1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Google search redirects to Monstermarketplace and other sites

Discussion in 'Malware and Virus Removal Archive' started by Alkus, 2011/05/15.

Page 1 of 2
  1. 2011/05/15
    Alkus

    Alkus Inactive Thread Starter

    Joined:
    2011/05/15
    Messages:
    14
    Likes Received:
    0
    [Resolved] Google search redirects to Monstermarketplace and other sites

    I believe my computer is infected with some sort of a virus. Whenever I click on links in Google search I get redirected to different ad sites, mostly Monstermarketplace.com. This does not happen every time, but happens quite often. Also lots of images in google image search do not show up - they look like grey squares. I ran Malwarebytes, Spybot and some sort of microsoft scan and they did find some viruses that I deleted but the problem still persists. Nothing shows up on any scans anymore. I got HijackThis installed but I'm not sure how to use it. I would really appreciate if someone could help me with this. Thank you very much in advance!


    Malwarebytes:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6579

    Windows 6.1.7600
    Internet Explorer 9.0.8112.16421

    5/15/2011 11:28:46 PM
    mbam-log-2011-05-15 (23-28-46).txt

    Scan type: Quick scan
    Objects scanned: 157441
    Time elapsed: 3 minute(s), 30 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER:

    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit scan 2011-05-15 23:23:00
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FBEO
    Running: r0l2wv7s.exe; Driver: C:\Users\Alena\AppData\Local\Temp\kgtorpob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8DAD7BAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8DAD79D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8DAD7B0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82A48569 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A6D092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    PAGE ntkrnlpa.exe!ZwLoadDriver 82BA628F 7 Bytes JMP 8DAD7B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82C0E2CC 5 Bytes JMP 8DAD35D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject + 27 82C28003 5 Bytes JMP 8DAD5012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!NtCreateSection 82C361B3 7 Bytes JMP 8DAD79D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 82CE02EC 7 Bytes JMP 8DAD7BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text C:\windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88B29000, 0x3C849, 0xE8000020]
    .dsrt C:\windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x88B6E000, 0x3DC, 0x48000040]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1404] kernel32.dll!SetUnhandledExceptionFilter 76363162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----


    MBRCheck

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: TOSHIBA
    BIOS Manufacturer: TOSHIBA
    System Manufacturer: TOSHIBA
    System Product Name: Satellite L455
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 188):
    0x82A05000 \SystemRoot\system32\ntkrnlpa.exe
    0x82E15000 \SystemRoot\system32\halmacpi.dll
    0x80BAB000 \SystemRoot\system32\kdcom.dll
    0x83426000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x8349E000 \SystemRoot\system32\PSHED.dll
    0x834AF000 \SystemRoot\system32\BOOTVID.dll
    0x834B7000 \SystemRoot\system32\CLFS.SYS
    0x834F9000 \SystemRoot\system32\CI.dll
    0x83611000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x83682000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x83690000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x836D8000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x836E1000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x836E9000 \SystemRoot\system32\DRIVERS\pci.sys
    0x83713000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x8371E000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
    0x8372B000 \SystemRoot\System32\drivers\partmgr.sys
    0x8373C000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x83744000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x8374F000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x8375F000 \SystemRoot\System32\drivers\volmgrx.sys
    0x837AA000 \SystemRoot\System32\drivers\mountmgr.sys
    0x837C0000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x837C7000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x8860F000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x886E9000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x886F2000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x88715000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x8871F000 \SystemRoot\system32\drivers\amdxata.sys
    0x88728000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8875C000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8883B000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8896A000 \SystemRoot\System32\Drivers\msrpc.sys
    0x88995000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8876D000 \SystemRoot\System32\Drivers\cng.sys
    0x889A8000 \SystemRoot\System32\drivers\pcw.sys
    0x889B6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x88A0E000 \SystemRoot\system32\drivers\ndis.sys
    0x88AC5000 \SystemRoot\system32\drivers\NETIO.SYS
    0x88B03000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x88C0E000 \SystemRoot\System32\drivers\tcpip.sys
    0x88D57000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x88D88000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x88DC7000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    0x88B28000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
    0x88DCC000 \SystemRoot\System32\Drivers\spldr.sys
    0x88B6F000 \SystemRoot\System32\drivers\rdyboost.sys
    0x88DD4000 \SystemRoot\System32\Drivers\mup.sys
    0x88DE4000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x88B9C000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x88DEC000 \SystemRoot\system32\DRIVERS\disk.sys
    0x88BCE000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x8D2EC000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8D30B000 \SystemRoot\System32\Drivers\Null.SYS
    0x8D312000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8D319000 \SystemRoot\System32\drivers\vga.sys
    0x8D325000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8D346000 \SystemRoot\System32\drivers\watchdog.sys
    0x8D353000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8D35B000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8D363000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x8D36B000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8D376000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8D384000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8D39B000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8D3A6000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x835A4000 \SystemRoot\system32\drivers\afd.sys
    0x8D3B0000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x8D3B5000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8D3E7000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x889BF000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8D3EE000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x88A00000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x889DE000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x88800000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8DA3B000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8DA7C000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8DA86000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8DA90000 \SystemRoot\System32\drivers\discache.sys
    0x8DA9C000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8DAB4000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x8DAC2000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x8DAE9000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x90837000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
    0x90E5E000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x90F15000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x90F4E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x90F59000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x90FA4000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x90FB3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x90FD2000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
    0x90800000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x90804000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x9081C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8DB0A000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x90829000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8DB3D000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x9082B000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    0x8DB4A000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8DB5C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x8DB69000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x8DB7B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8DB93000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8DB9E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8DBC0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8DBD8000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8DA00000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x90835000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x887CA000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8DA17000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x9041D000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x90461000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x9423A000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x944D6000 \SystemRoot\system32\drivers\portcls.sys
    0x94505000 \SystemRoot\system32\drivers\drmk.sys
    0x90472000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0x9451E000 \SystemRoot\system32\drivers\modem.sys
    0x948B0000 \SystemRoot\System32\win32k.sys
    0x9452B000 \SystemRoot\System32\drivers\Dxapi.sys
    0x94535000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x94B10000 \SystemRoot\System32\TSDDD.dll
    0x94B40000 \SystemRoot\System32\cdd.dll
    0x94540000 \SystemRoot\system32\DRIVERS\RTL8187B.sys
    0x945A5000 \SystemRoot\System32\drivers\vwifibus.sys
    0x945AF000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x945EF000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8D200000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x94200000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x94211000 \SystemRoot\system32\drivers\luafv.sys
    0x9058E000 \??\C:\windows\system32\drivers\aswMonFlt.sys
    0x9422C000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x905C5000 \SystemRoot\system32\drivers\WudfPf.sys
    0x905DF000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x8EA3E000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x8EA84000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x8EA94000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x8EAA7000 \SystemRoot\system32\drivers\HTTP.sys
    0x8EB2C000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x8EB45000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x8EB57000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x8EB7A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x8EBB5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xAA405000 \SystemRoot\system32\drivers\peauth.sys
    0xAA49C000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xAA4A6000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xAA4C7000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xAA4D4000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xAA523000 \SystemRoot\System32\DRIVERS\srv.sys
    0xAA5DF000 \??\C:\Users\Alena\AppData\Local\Temp\kgtorpob.sys
    0x77B30000 \Windows\System32\ntdll.dll
    0x475A0000 \Windows\System32\smss.exe
    0x77D70000 \Windows\System32\apisetschema.dll
    0x00E80000 \Windows\System32\autochk.exe
    0x77C90000 \Windows\System32\user32.dll
    0x77AA0000 \Windows\System32\clbcatq.dll
    0x778E0000 \Windows\System32\iertutil.dll
    0x77C80000 \Windows\System32\nsi.dll
    0x777C0000 \Windows\System32\wininet.dll
    0x77660000 \Windows\System32\ole32.dll
    0x775B0000 \Windows\System32\rpcrt4.dll
    0x77560000 \Windows\System32\gdi32.dll
    0x77C70000 \Windows\System32\normaliz.dll
    0x77500000 \Windows\System32\difxapi.dll
    0x77480000 \Windows\System32\comdlg32.dll
    0x77470000 \Windows\System32\psapi.dll
    0x77450000 \Windows\System32\imm32.dll
    0x77400000 \Windows\System32\Wldap32.dll
    0x77360000 \Windows\System32\advapi32.dll
    0x771C0000 \Windows\System32\setupapi.dll
    0x771B0000 \Windows\System32\lpk.dll
    0x770E0000 \Windows\System32\msctf.dll
    0x77040000 \Windows\System32\usp10.dll
    0x763F0000 \Windows\System32\shell32.dll
    0x76310000 \Windows\System32\kernel32.dll
    0x762F0000 \Windows\System32\sechost.dll
    0x76260000 \Windows\System32\oleaut32.dll
    0x76230000 \Windows\System32\imagehlp.dll
    0x761F0000 \Windows\System32\ws2_32.dll
    0x76190000 \Windows\System32\shlwapi.dll
    0x760E0000 \Windows\System32\msvcrt.dll
    0x75FD0000 \Windows\System32\urlmon.dll
    0x75F40000 \Windows\System32\comctl32.dll
    0x75EF0000 \Windows\System32\KernelBase.dll
    0x75DD0000 \Windows\System32\crypt32.dll
    0x75DA0000 \Windows\System32\cfgmgr32.dll
    0x75D70000 \Windows\System32\wintrust.dll
    0x75D50000 \Windows\System32\devobj.dll
    0x75D40000 \Windows\System32\msasn1.dll

    Processes (total 67):
    0 System Idle Process
    4 System
    300 C:\Windows\System32\smss.exe
    452 csrss.exe
    504 C:\Windows\System32\wininit.exe
    512 csrss.exe
    564 C:\Windows\System32\services.exe
    588 C:\Windows\System32\lsass.exe
    596 C:\Windows\System32\winlogon.exe
    604 C:\Windows\System32\lsm.exe
    740 C:\Windows\System32\svchost.exe
    836 C:\Windows\System32\svchost.exe
    908 C:\Windows\System32\svchost.exe
    960 C:\Windows\System32\svchost.exe
    992 C:\Windows\System32\svchost.exe
    1144 C:\Windows\System32\svchost.exe
    1304 C:\Windows\System32\svchost.exe
    1404 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1760 C:\Windows\System32\spoolsv.exe
    1792 C:\Windows\System32\svchost.exe
    1904 C:\Windows\System32\svchost.exe
    324 C:\Windows\System32\svchost.exe
    1264 C:\Windows\System32\TODDSrv.exe
    1468 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    1584 C:\Windows\System32\SearchIndexer.exe
    108 C:\Windows\System32\dwm.exe
    2076 C:\Windows\System32\taskhost.exe
    2196 C:\Windows\explorer.exe
    2904 C:\Windows\System32\igfxtray.exe
    2916 C:\Windows\System32\hkcmd.exe
    2924 C:\Windows\System32\igfxpers.exe
    2956 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    2980 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3020 C:\Windows\System32\igfxsrvc.exe
    3472 C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    3480 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3496 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    3508 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    3520 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    3552 C:\Program Files\ltmoh\ltmoh.exe
    3608 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    3624 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3684 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3768 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    4060 C:\Windows\System32\igfxext.exe
    2312 C:\Program Files\Windows Media Player\wmpnetwk.exe
    1116 C:\Windows\System32\svchost.exe
    2124 C:\Windows\System32\taskeng.exe
    3268 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    2036 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    5024 C:\Program Files\LSI SoftModem\agrsmsvc.exe
    5072 C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    5128 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    5156 C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
    5296 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    5356 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    5060 C:\Program Files\Mozilla Firefox\firefox.exe
    3996 C:\Program Files\Mozilla Firefox\plugin-container.exe
    1984 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    3152 C:\Windows\System32\audiodg.exe
    5304 C:\Windows\System32\notepad.exe
    1744 C:\Windows\System32\SearchProtocolHost.exe
    4712 C:\Windows\System32\SearchFilterHost.exe
    5784 dllhost.exe
    5780 dllhost.exe
    1900 C:\Users\Alena\Downloads\MBRCheck.exe
    5576 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHTS543225L9SA00, Rev: FBEOC43C

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


    Done!

    DDS:

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Alena at 0:04:47.10 on Mon 05/16/2011
    Internet Explorer: 9.0.8112.16421
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.979 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\Dwm.exe
    C:\windows\system32\taskhost.exe
    C:\windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\ltmoh\ltmoh.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\windows\system32\igfxext.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\windows\system32\taskeng.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Users\Alena\Downloads\MBRCheck.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\Users\Alena\Downloads\dds.scr
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [Google Update] "c:\users\alena\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Spyware Doctor] c:\users\alena\desktop\sdsetup_aff.exe -min
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [<NO NAME>]
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
    mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
    mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
    mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
    mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
    mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    Notify: igfxcui - igfxdev.dll
    mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\alena\appdata\roaming\mozilla\firefox\profiles\rkkfw4wp.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft silverlight\3.0.50106.0\npctrlui.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\alena\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-6 165584]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-6 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-6 50768]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
    R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
    R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-7 62832]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-21 167936]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-9-21 376320]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-30 135664]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-5-9 1153368]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-21 171008]
    S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-9-21 51512]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-8 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-05-16 01:53:43 -------- d-----w- C:\!KillBox
    2011-05-15 04:36:42 -------- d--h--w- c:\progra~2\Common Files
    2011-05-15 04:36:17 -------- d-----w- c:\progra~2\MFAData
    2011-05-15 02:52:58 388096 ----a-r- c:\users\alena\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-05-15 02:52:58 -------- d-----w- c:\program files\Trend Micro
    2011-05-14 21:17:21 -------- d-----w- c:\users\alena\appdata\roaming\Malwarebytes
    2011-05-14 21:17:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-14 21:17:13 -------- d-----w- c:\progra~2\Malwarebytes
    2011-05-14 21:17:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-14 21:17:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-11 12:18:31 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-05-11 12:18:31 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-05-11 12:18:31 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-05-11 12:18:30 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-05-11 12:18:30 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-05-11 12:18:30 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-05-11 12:18:30 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-05-11 12:18:28 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-05-11 12:18:28 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-05-09 05:22:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-05-09 05:22:07 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
    2011-05-09 05:17:34 -------- d-----w- c:\progra~2\PC Tools
    2011-05-09 03:15:38 -------- d-----w- c:\users\alena\appdata\local\Panther
    2011-05-09 03:15:32 114688 --sha-w- c:\users\alena\appdata\local\tvc.exe
    2011-05-09 03:15:32 114688 --sha-w- c:\users\alena\appdata\local\tim.exe
    2011-05-04 01:10:33 -------- d-----w- c:\users\alena\appdata\local\{78DE828D-7AB9-4AD9-8AD8-42D596D4308B}
    2011-04-27 13:48:03 31232 ----a-w- c:\windows\system32\prevhost.exe
    2011-04-27 13:47:57 1686016 ----a-w- c:\windows\system32\esent.dll
    2011-04-27 13:47:57 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2011-04-27 13:47:57 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2011-04-27 13:47:57 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2011-04-27 13:47:56 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2011-04-27 13:47:56 74240 ----a-w- c:\windows\system32\fsutil.exe
    2011-04-27 13:47:56 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2011-04-27 13:47:56 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2011-04-27 13:47:56 146304 ----a-w- c:\windows\system32\drivers\storport.sys
    2011-04-27 13:47:46 442880 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-04-27 13:47:43 2614784 ----a-w- c:\windows\explorer.exe
    .
    ==================== Find3M ====================
    .
    2011-03-11 05:40:24 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-11 05:40:24 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-08 05:38:13 740864 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-03-03 03:31:32 2331136 ----a-w- c:\windows\system32\win32k.sys
    2011-02-24 05:32:52 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-24 05:32:44 981504 ----a-w- c:\windows\system32\wininet.dll_old0
    2011-02-24 05:32:41 1228800 ----a-w- c:\windows\system32\urlmon.dll_old0
    2011-02-24 05:29:56 2063360 ----a-w- c:\windows\system32\iertutil.dll_old0
    2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll
    .
    ============= FINISH: 0:05:18.63 ===============
    DDS Attach:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/9/2009 8:52:52 PM
    System Uptime: 5/15/2011 10:40:15 PM (2 hours ago)
    .
    Motherboard: TOSHIBA | | NBWAA
    Processor: Celeron(R) Dual-Core CPU T3000 @ 1.80GHz | U2E1 | 1795/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 188.53 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP31: 4/1/2011 10:49:41 PM - Scheduled Checkpoint
    RP32: 4/9/2011 8:53:38 AM - Scheduled Checkpoint
    RP33: 4/16/2011 9:08:52 AM - Windows Update
    RP34: 4/21/2011 9:34:44 AM - Windows Modules Installer
    RP35: 4/28/2011 9:24:18 AM - Windows Update
    RP36: 5/5/2011 2:07:16 PM - Scheduled Checkpoint
    RP37: 5/12/2011 8:42:57 AM - Windows Update
    RP38: 5/14/2011 10:52:36 PM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.2
    avast! Free Antivirus
    Compatibility Pack for the 2007 Office system
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    Java(TM) 6 Update 14
    Junk Mail filter update
    Label@Once 1.0
    LSI V92 MOH Application
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox 4.0.1 (x86 en-US)
    MSVCRT
    MyToshiba
    NetZero Launcher
    PlayReady PC Runtime x86
    Quickbooks Financial Center
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Realtek WLAN Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Skype Launcher
    SparkChess version 4.5
    Spybot - Search & Destroy
    Synaptics Pointing Device Driver
    Toshiba Application and Driver Installer
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Flash Cards Support Utility
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    TOSHIBA Internal Modem Region Select Utility
    Toshiba Online Backup
    Toshiba Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA Service Station
    TOSHIBA Software Modem
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    ToshibaRegistration
    Utility Common Driver
    WildTangent Games
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/15/2011 10:40:37 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
    5/12/2011 9:05:15 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    .
    ==== End Of File ===========================
     
    Last edited: 2011/05/16
    Alkus,
    #1
  2. 2011/05/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

  4. 2011/05/16
    Alkus

    Alkus Inactive Thread Starter

    Joined:
    2011/05/15
    Messages:
    14
    Likes Received:
    0
    I downloaded ComboFix and tried to run it after disabling avast. It told me that avast was still running. I uninstalled Avast and restarted my computer but it still tells me that avast is running. Am I safe to proceed or what should I do to avoid possible damage to my computer? Here are the warnings:
    [​IMG]
    [​IMG]
    Thanks so much!
     
    Last edited: 2011/05/16
    Alkus,
    #3
  5. 2011/05/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    If you uninstalled Avast, disregard Combofix warnings and go ahead.
     
    broni,
    #4
  6. 2011/05/16
    Alkus

    Alkus Inactive Thread Starter

    Joined:
    2011/05/15
    Messages:
    14
    Likes Received:
    0
    ComboFix 11-05-16.01 - Alena 05/16/2011 14:50:51.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.1369 [GMT -4:00]
    Running from: c:\users\Alena\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\xp
    c:\programdata\xp\EBLib.dll
    c:\programdata\xp\TPwSav.sys
    c:\users\Alena\AppData\Local\{78DE828D-7AB9-4AD9-8AD8-42D596D4308B}
    c:\users\Alena\AppData\Local\{78DE828D-7AB9-4AD9-8AD8-42D596D4308B}\chrome.manifest
    c:\users\Alena\AppData\Local\{78DE828D-7AB9-4AD9-8AD8-42D596D4308B}\chrome\content\_cfg.js
    c:\users\Alena\AppData\Local\{78DE828D-7AB9-4AD9-8AD8-42D596D4308B}\chrome\content\overlay.xul
    c:\users\Alena\AppData\Local\{78DE828D-7AB9-4AD9-8AD8-42D596D4308B}\install.rdf
    c:\users\Alena\AppData\Local\tim.exe
    c:\users\Alena\AppData\Local\tvc.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-16 to 2011-05-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-16 18:56 . 2011-05-16 18:56 -------- d-----w- c:\users\Eric\AppData\Local\temp
    2011-05-16 18:56 . 2011-05-16 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-16 18:49 . 2011-05-16 18:49 -------- d-----w- C:\32788R22FWJFW
    2011-05-16 01:53 . 2011-05-16 01:53 -------- d-----w- C:\!KillBox
    2011-05-15 04:36 . 2011-05-15 04:36 -------- d--h--w- c:\programdata\Common Files
    2011-05-15 04:36 . 2011-05-15 04:38 -------- d-----w- c:\programdata\MFAData
    2011-05-15 02:52 . 2011-05-15 02:52 388096 ----a-r- c:\users\Alena\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-05-15 02:52 . 2011-05-15 02:52 -------- d-----w- c:\program files\Trend Micro
    2011-05-14 21:17 . 2011-05-14 21:17 -------- d-----w- c:\users\Alena\AppData\Roaming\Malwarebytes
    2011-05-14 21:17 . 2011-05-14 21:17 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-14 21:17 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-14 21:17 . 2011-05-14 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-14 21:17 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-11 12:18 . 2011-03-25 03:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-05-11 12:18 . 2011-03-25 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-05-11 12:18 . 2011-03-25 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-05-11 12:18 . 2011-03-25 03:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-05-11 12:18 . 2011-03-25 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-05-11 12:18 . 2011-03-25 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-05-11 12:18 . 2011-03-25 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-05-11 12:18 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-05-11 12:18 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-05-09 05:22 . 2011-05-09 05:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-05-09 05:22 . 2011-05-09 05:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-05-09 05:17 . 2011-05-09 05:17 -------- d-----w- c:\programdata\PC Tools
    2011-05-09 03:15 . 2011-05-09 03:15 -------- d-----w- c:\users\Alena\AppData\Local\Panther
    2011-04-30 13:41 . 2011-04-30 13:41 -------- d-----w- c:\users\Eric\AppData\Local\Google
    2011-04-27 13:48 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
    2011-04-27 13:47 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2011-04-27 13:47 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2011-04-27 13:47 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2011-04-27 13:47 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
    2011-04-27 13:47 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
    2011-04-27 13:47 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2011-04-27 13:47 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2011-04-27 13:47 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2011-04-27 13:47 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
    2011-04-27 13:47 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-04-27 13:47 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-11 05:40 . 2011-04-15 18:23 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-11 05:40 . 2011-04-15 18:23 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-08 05:38 . 2011-04-15 18:23 740864 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-03 05:29 . 2011-04-15 18:24 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-03-03 05:27 . 2011-04-15 18:24 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-03-03 03:31 . 2011-04-15 18:23 2331136 ----a-w- c:\windows\system32\win32k.sys
    2011-02-24 05:32 . 2011-04-15 18:23 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-24 05:32 . 2011-04-15 18:24 981504 ----a-w- c:\windows\system32\wininet.dll_old0
    2011-02-24 05:32 . 2011-04-15 18:24 1228800 ----a-w- c:\windows\system32\urlmon.dll_old0
    2011-02-24 05:29 . 2011-04-15 18:24 2063360 ----a-w- c:\windows\system32\iertutil.dll_old0
    2011-02-23 05:06 . 2011-04-15 18:24 311296 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-23 05:05 . 2011-04-15 18:24 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-02-23 05:05 . 2011-04-15 18:24 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-02-23 05:05 . 2011-04-15 18:23 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-02-23 05:05 . 2011-04-15 18:23 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-02-23 05:05 . 2011-04-15 18:23 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-23 05:05 . 2011-04-15 18:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-02-19 05:33 . 2011-03-09 13:08 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-19 05:32 . 2011-03-09 13:08 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-19 05:32 . 2011-03-09 13:08 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-02-19 05:32 . 2011-04-15 18:24 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-02-19 03:37 . 2011-04-15 18:24 294912 ----a-w- c:\windows\system32\atmfd.dll
    2011-04-14 16:26 . 2011-05-13 18:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MyTOSHIBA "= "c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-03 39408]
    "SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
    "RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
    "SVPWUTIL "= "c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
    "HWSetup "= "c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
    "KeNotify "= "c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
    "TPwrMain "= "c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
    "SmoothView "= "c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
    "00TCrdMain "= "c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
    "ToshibaServiceStation "= "c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
    "LtMoh "= "c:\program files\ltmoh\Ltmoh.exe" [2008-09-25 195080]
    "TosSENotify "= "c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
    "NortonOnlineBackupReminder "= "c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "Malwarebytes' Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 5 (0x5)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-30 135664]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 171008]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-07 1343400]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
    S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-08-13 376320]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
    2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-30 13:42]
    .
    2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-30 13:42]
    .
    2011-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2983869326-2700106415-1737178022-1001Core.job
    - c:\users\Alena\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-04 13:42]
    .
    2011-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2983869326-2700106415-1737178022-1001UA.job
    - c:\users\Alena\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-04 13:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\rkkfw4wp.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    HKCU-Run-Spyware Doctor - c:\users\Alena\Desktop\sdsetup_aff.exe
    AddRemove-TOSHIBA Software Modem - c:\windows\agrsmdel
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    "MSCurrentCountry "=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-05-16 14:57:44
    ComboFix-quarantined-files.txt 2011-05-16 18:57
    .
    Pre-Run: 202,371,182,592 bytes free
    Post-Run: 202,318,241,792 bytes free
    .
    - - End Of File - - 9641C938A75D7D015EF8E04DF4B73F20
     
    Alkus,
    #5
  7. 2011/05/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Combofix log looks good now.

    How is redirection?

    You can reinstall Avast now.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #6
  8. 2011/05/16
    Alkus

    Alkus Inactive Thread Starter

    Joined:
    2011/05/15
    Messages:
    14
    Likes Received:
    0
    I believe the issue has been resolved. I have not had any redirects after running combofix and I can see all images in google now. I reinstalled Firefox and Avast. Thank you SO MUCH!! :)
    Should I still run OTL or am I out of the woods now?
     
    Alkus,
    #7
  9. 2011/05/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm glad to hear good news, but as I said at the beginning of this topic, cleaning process has to be finished.
    Go ahead with OTL.
     
    broni,
    #8
  10. 2011/05/16
    Alkus

    Alkus Inactive Thread Starter

    Joined:
    2011/05/15
    Messages:
    14
    Likes Received:
    0
    OTL logfile created on: 5/16/2011 4:05:03 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Alena\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 223.27 Gb Total Space | 189.04 Gb Free Space | 84.67% Space Free | Partition Type: NTFS
    Drive D: | 4.50 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: ALENA-PC | User Name: Alena | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/16 16:03:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alena\Desktop\OTL.exe
    PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/08/10 22:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    PRC - [2009/08/05 17:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    PRC - [2009/08/05 17:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    PRC - [2009/08/05 17:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    PRC - [2009/08/03 21:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    PRC - [2009/08/03 21:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    PRC - [2009/07/28 23:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    PRC - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
    PRC - [2009/07/28 17:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/13 18:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2009/07/07 12:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
    PRC - [2009/03/27 21:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
    PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2009/01/14 00:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    PRC - [2008/09/25 18:49:00 | 000,195,080 | ---- | M] (LSI Corp.) -- C:\Program Files\ltmoh\ltmoh.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/05/16 16:03:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alena\Desktop\OTL.exe
    MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/12/07 10:19:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/09/23 17:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2009/08/17 13:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2009/08/10 22:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
    SRV - [2009/08/05 17:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2009/08/03 21:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/07 12:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
    SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/03/27 21:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/05/10 07:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2009/08/13 11:37:00 | 000,376,320 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
    DRV - [2009/07/30 20:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2009/07/24 18:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
    DRV - [2009/07/21 17:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/07/17 14:13:30 | 000,171,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/07/14 18:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
    DRV - [2009/07/02 17:55:36 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2983869326-2700106415-1737178022-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    IE - HKU\S-1-5-21-2983869326-2700106415-1737178022-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.yahoo.com "

    FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/16 15:21:39 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 15:41:53 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 01:11:37 | 000,000,000 | ---D | M]

    [2011/05/16 15:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alena\AppData\Roaming\Mozilla\Extensions
    [2011/05/16 15:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    File not found (No name found) --
    [2011/05/16 15:21:39 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/05/16 14:56:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
    O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (LSI Corp.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKU\S-1-5-21-2983869326-2700106415-1737178022-1001..\Run: [MyTOSHIBA] C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
    O4 - HKU\S-1-5-21-2983869326-2700106415-1737178022-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2983869326-2700106415-1737178022-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2983869326-2700106415-1737178022-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKU\S-1-5-21-2983869326-2700106415-1737178022-1001..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)


    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/16 16:03:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Alena\Desktop\OTL.exe
    [2011/05/16 15:41:59 | 000,000,000 | ---D | C] -- C:\Users\Alena\AppData\Roaming\Mozilla
    [2011/05/16 15:21:54 | 000,019,544 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
    [2011/05/16 15:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2011/05/16 15:21:53 | 000,307,928 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
    [2011/05/16 15:21:50 | 000,441,176 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
    [2011/05/16 15:21:50 | 000,049,240 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
    [2011/05/16 15:21:50 | 000,025,432 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys
    [2011/05/16 15:21:48 | 000,053,592 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
    [2011/05/16 15:21:35 | 000,040,112 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
    [2011/05/16 15:21:34 | 000,199,304 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe
    [2011/05/16 15:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2011/05/16 15:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/05/16 14:57:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/05/16 14:57:45 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2011/05/16 14:49:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2011/05/16 14:49:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2011/05/16 14:49:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2011/05/16 14:49:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
    [2011/05/16 14:49:08 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/05/16 14:10:10 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2011/05/16 14:06:37 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/15 21:53:43 | 000,000,000 | ---D | C] -- C:\!KillBox
    [2011/05/15 00:36:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2011/05/15 00:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2011/05/14 22:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/05/14 22:52:58 | 000,000,000 | ---D | C] -- C:\Users\Alena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2011/05/14 17:17:21 | 000,000,000 | ---D | C] -- C:\Users\Alena\AppData\Roaming\Malwarebytes
    [2011/05/14 17:17:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
    [2011/05/14 17:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/14 17:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/05/14 17:17:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
    [2011/05/14 17:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/05/09 01:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2011/05/09 01:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/05/09 01:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/05/09 01:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2011/05/09 01:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2011/05/09 00:35:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
    [2011/05/08 23:15:38 | 000,000,000 | ---D | C] -- C:\Users\Alena\AppData\Local\Panther
    [2011/05/04 19:54:02 | 000,000,000 | ---D | C] -- C:\Users\Alena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/05/16 16:03:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alena\Desktop\OTL.exe
    [2011/05/16 15:58:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2983869326-2700106415-1737178022-1001UA.job
    [2011/05/16 15:47:01 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/05/16 15:41:54 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/05/16 15:34:49 | 005,154,304 | ---- | M] () -- C:\Users\Alena\Desktop\WindowsDefender.msi
    [2011/05/16 15:33:55 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/05/16 15:33:55 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/05/16 15:26:47 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/05/16 15:26:08 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2011/05/16 15:26:04 | 1504,346,112 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/16 15:21:54 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/05/16 15:21:48 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
    [2011/05/16 15:20:21 | 056,923,744 | ---- | M] () -- C:\Users\Alena\Desktop\setup_av_free.exe
    [2011/05/16 14:56:14 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
    [2011/05/16 14:26:29 | 004,349,683 | R--- | M] () -- C:\Users\Alena\Desktop\ComboFix.exe
    [2011/05/15 19:58:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2983869326-2700106415-1737178022-1001Core.job
    [2011/05/15 18:24:09 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2011/05/15 18:24:09 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2011/05/14 22:52:58 | 000,002,963 | ---- | M] () -- C:\Users\Alena\Desktop\HT.lnk
    [2011/05/14 17:17:14 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/13 14:59:05 | 000,002,413 | ---- | M] () -- C:\Users\Alena\Desktop\Google Chrome.lnk
    [2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
    [2011/05/10 08:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
    [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
    [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
    [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
    [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys
    [2011/05/10 07:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
    [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
    [2011/05/09 01:22:13 | 000,001,255 | ---- | M] () -- C:\Users\Alena\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/05/09 01:22:13 | 000,001,231 | ---- | M] () -- C:\Users\Alena\Desktop\Spybot - Search & Destroy.lnk
    [2011/05/09 01:10:06 | 000,000,328 | ---- | M] () -- C:\Users\Alena\Desktop\fix.reg
    [2011/04/21 09:36:16 | 000,001,422 | ---- | M] () -- C:\Users\Alena\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/04/21 09:35:34 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/05/16 15:41:54 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/05/16 15:41:54 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/05/16 15:34:33 | 005,154,304 | ---- | C] () -- C:\Users\Alena\Desktop\WindowsDefender.msi
    [2011/05/16 15:21:54 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/05/16 15:20:05 | 056,923,744 | ---- | C] () -- C:\Users\Alena\Desktop\setup_av_free.exe
    [2011/05/16 14:49:37 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
    [2011/05/16 14:49:37 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2011/05/16 14:49:37 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
    [2011/05/16 14:49:37 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2011/05/16 14:49:37 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2011/05/16 14:26:28 | 004,349,683 | R--- | C] () -- C:\Users\Alena\Desktop\ComboFix.exe
    [2011/05/14 22:52:58 | 000,002,963 | ---- | C] () -- C:\Users\Alena\Desktop\HT.lnk
    [2011/05/14 17:17:14 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/09 01:22:13 | 000,001,255 | ---- | C] () -- C:\Users\Alena\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/05/09 01:22:13 | 000,001,231 | ---- | C] () -- C:\Users\Alena\Desktop\Spybot - Search & Destroy.lnk
    [2011/05/09 01:10:06 | 000,000,328 | ---- | C] () -- C:\Users\Alena\Desktop\fix.reg
    [2011/05/04 19:54:04 | 000,002,413 | ---- | C] () -- C:\Users\Alena\Desktop\Google Chrome.lnk
    [2011/05/04 19:53:39 | 000,000,908 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2983869326-2700106415-1737178022-1001UA.job
    [2011/05/04 19:53:38 | 000,000,856 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2983869326-2700106415-1737178022-1001Core.job
    [2011/04/30 09:42:59 | 000,000,886 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/04/30 09:42:58 | 000,000,882 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/04/21 09:35:34 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
    [2009/11/09 21:54:14 | 000,000,014 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
    [2009/09/21 14:43:51 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
    [2009/09/21 14:23:22 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
    [2009/09/21 14:21:07 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
    [2009/09/21 14:18:03 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX1.dat
    [2009/09/21 14:18:03 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
    [2009/08/27 10:57:38 | 000,982,220 | ---- | C] () -- C:\windows\System32\igkrng500.bin
    [2009/08/27 10:57:38 | 000,439,300 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
    [2009/08/27 10:57:38 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin
    [2009/08/27 10:57:38 | 000,092,216 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
    [2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
    [2009/07/14 00:33:53 | 000,340,792 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
    [2009/07/13 22:05:48 | 000,624,178 | ---- | C] () -- C:\windows\System32\perfh009.dat
    [2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
    [2009/07/13 22:05:48 | 000,106,522 | ---- | C] () -- C:\windows\System32\perfc009.dat
    [2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
    [2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
    [2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
    [2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
    [2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
    [2009/04/28 07:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll

    ========== LOP Check ==========

    [2009/11/09 21:53:54 | 000,000,000 | ---D | M] -- C:\Users\Alena\AppData\Roaming\WinBatch
    [2009/07/14 00:53:46 | 000,015,924 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2009/09/03 04:57:22 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/05/16 14:57:44 | 000,013,431 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/05/16 15:26:04 | 1504,346,112 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/16 15:26:08 | 2005,798,912 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 17:31:19 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
    [2009/07/13 21:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2009/07/10 15:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/04/21 09:36:16 | 000,000,221 | -HS- | M] () -- C:\Users\Alena\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/05/16 14:26:29 | 004,349,683 | R--- | M] () -- C:\Users\Alena\Desktop\ComboFix.exe
    [2011/05/16 16:03:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alena\Desktop\OTL.exe
    [2011/05/16 15:20:21 | 056,923,744 | ---- | M] () -- C:\Users\Alena\Desktop\setup_av_free.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/12/08 09:00:09 | 000,000,402 | -HS- | M] () -- C:\Users\Alena\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
    Alkus,
    #9
  11. 2011/05/16
    Alkus

    Alkus Inactive Thread Starter

    Joined:
    2011/05/15
    Messages:
    14
    Likes Received:
    0
    OTL Extras logfile created on: 5/16/2011 4:05:03 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Alena\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 223.27 Gb Total Space | 189.04 Gb Free Space | 84.67% Space Free | Partition Type: NTFS
    Drive D: | 4.50 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: ALENA-PC | User Name: Alena | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2983869326-2700106415-1737178022-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba
    "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
    "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
    "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
    "{329B9AFB-F565-4F44-B052-CB9DB3C5D5D6}_is1" = SparkChess version 4.5
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
    "{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}" = NetZero Launcher
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "avast" = avast! Free Antivirus
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "LTMOH" = LSI V92 MOH Application
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WildTangent toshiba Master Uninstall" = WildTangent Games
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2983869326-2700106415-1737178022-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/16/2011 9:58:03 AM | Computer Name = Alena-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 4/16/2011 9:58:04 AM | Computer Name = Alena-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 4/16/2011 11:05:55 AM | Computer Name = Alena-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 4/16/2011 11:05:55 AM | Computer Name = Alena-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 4/16/2011 11:06:01 AM | Computer Name = Alena-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 4/16/2011 11:06:02 AM | Computer Name = Alena-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 4/16/2011 11:06:03 AM | Computer Name = Alena-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 4/16/2011 11:06:03 AM | Computer Name = Alena-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 4/16/2011 11:07:28 AM | Computer Name = Alena-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 4/16/2011 11:07:28 AM | Computer Name = Alena-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    [ System Events ]
    Error - 3/29/2011 3:23:30 PM | Computer Name = Alena-PC | Source = bowser | ID = 8003
    Description =

    Error - 3/29/2011 6:09:17 PM | Computer Name = Alena-PC | Source = cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 3/30/2011 8:19:45 AM | Computer Name = Alena-PC | Source = bowser | ID = 8003
    Description =

    Error - 4/5/2011 11:14:20 AM | Computer Name = Alena-PC | Source = bowser | ID = 8003
    Description =

    Error - 4/21/2011 11:21:34 AM | Computer Name = Alena-PC | Source = bowser | ID = 8003
    Description =

    Error - 5/3/2011 6:28:44 PM | Computer Name = Alena-PC | Source = bowser | ID = 8003
    Description =

    Error - 5/9/2011 1:32:01 AM | Computer Name = Alena-PC | Source = Service Control Manager | ID = 7003
    Description = The SBSD Security Center Service service depends the following service:
    wscsvc. This service might not be installed.

    Error - 5/11/2011 2:03:10 PM | Computer Name = Alena-PC | Source = Service Control Manager | ID = 7003
    Description = The SBSD Security Center Service service depends the following service:
    wscsvc. This service might not be installed.

    Error - 5/12/2011 9:00:09 AM | Computer Name = Alena-PC | Source = Service Control Manager | ID = 7003
    Description = The SBSD Security Center Service service depends the following service:
    wscsvc. This service might not be installed.

    Error - 5/12/2011 9:05:15 AM | Computer Name = Alena-PC | Source = Service Control Manager | ID = 7022
    Description = The Windows Update service hung on starting.


    < End of report >
     
    Alkus,
    #10
  12. 2011/05/16
    Alkus

    Alkus Inactive Thread Starter

    Joined:
    2011/05/15
    Messages:
    14
    Likes Received:
    0
    I tried to post the first OTF log but got a message that it needs to be approved by a mod.
     
    Alkus,
    #11
  13. 2011/05/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I just approved it. Hold on...
     
    broni,
    #12
  14. 2011/05/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =====================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #13
  15. 2011/05/16
    Alkus

    Alkus Inactive Thread Starter

    Joined:
    2011/05/15
    Messages:
    14
    Likes Received:
    0
    OTF log:


    Files\Folders moved on Reboot...
    C:\Users\Alena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LKJE8247\list-item-plus[1].png moved successfully.
    C:\Users\Alena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKDIWWYD\background_button_green_full[2].png moved successfully.

    Registry entries deleted on Reboot...

    I'm doing the other scans now.
     
    Alkus,
    #14
  16. 2011/05/16
    Alkus

    Alkus Inactive Thread Starter

    Joined:
    2011/05/15
    Messages:
    14
    Likes Received:
    0
    Security check:

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 25
    Out of date Java installed!
    Adobe Flash Player 10.2.153.1
    Adobe Reader 9.2
    Out of date Adobe Reader installed!
    Mozilla Firefox (x86 en-US..) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    ``````````End of Log````````````
     
    Alkus,
    #15
  17. 2011/05/16
    Alkus

    Alkus Inactive Thread Starter

    Joined:
    2011/05/15
    Messages:
    14
    Likes Received:
    0
    Just ran TFC. After my computer restarted this message popped up:
    [​IMG]

    Do I click "allow" or "deny "?
     
    Alkus,
    #16
  18. 2011/05/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ...and Eset....
     
    broni,
    #17
  19. 2011/05/16
    Alkus

    Alkus Inactive Thread Starter

    Joined:
    2011/05/15
    Messages:
    14
    Likes Received:
    0
    ESET Log:

    C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudInternetSecurity2.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\FraudInternetSecurity2.zip Win32/Bagle.gen.zip worm
     
    Alkus,
    #18
  20. 2011/05/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I didn't see this:
    You should allow that change.
    If you didn't, re-run TFC.

    ====================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL

:Services

:Reg

:Files
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudInternetSecurity2.zip 
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FraudInternetSecurity2.zip

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
    broni,
    #19
  21. 2011/05/16
    Alkus

    Alkus Inactive Thread Starter

    Joined:
    2011/05/15
    Messages:
    14
    Likes Received:
    0
    First OTL log:

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudInternetSecurity2.zip moved successfully.
    File\Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\FraudInternetSecurity2.zip not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: Alena
    ->Temp folder emptied: 1480080259 bytes
    ->Temporary Internet Files folder emptied: 5221955 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 34051279 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 584 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Eric
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 608 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,449.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: Alena
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Eric
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 05162011_200505

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
    Alkus,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...