList) ==========

MOD - [2011/02/11 08:04:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Dana\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 01:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2010/01/28 19:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/12/03 22:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/09/19 00:00:00 | 000,016,680 | ---- | M] (Sage Software) [Auto | Running] -- C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe -- (Simply Accounting Database Connection Manager)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/06 12:00:46 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/06/16 13:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/05/06 00:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 23:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/04 20:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/25 20:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/20 12:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/02/01 13:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/18 20:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/11/06 15:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/29 20:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009/08/07 08:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2011/02/09 16:17:34 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\windows\SysWow64\drivers\Normandy.sys -- (Normandy)
DRV - [2011/01/06 16:09:28 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110210.020\EX64.SYS -- (NAVEX15)
DRV - [2011/01/06 16:09:28 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110210.020\ENG64.SYS -- (NAVENG)
DRV - [2010/11/22 23:47:46 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110210.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/11/22 22:20:07 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110114.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/08/06 12:02:32 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/08/06 12:02:32 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.cbc.ca/ns/|http://www.sympatico.ca/ "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/08/08 13:01:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/08/06 12:00:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/26 21:13:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/01/10 11:33:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/01/10 11:33:16 | 000,000,000 | ---D | M]

[2010/08/06 12:19:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dana\AppData\Roaming\Mozilla\Extensions
[2010/11/02 18:55:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\rs5l3j0b.default\extensions
[2011/01/26 18:56:09 | 000,001,780 | ---- | M] () -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\rs5l3j0b.default\searchplugins\chordie.xml
[2010/09/02 12:03:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/02 12:03:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/26 21:13:34 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/08/08 13:01:23 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/02/11 08:03:38 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Dana\Desktop\OTL.exe
[2011/02/11 07:59:24 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{132562F8-FA33-4504-9464-C7E1BD85B11A}
[2011/02/10 20:20:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/10 18:07:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/02/10 16:16:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/02/10 16:16:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/02/10 16:16:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/02/10 16:16:16 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/02/10 16:14:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/10 15:55:29 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{4BA51944-ECCD-42A3-BBEF-187BC2354CC3}
[2011/02/09 20:48:54 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{E66EF105-5781-4CFD-92DE-FB1C118522FE}
[2011/02/09 08:48:30 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{51EBABA5-680D-4821-990E-670DAEC2A984}
[2011/02/08 16:30:42 | 000,000,000 | ---D | C] -- C:\perflogs
[2011/02/08 16:19:54 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{A1B73B6F-3D5C-4D8C-ACC2-0F57407C9AD1}
[2011/02/07 21:01:48 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{D9C67204-BE65-441D-9A11-B72B40323B7A}
[2011/02/07 09:01:24 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{ACF7902A-F22F-4CA5-A886-6931F8355C25}
[2011/02/06 15:21:04 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{13EEDDD7-909B-41D3-B819-03BE0BD48235}
[2011/02/05 08:22:01 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{B2E07866-9D7E-45D4-BCC7-0D9DCE1F7ABE}
[2011/02/04 20:21:49 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{EF945E49-3F7C-4AB3-8E74-D83E5B8F3E98}
[2011/02/04 07:50:30 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{70194821-CCDF-453F-B7F5-79E33B644D9E}
[2011/02/03 16:06:43 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{52073581-3788-45B0-9884-251B3B93EC15}
[2011/02/02 14:58:14 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{539222D7-B437-462F-BE7A-1F537E8A0787}
[2011/02/01 11:08:25 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{D896CCB6-576B-451D-8F52-BE9E1FBD2551}
[2011/01/31 11:08:05 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{2EC0588C-6E62-43B0-8CEC-BB58B00FA1CC}
[2011/01/29 20:24:26 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{C45DDDBB-D9F3-4110-BAE7-9B316A9DAD5D}
[2011/01/29 00:08:31 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{6ACAD9A5-80DE-4E87-853F-E50D8D375D0C}
[2011/01/28 08:15:10 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{CA2071C4-EA05-4CDE-9705-A8E2DA795DA2}
[2011/01/27 16:04:03 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{52233E07-83A7-4E34-BA98-AA9A156655AA}
[2011/01/27 09:35:48 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{F45FD812-12F4-4546-9FD8-24192828DDDC}
[2011/01/27 07:40:37 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Roaming\Malwarebytes
[2011/01/27 07:40:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/27 07:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/27 07:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/27 07:40:23 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/01/27 07:40:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/27 07:33:35 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Dana\Desktop\TFC.exe
[2011/01/26 11:00:00 | 000,000,000 | R--D | C] -- C:\Users\Dana\Desktop\Cleaning - CFB Greenwood
[2011/01/26 10:14:35 | 000,000,000 | ---D | C] -- C:\Users\Dana\Desktop\Painting - CFB Greenwood
[2011/01/26 08:20:10 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{E44875D1-24D0-40D9-8AF9-29DEC917DED3}
[2011/01/24 10:07:11 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{C1191CFB-1DAD-4830-AEB4-82E6B2577786}
[2011/01/23 08:43:12 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{B6EEDFA5-AF3C-4228-AD4F-8C0C598BD58A}
[2011/01/22 10:49:19 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{973B2748-693A-440F-8D42-5D8B6AAFF3E3}
[2011/01/21 09:50:17 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{BDB135B7-D576-4227-A55B-C2B5ABA34E5E}
[2011/01/20 13:41:16 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{C2FAD3D7-FC4A-4951-B9BB-1528D6AF0B2C}
[2011/01/17 09:27:54 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{0DBF3334-640A-4EC4-9057-A0C962200154}
[2011/01/16 08:57:21 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{F2081396-3ABD-4135-AF8E-840965ECBA42}
[2011/01/15 11:24:13 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{717B771E-8FDC-438E-9D46-D813A3AB34C3}
[2011/01/14 07:56:17 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{F77F34CF-9302-43BE-9A01-0D73813254D2}
[2011/01/13 08:58:15 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\{42582494-5774-438E-96EE-71F5A6E953EF}

========== Files - Modified Within 30 Days ==========

[2011/02/11 08:07:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/11 08:04:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Dana\Desktop\OTL.exe
[2011/02/11 07:57:38 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/11 07:57:38 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/11 07:48:37 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/02/11 07:48:37 | 000,628,460 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/02/11 07:48:37 | 000,110,612 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/02/11 07:42:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/02/10 18:14:44 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/10 18:14:28 | 3117,391,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/10 16:12:54 | 004,266,254 | R--- | M] () -- C:\Users\Dana\Desktop\ComboFix.exe
[2011/02/10 07:56:24 | 000,341,280 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/02/09 20:21:59 | 000,001,649 | ---- | M] () -- C:\Users\Dana\Documents\Invitation.msrcIncident
[2011/02/09 16:17:34 | 000,034,560 | ---- | M] () -- C:\windows\SysWow64\drivers\Normandy.sys
[2011/02/09 09:53:11 | 000,009,728 | ---- | M] () -- C:\Users\Dana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/08 16:31:27 | 000,000,017 | ---- | M] () -- C:\Users\Dana\AppData\Local\resmon.resmoncfg
[2011/02/07 10:28:16 | 000,024,576 | ---- | M] () -- C:\Users\Dana\Documents\Mega Enterprises - Properties February 4 2010.xls
[2011/02/02 04:48:06 | 000,025,088 | ---- | M] () -- C:\Users\Dana\Documents\Mega Enterprises - Properties.xls
[2011/02/01 20:05:50 | 000,002,472 | ---- | M] () -- C:\Users\Dana\Desktop\Ringtones Funny Sounds - Woman Moaning - Shortcut.lnk
[2011/01/27 07:33:35 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Dana\Desktop\TFC.exe
[2011/01/19 10:14:42 | 000,023,040 | ---- | M] () -- C:\Users\Dana\Documents\Pine Grove Business Plan.xls

========== Files Created - No Company Name ==========

[2011/02/10 16:16:26 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/02/10 16:16:26 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/02/10 16:16:26 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/02/10 16:16:26 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/02/10 16:16:26 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/02/10 16:12:03 | 004,266,254 | R--- | C] () -- C:\Users\Dana\Desktop\ComboFix.exe
[2011/02/09 20:16:44 | 000,001,649 | ---- | C] () -- C:\Users\Dana\Documents\Invitation.msrcIncident
[2011/02/09 16:15:45 | 000,034,560 | ---- | C] () -- C:\windows\SysWow64\drivers\Normandy.sys
[2011/02/08 16:31:27 | 000,000,017 | ---- | C] () -- C:\Users\Dana\AppData\Local\resmon.resmoncfg
[2011/02/07 10:21:28 | 000,024,576 | ---- | C] () -- C:\Users\Dana\Documents\Mega Enterprises - Properties February 4 2010.xls
[2011/02/01 20:05:50 | 000,002,472 | ---- | C] () -- C:\Users\Dana\Desktop\Ringtones Funny Sounds - Woman Moaning - Shortcut.lnk
[2011/01/19 10:14:42 | 000,023,040 | ---- | C] () -- C:\Users\Dana\Documents\Pine Grove Business Plan.xls
[2011/01/07 16:51:54 | 000,000,308 | ---- | C] () -- C:\Users\Dana\AppData\Roaming\Rim.Desktop.Exception.log
[2011/01/07 16:51:10 | 000,001,153 | ---- | C] () -- C:\Users\Dana\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/09/01 15:32:44 | 000,009,728 | ---- | C] () -- C:\Users\Dana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/26 20:29:02 | 000,001,475 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/08/06 13:20:06 | 000,000,572 | ---- | C] () -- C:\windows\ODBCINST.INI
[2010/08/06 13:18:44 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\Implode.dll
[2010/08/06 12:27:11 | 000,000,940 | ---- | C] () -- C:\windows\ODBC.INI
[2010/04/30 18:38:26 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/02/20 11:27:36 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/02/20 11:27:36 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2011/01/07 17:12:38 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\Blackberry Desktop
[2011/01/07 16:52:03 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\Research In Motion
[2010/11/15 20:56:35 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\SmartDraw
[2010/10/15 14:53:42 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\TeamViewer
[2011/01/06 12:41:03 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\Tific
[2010/08/07 14:04:00 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\Toshiba
[2011/01/06 21:59:18 | 000,000,000 | ---D | M] -- C:\Users\Dana\AppData\Roaming\Windows Live Writer
[2010/10/20 18:53:55 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(81).TXT
[2010/10/20 18:53:55 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/03/23 02:42:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/02/10 18:19:00 | 000,021,692 | ---- | M] () -- C:\ComboFix.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/02/10 18:14:28 | 3117,391,872 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/02/10 18:14:32 | 4156,522,496 | -HS- | M] () -- C:\pagefile.sys
[2011/02/09 16:34:25 | 000,068,442 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_09.02.2011_16.33.21_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/08/06 11:53:25 | 000,000,221 | -HS- | M] () -- C:\Users\Dana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/01/23 11:18:45 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Dana\Desktop\ATF-Cleaner.exe
[2011/02/10 16:12:54 | 004,266,254 | R--- | M] () -- C:\Users\Dana\Desktop\ComboFix.exe
[2011/02/11 08:04:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Dana\Desktop\OTL.exe
[2011/01/27 07:33:35 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Dana\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/08 11:40:38 | 000,000,402 | -HS- | M] () -- C:\Users\Dana\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/08/26 21:14:42 | 000,001,475 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

wrathall · 2011/02/11

OTL Extras logfile created on: 2/11/2011 8:05:08 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Dana\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 435.61 Gb Total Space | 364.56 Gb Free Space | 83.69% Space Free | Partition Type: NTFS

Computer Name: DANA-PC | User Name: Dana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{142E0726-73B2-4CD5-95BE-8B018801886C}" = Simply Accounting by Sage 2009
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{354038F6-0A35-4C55-A80B-F86C4C1A6D38}" = C3100
"{37C11957-8228-4119-888D-3EA6B742BD9C}" = Simply Accounting by Sage 2009
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{598420E8-E9F9-4FAE-9B6C-599FDF2F611A}" = BlackBerry App World Browser Plugin
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C54856BC-3549-4ADE-AD4B-BC48C336DF5A}" = Simply Accounting by Sage 2009
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F929096B-54A0-4C5C-B125-1E7EB1917412}" = MySQL Connector/ODBC 3.51
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NIS" = Norton Internet Security
"TOSHIBA Game Console" = WildTangent ORB Game Console
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WT083877" = Chuzzle Deluxe
"WT083885" = Zuma's Revenge
"WT083898" = Virtual Villagers - The Secret City
"WT083903" = Escape Rosecliff Island
"WT083929" = Bejeweled 2 Deluxe
"WT083957" = Jewel Quest 3
"WT083958" = Penguins!
"WT083959" = Polar Bowler
"WT083969" = Virtual Families
"WT084018" = FATE - The Traitor Soul

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

broni · 2011/02/11

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

==============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

broni · 2011/02/11

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

==============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

wrathall · 2011/02/14

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dana
->Temp folder emptied: 324280 bytes
->Temporary Internet Files folder emptied: 2960814 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 44292913 bytes
->Flash cache emptied: 12345 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 96456 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 46.00 mb

[EMPTYFLASH]

User: All Users

User: Dana
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Owner

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02142011_211130

Files\Folders moved on Reboot...
File\Folder C:\Users\Dana\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Log in or Sign up

Solved Slow Machine - Emails being distributed

wrathall Inactive Thread Starter

broni Moderator Malware Analyst

wrathall Inactive Thread Starter

wrathall Inactive Thread Starter

wrathall Inactive Thread Starter

wrathall Inactive Thread Starter

wrathall Inactive Thread Starter

wrathall Inactive Thread Starter

broni Moderator Malware Analyst

wrathall Inactive Thread Starter

broni Moderator Malware Analyst

wrathall Inactive Thread Starter

broni Moderator Malware Analyst

wrathall Inactive Thread Starter

broni Moderator Malware Analyst

wrathall Inactive Thread Starter

wrathall Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

wrathall Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Slow Machine - Emails being distributed

wrathall Inactive Thread Starter

broni Moderator Malware Analyst

wrathall Inactive Thread Starter

wrathall Inactive Thread Starter

wrathall Inactive Thread Starter

wrathall Inactive Thread Starter

wrathall Inactive Thread Starter

wrathall Inactive Thread Starter

broni Moderator Malware Analyst

wrathall Inactive Thread Starter

broni Moderator Malware Analyst

wrathall Inactive Thread Starter

broni Moderator Malware Analyst

wrathall Inactive Thread Starter

broni Moderator Malware Analyst

wrathall Inactive Thread Starter

wrathall Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

wrathall Inactive Thread Starter

Share This Page

Useful Searches