Antivir :(

View previous topic View next topic Go down

Antivir :(

Post by yellowsubmarine on 10th August 2010, 9:44 pm

Hello GeekPolice!

Hope you can help me, i've been infected by the Antivir Solution Pro, which seems to be getting around everywhere. Only popped up a few hours ago while i was on youtibe using Google Chrome. It frooze the screen, went black and then kept opening up several messages about windows defender. I restarted the laptop, uninstalled Chrome and started using Firefox. The Antivir kept popping up, including opening IE to spam ads. After that, I tried a few things, including running Malwarebyte which found one infection. I thought that was the end of it, restarted my laptop but it was still there. Included below is the first part of the OTL report.

OTL logfile created on: 8/10/2010 10:28:47 PM - Run 1
OTL by OldTimer - Version 3.2.9.1
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 14.37 Gb Free Space | 12.36% Space Free | Partition Type: NTFS
Drive D: | 116.21 Gb Total Space | 92.40 Gb Free Space | 79.52% Space Free | Partition Type: NTFS
Drive E: | 4.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LYNN-TOSH
Current User Name: Lynn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/10 22:28:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Lynn\Downloads\OTL.exe
PRC - [2010/08/10 16:36:06 | 000,192,000 | ---- | M] (ApexDC++ Development Team) -- C:\Users\Lynn\AppData\Local\Temp\Qqc.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/05/11 09:41:08 | 001,050,072 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TemproTray.exe
PRC - [2010/05/11 09:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/10 23:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/11/10 17:57:00 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2009/11/05 22:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2009/11/05 22:04:12 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/17 11:48:46 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/08/17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/08/13 12:31:24 | 000,521,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2009/08/10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/06 15:02:02 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
PRC - [2009/08/06 13:06:58 | 000,466,792 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
PRC - [2009/08/03 18:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/03 18:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/30 00:54:38 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/30 00:54:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 21:12:56 | 007,625,248 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 16:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2009/07/07 10:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\RSelect\RSelSvc.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe


========== Modules (SafeList) ==========

MOD - [2010/08/10 22:28:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Lynn\Downloads\OTL.exe
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/29 11:31:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/19 02:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/11 09:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/17 17:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/11/05 22:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/09/26 05:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/08/17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/03 18:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/30 00:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/07 10:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
SRV - [2009/04/29 12:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/08/10 16:36:22 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2010/08/10 16:36:21 | 000,782,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/03/04 14:42:58 | 000,277,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/05 06:51:12 | 000,376,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/07/30 17:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/28 21:02:42 | 002,735,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/24 16:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/20 17:48:32 | 000,213,552 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\SynTP.sys -- (SynTP)
DRV - [2009/07/14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 23:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 23:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/13 23:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/07 08:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\FwLnk.sys -- (FwLnk)
DRV - [2009/06/24 18:23:12 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/06/22 18:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/05/05 01:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/04/29 12:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/02/12 23:00:22 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2009/02/12 22:58:16 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2009/02/12 22:57:28 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}:2.2
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.6.5
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.11
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.0
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.4
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.0.6


FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/07/08 14:40:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/10 22:13:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/10 22:13:41 | 000,000,000 | ---D | M]

[2010/05/24 12:12:42 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Extensions
[2010/08/10 17:55:34 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\8l7apuae.default\extensions
[2010/08/10 17:55:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\8l7apuae.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/08/10 17:55:22 | 000,000,000 | ---D | M] (AniWeather) -- C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\8l7apuae.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/08/10 17:55:20 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\8l7apuae.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/10 17:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\8l7apuae.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/08/10 17:55:22 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\8l7apuae.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2010/08/10 17:55:22 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\8l7apuae.default\extensions\background@toggle.wtf
[2010/08/10 17:55:20 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\8l7apuae.default\extensions\canitbecheaper@trafficbroker.co.uk
[2010/08/10 17:55:20 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\8l7apuae.default\extensions\FirefoxAddon@similarWeb.com
[2010/08/10 17:55:20 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\8l7apuae.default\extensions\isreaditlater@ideashower.com
[2010/05/24 12:08:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 01:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 01:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 01:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 01:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [{248A609D-44EE-5DD2-FE36-B028DE7F50B1}] C:\Users\Lynn\AppData\Roaming\Gioq\ifiku.exe (SOFTWIN S.R.L.)
O4 - HKCU..\Run: [{BC75DF2E-3625-47B5-6251-15193FCBFEA4}] C:\Users\Lynn\AppData\Roaming\Igxya\wanoa.exe (lr)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: CabBuilder [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/04/20 21:37:17 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/03/27 05:03:00 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{03793b15-c27b-11de-bc8b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{03793b15-c27b-11de-bc8b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010/04/20 21:37:17 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/10 21:16:02 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/10 20:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/08/10 20:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/08/10 20:28:27 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\yipvxpbqu
[2010/08/10 17:02:08 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Malwarebytes
[2010/08/10 16:52:59 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2010/08/10 16:45:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/10 16:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/10 16:45:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/10 16:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/10 16:35:44 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\iljwdwjfs
[2010/08/10 16:35:30 | 000,000,000 | -HSD | C] -- C:\Users\Lynn\AppData\Roaming\lowsec
[2010/08/07 00:16:42 | 001,755,100 | ---- | C] (GamesCafe) -- C:\Users\Lynn\Desktop\SallysSpa.exe
[2010/07/28 02:11:32 | 001,297,920 | ---- | C] (iWin Inc.) -- C:\Users\Lynn\Desktop\jojo.exe
[2010/07/27 15:08:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\iwin
[2010/07/27 15:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2010/07/27 14:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\RealArcade
[2010/07/27 14:44:08 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\WinRAR
[2010/07/27 14:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/07/22 21:44:46 | 000,000,000 | ---D | C] -- C:\Users\Lynn\Documents\My Received Files
[2010/07/22 21:14:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/07/22 18:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/22 17:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TOSHIBA Tempro
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/10 22:31:43 | 004,718,592 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT
[2010/08/10 22:15:33 | 000,016,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/10 22:15:33 | 000,016,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/10 22:13:43 | 000,001,920 | ---- | M] () -- C:\Users\Lynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/10 22:13:43 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/10 22:08:04 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/08/10 22:07:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/10 22:07:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/10 22:07:16 | 2816,864,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/10 22:06:20 | 001,463,126 | -H-- | M] () -- C:\Users\Lynn\AppData\Local\IconCache.db
[2010/08/10 19:28:38 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010/08/10 19:24:30 | 000,002,152 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
[2010/08/10 18:54:03 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 High-End Loft Stuff.lnk
[2010/08/10 18:33:32 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2010/08/10 16:46:03 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/10 16:39:21 | 000,002,848 | ---- | M] () -- C:\Users\Lynn\AppData\Local\ukizoxufap.dll
[2010/08/10 16:36:22 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\brfiltlo.sys
[2010/08/10 16:36:21 | 000,782,336 | ---- | M] () -- C:\Windows\System32\drivers\b57nd60x.sys
[2010/08/05 21:10:52 | 000,726,316 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/05 21:10:52 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/05 21:10:52 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/04 20:14:45 | 000,000,256 | ---- | M] () -- C:\Users\Lynn\Documents\pool.bin
[2010/08/04 20:13:59 | 001,947,567 | ---- | M] () -- C:\Users\Lynn\Documents\Backup-(2010-08-04).ipd
[2010/07/31 11:42:24 | 000,524,288 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT{3bd6f927-9c90-11df-b2ae-0026b63cd42e}.TMContainer00000000000000000002.regtrans-ms
[2010/07/31 11:42:23 | 000,524,288 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT{3bd6f927-9c90-11df-b2ae-0026b63cd42e}.TMContainer00000000000000000001.regtrans-ms
[2010/07/31 11:42:23 | 000,065,536 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT{3bd6f927-9c90-11df-b2ae-0026b63cd42e}.TM.blf
[2010/07/27 14:55:27 | 000,000,137 | ---- | M] () -- C:\Users\Lynn\Desktop\More Games at GameHouse.com.url
[2010/07/24 20:22:05 | 000,002,488 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Create a Pattern Tool.lnk
[2010/07/22 22:41:24 | 000,000,468 | ---- | M] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2010/07/22 18:34:26 | 002,017,476 | ---- | M] () -- C:\Users\Lynn\Documents\Backup-(2010-07-22).ipd
[2010/07/22 18:30:34 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/10 19:28:38 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010/08/10 19:24:30 | 000,002,152 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
[2010/08/10 18:54:03 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 High-End Loft Stuff.lnk
[2010/08/10 18:33:32 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2010/08/10 16:46:03 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/10 16:39:21 | 000,002,848 | ---- | C] () -- C:\Users\Lynn\AppData\Local\ukizoxufap.dll
[2010/08/10 16:36:07 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/08/07 00:16:51 | 000,425,984 | ---- | C] () -- C:\Users\Lynn\Desktop\HotelDash.exe
[2010/08/04 20:13:59 | 001,947,567 | ---- | C] () -- C:\Users\Lynn\Documents\Backup-(2010-08-04).ipd
[2010/07/31 11:42:24 | 000,524,288 | -HS- | C] () -- C:\Users\Lynn\NTUSER.DAT{3bd6f927-9c90-11df-b2ae-0026b63cd42e}.TMContainer00000000000000000002.regtrans-ms
[2010/07/31 11:42:23 | 000,524,288 | -HS- | C] () -- C:\Users\Lynn\NTUSER.DAT{3bd6f927-9c90-11df-b2ae-0026b63cd42e}.TMContainer00000000000000000001.regtrans-ms
[2010/07/31 11:42:23 | 000,065,536 | -HS- | C] () -- C:\Users\Lynn\NTUSER.DAT{3bd6f927-9c90-11df-b2ae-0026b63cd42e}.TM.blf
[2010/07/27 14:55:27 | 000,000,137 | ---- | C] () -- C:\Users\Lynn\Desktop\More Games at GameHouse.com.url
[2010/07/24 20:22:04 | 000,002,488 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Create a Pattern Tool.lnk
[2010/07/22 22:41:24 | 000,000,468 | ---- | C] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2010/07/22 18:38:29 | 000,000,256 | ---- | C] () -- C:\Users\Lynn\Documents\pool.bin
[2010/07/22 18:34:26 | 002,017,476 | ---- | C] () -- C:\Users\Lynn\Documents\Backup-(2010-07-22).ipd
[2010/07/22 18:03:11 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/01 03:02:32 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/12/03 10:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/26 23:26:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 01:59:16 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\brfiltlo.sys
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 23:02:49 | 000,782,336 | ---- | C] () -- C:\Windows\System32\drivers\b57nd60x.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

yellowsubmarine
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-08-10
OS OS : Windows 7
Points Points : 23273
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir :(

Post by yellowsubmarine on 10th August 2010, 9:44 pm

Second report


OTL Extras logfile created on: 8/10/2010 10:28:47 PM - Run 1
OTL by OldTimer - Version 3.2.9.1
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 14.37 Gb Free Space | 12.36% Space Free | Partition Type: NTFS
Drive D: | 116.21 Gb Total Space | 92.40 Gb Free Space | 79.52% Space Free | Partition Type: NTFS
Drive E: | 4.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LYNN-TOSH
Current User Name: Lynn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{154C378D-D990-42DF-BDFD-5225E2EE3D8C}" = V.92 Modem On Hold
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
"{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
"{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
"{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
"{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
"{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25140000-0048-0409-0000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 32-bit (Beta)
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" = Skype(TM) Launcher
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C9D88A7-D9A4-4CBD-82A5-1AF84A8596B5}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9700 smartphone
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"{433540D0-73A8-4D8F-B8DF-F4AFB0D0848C}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9700 smartphone
"{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}" = The Sims™ 3 Create a Pattern Tool
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E12D9F6-E86A-4EE3-BA5A-965FDBC6687F}" = O2InstV3Win7UpdateV1
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.co.uk
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2F3FB19-D848-479C-818E-130ABC9366DB}" = BlackBerry Device Software Updater
"{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}" = ATI Catalyst Install Manager
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}" = eBay
"{ECA2B21B-A180-4775-B93F-6E404E36A8CC}" = MSRuntime Libraries
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.0.1
"BitTorrent" = BitTorrent
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"EA Download Manager" = EA Download Manager
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"Hotel Dash Suite Success_is1" = Hotel Dash Suite Success
"InstallShield_{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"InstallShield_{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Office14.SingleImage" = Microsoft Office Professional 2010
"SharpReader_is1" = SharpReader 0.9.7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/31/2010 4:13:59 PM | Computer Name = LYNN-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1248

Error - 7/31/2010 4:14:00 PM | Computer Name = LYNN-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/31/2010 4:14:00 PM | Computer Name = LYNN-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2511

Error - 7/31/2010 4:14:00 PM | Computer Name = LYNN-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2511

Error - 7/31/2010 4:14:01 PM | Computer Name = LYNN-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/31/2010 4:14:01 PM | Computer Name = LYNN-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3556

Error - 7/31/2010 4:14:01 PM | Computer Name = LYNN-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3556

Error - 7/31/2010 9:16:46 PM | Computer Name = LYNN-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/31/2010 9:16:46 PM | Computer Name = LYNN-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1872

Error - 7/31/2010 9:16:46 PM | Computer Name = LYNN-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1872

[ Media Center Events ]
Error - 7/5/2010 1:36:51 PM | Computer Name = Lynn-TOSH | Source = MCUpdate | ID = 0
Description = 18:36:50 - Error connecting to the internet. 18:36:51 - Unable
to contact server..

Error - 7/5/2010 1:37:16 PM | Computer Name = Lynn-TOSH | Source = MCUpdate | ID = 0
Description = 18:36:57 - Error connecting to the internet. 18:36:57 - Unable
to contact server..

Error - 7/5/2010 2:37:38 PM | Computer Name = Lynn-TOSH | Source = MCUpdate | ID = 0
Description = 19:37:37 - Error connecting to the internet. 19:37:37 - Unable
to contact server..

Error - 7/5/2010 2:38:03 PM | Computer Name = Lynn-TOSH | Source = MCUpdate | ID = 0
Description = 19:37:44 - Error connecting to the internet. 19:37:44 - Unable
to contact server..

Error - 7/20/2010 2:13:13 AM | Computer Name = Lynn-TOSH | Source = MCUpdate | ID = 0
Description = 07:13:13 - Error connecting to the internet. 07:13:13 - Unable
to contact server..

Error - 7/20/2010 2:13:37 AM | Computer Name = Lynn-TOSH | Source = MCUpdate | ID = 0
Description = 07:13:22 - Error connecting to the internet. 07:13:22 - Unable
to contact server..

Error - 7/20/2010 3:13:40 AM | Computer Name = Lynn-TOSH | Source = MCUpdate | ID = 0
Description = 08:13:40 - Error connecting to the internet. 08:13:40 - Unable
to contact server..

Error - 7/20/2010 3:13:47 AM | Computer Name = Lynn-TOSH | Source = MCUpdate | ID = 0
Description = 08:13:45 - Error connecting to the internet. 08:13:45 - Unable
to contact server..

Error - 7/20/2010 4:13:51 AM | Computer Name = Lynn-TOSH | Source = MCUpdate | ID = 0
Description = 09:13:51 - Error connecting to the internet. 09:13:51 - Unable
to contact server..

Error - 7/20/2010 4:13:58 AM | Computer Name = Lynn-TOSH | Source = MCUpdate | ID = 0
Description = 09:13:56 - Error connecting to the internet. 09:13:56 - Unable
to contact server..

[ System Events ]
Error - 7/22/2010 1:32:49 PM | Computer Name = Lynn-TOSH | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 7/22/2010 1:32:49 PM | Computer Name = Lynn-TOSH | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 7/22/2010 1:32:50 PM | Computer Name = Lynn-TOSH | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 7/22/2010 5:50:40 PM | Computer Name = Lynn-TOSH | Source = DCOM | ID = 10010
Description =

Error - 7/22/2010 5:51:09 PM | Computer Name = Lynn-TOSH | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7/22/2010 5:54:16 PM | Computer Name = Lynn-TOSH | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7/22/2010 6:10:38 PM | Computer Name = Lynn-TOSH | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7/22/2010 6:11:23 PM | Computer Name = Lynn-TOSH | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7/22/2010 6:39:12 PM | Computer Name = Lynn-TOSH | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7/22/2010 6:39:26 PM | Computer Name = Lynn-TOSH | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >

yellowsubmarine
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-08-10
OS OS : Windows 7
Points Points : 23273
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir :(

Post by Belahzur on 10th August 2010, 11:27 pm

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    PRC - [2010/08/10 16:36:06 | 000,192,000 | ---- | M] (ApexDC++ Development Team) -- C:\Users\Lynn\AppData\Local\Temp\Qqc.exe
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [{248A609D-44EE-5DD2-FE36-B028DE7F50B1}] C:\Users\Lynn\AppData\Roaming\Gioq\ifiku.exe (SOFTWIN S.R.L.)
    O4 - HKCU..\Run: [{BC75DF2E-3625-47B5-6251-15193FCBFEA4}] C:\Users\Lynn\AppData\Roaming\Igxya\wanoa.exe (lr)
    [2010/08/10 20:28:27 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\yipvxpbqu
    [2010/08/10 16:35:44 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\iljwdwjfs
    [2010/08/10 16:35:30 | 000,000,000 | -HSD | C] -- C:\Users\Lynn\AppData\Roaming\lowsec
    [2010/08/10 22:08:04 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivir :(

Post by yellowsubmarine on 11th August 2010, 11:17 am

Here's the OTL report:

========== OTL ==========
Process Qqc.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{248A609D-44EE-5DD2-FE36-B028DE7F50B1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248A609D-44EE-5DD2-FE36-B028DE7F50B1}\ not found.
C:\Users\Lynn\AppData\Roaming\Gioq\ifiku.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{BC75DF2E-3625-47B5-6251-15193FCBFEA4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC75DF2E-3625-47B5-6251-15193FCBFEA4}\ not found.
C:\Users\Lynn\AppData\Roaming\Igxya\wanoa.exe moved successfully.
C:\Users\Lynn\AppData\Local\yipvxpbqu folder moved successfully.
C:\Users\Lynn\AppData\Local\iljwdwjfs folder moved successfully.
C:\Users\Lynn\AppData\Roaming\lowsec folder moved successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.

OTL by OldTimer - Version 3.2.9.1 log created on 08112010_121613

yellowsubmarine
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-08-10
OS OS : Windows 7
Points Points : 23273
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir :(

Post by Belahzur on 11th August 2010, 1:44 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivir :(

Post by yellowsubmarine on 11th August 2010, 2:23 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/08/2010 15:23:13
mbam-log-2010-08-11 (15-23-13).txt

Scan type: Quick scan
Objects scanned: 132411
Time elapsed: 8 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

yellowsubmarine
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-08-10
OS OS : Windows 7
Points Points : 23273
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir :(

Post by Belahzur on 11th August 2010, 2:44 pm

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Post the new log when done.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivir :(

Post by yellowsubmarine on 11th August 2010, 2:59 pm

Thanks for telling me about the updates. Here's the new log:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4419

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/08/2010 15:58:10
mbam-log-2010-08-11 (15-58-10).txt

Scan type: Quick scan
Objects scanned: 149187
Time elapsed: 10 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\10DPP6O2VE (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Lynn\AppData\Local\Temp\8.860979546843559E8.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Lynn\AppData\Local\Temp\ogjpeed.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Lynn\AppData\Local\Temp\Qqb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Lynn\AppData\Local\Temp\Qqc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Lynn\AppData\Local\Temp\Qqd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Lynn\AppData\Local\Temp\Qqe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Lynn\AppData\Local\Temp\rxcmnoasew.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Lynn\AppData\Local\Temp\exrmscanow.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.

yellowsubmarine
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-08-10
OS OS : Windows 7
Points Points : 23273
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir :(

Post by Belahzur on 11th August 2010, 9:20 pm

Hello.
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivir :(

Post by yellowsubmarine on 11th August 2010, 10:39 pm

Done and done. Msn messenger ran automatically on the reboot but i quickly closed that. Here's the log:

ComboFix 10-08-11.04 - Lynn 11/08/2010 23:24:07.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3582.2266 [GMT 1:00]
Running from: c:\users\Lynn\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Lynn\AppData\Roaming\Gioq\ifiku.exe
c:\users\Lynn\AppData\Roaming\Igxya\wanoa.exe

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_osppsvc


((((((((((((((((((((((((( Files Created from 2010-07-11 to 2010-08-11 )))))))))))))))))))))))))))))))
.

2010-08-11 22:30 . 2010-08-11 22:30 -------- d-----w- C:\Device
2010-08-11 22:29 . 2010-08-11 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-11 11:16 . 2010-08-11 11:16 -------- d-----w- C:\_OTL
2010-08-11 02:52 . 2010-08-11 02:52 -------- d-----w- C:\$AVG
2010-08-11 01:47 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-08-10 22:09 . 2010-08-10 22:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-10 22:09 . 2010-08-10 22:09 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-10 22:09 . 2010-08-10 22:09 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-10 22:09 . 2010-08-10 22:09 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-10 22:09 . 2010-08-11 22:14 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-10 22:09 . 2010-08-10 22:09 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-10 22:07 . 2010-08-10 22:09 -------- d-----w- c:\programdata\avg9
2010-08-10 22:07 . 2010-08-10 22:07 -------- d-----w- c:\programdata\avg8
2010-08-10 22:04 . 2010-08-10 22:07 -------- d-----w- c:\program files\AVG
2010-08-10 19:43 . 2010-08-10 21:04 -------- d-----w- c:\program files\Spyware Doctor
2010-08-10 16:02 . 2010-08-10 16:02 -------- d-----w- c:\users\Lynn\AppData\Roaming\Malwarebytes
2010-08-10 15:52 . 2010-08-10 15:52 -------- d-----w- c:\users\Lynn\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2010-08-10 15:45 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-10 15:45 . 2010-08-10 15:45 -------- d-----w- c:\programdata\Malwarebytes
2010-08-10 15:45 . 2010-08-10 15:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-10 15:45 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-10 15:39 . 2010-08-10 15:39 2848 ----a-w- c:\users\Lynn\AppData\Local\ukizoxufap.dll
2010-07-27 14:00 . 2010-08-11 18:11 -------- d-----w- c:\programdata\Trymedia
2010-07-27 13:54 . 2010-08-07 17:46 -------- d-----w- c:\program files\RealArcade
2010-07-27 13:41 . 2010-08-11 01:53 -------- d-----w- c:\users\Mcx1-LYNN-TOSH.Lynn-TOSH
2010-07-22 17:01 . 2010-07-22 17:01 -------- d-----w- c:\program files\iPod
2010-07-22 16:56 . 2010-07-22 16:56 -------- d-----w- c:\programdata\TOSHIBA Tempro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 12:44 . 2009-09-04 09:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-11 12:44 . 2009-09-04 09:32 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-08-11 11:46 . 2010-02-26 19:03 -------- d-----w- c:\users\Lynn\AppData\Roaming\Yzbig
2010-08-11 11:46 . 2010-03-21 15:30 -------- d-----w- c:\users\Lynn\AppData\Roaming\Edhugi
2010-08-11 11:42 . 2010-01-20 13:44 110816 ----a-w- c:\users\Lynn\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-11 11:35 . 2010-01-22 10:21 -------- d-----w- c:\users\Lynn\AppData\Roaming\Research In Motion
2010-08-11 11:30 . 2010-01-22 10:19 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-08-11 11:29 . 2010-03-01 15:58 -------- d-----w- c:\programdata\Roxio
2010-08-11 11:29 . 2009-09-04 09:16 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-11 11:26 . 2010-01-22 10:19 -------- d-----w- c:\program files\Research In Motion
2010-08-11 11:26 . 2010-01-22 10:19 -------- d-----w- c:\programdata\Research In Motion
2010-08-11 11:16 . 2010-06-07 05:17 -------- d-----w- c:\users\Lynn\AppData\Roaming\Gioq
2010-08-11 11:16 . 2010-02-17 05:31 -------- d-----w- c:\users\Lynn\AppData\Roaming\Igxya
2010-08-11 11:13 . 2010-08-11 11:12 102135128 ----a-w- c:\users\Lynn\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\Extractor.exe
2010-08-11 01:54 . 2009-09-04 09:39 -------- d-----w- c:\program files\Microsoft Works
2010-08-10 20:51 . 2010-01-27 17:54 -------- d-----w- c:\program files\SharpReader
2010-08-10 18:28 . 2010-01-20 17:38 -------- d-----w- c:\programdata\Electronic Arts
2010-08-10 18:08 . 2010-01-20 17:19 -------- d-----w- c:\program files\Electronic Arts
2010-08-10 18:08 . 2009-09-04 09:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-10 15:36 . 2009-07-14 00:59 0 ----a-w- c:\windows\system32\drivers\brfiltlo.sys
2010-08-10 15:36 . 2009-07-13 22:02 782336 ----a-w- c:\windows\system32\drivers\b57nd60x.sys
2010-08-10 15:29 . 2010-01-20 21:21 -------- d-----w- c:\users\Lynn\AppData\Roaming\BitTorrent
2010-08-06 22:36 . 2010-04-11 15:08 -------- d-----w- c:\users\Lynn\AppData\Roaming\Skype
2010-08-06 17:20 . 2010-04-11 15:09 -------- d-----w- c:\users\Lynn\AppData\Roaming\skypePM
2010-08-03 20:38 . 2010-08-03 20:38 1821192 ----a-w- c:\users\Lynn\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\vcredist_x86.exe
2010-08-03 20:38 . 2010-08-03 20:38 400728 ----a-w- c:\users\Lynn\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\BBDesktopInstaller.exe
2010-08-03 20:38 . 2010-08-03 20:38 2959376 ----a-w- c:\users\Lynn\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\dotnetfx35setup.exe
2010-08-03 20:38 . 2010-08-03 20:38 128472 ----a-w- c:\users\Lynn\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\Helper.exe
2010-07-29 06:30 . 2010-08-11 01:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 01:49 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 13:39 . 2010-06-12 21:20 -------- d-----w- c:\users\Lynn\AppData\Roaming\BitZipper
2010-07-22 21:55 . 2009-09-04 09:36 -------- d-----w- c:\program files\TOSHIBA Games
2010-07-22 21:51 . 2010-01-21 11:45 -------- d-----w- c:\users\Lynn\AppData\Roaming\PlayFirst
2010-07-22 21:45 . 2010-01-25 20:26 2288240 ----a-w- c:\programdata\WildTangent\TOSHIBA Game Console\Downloads\en\Installers\SetupGamesClient.exe
2010-07-22 17:03 . 2010-06-18 18:05 -------- d-----w- c:\program files\iTunes
2010-07-22 17:01 . 2010-01-20 15:03 -------- d-----w- c:\program files\Common Files\Apple
2010-07-22 16:57 . 2010-07-22 16:57 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-22 16:56 . 2009-09-04 09:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-22 16:55 . 2009-09-04 09:34 -------- d-----w- c:\program files\Toshiba TEMPRO
2010-07-22 16:28 . 2010-04-29 17:38 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-07-22 16:28 . 2010-05-20 09:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-07-22 16:27 . 2010-04-29 17:37 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-07-08 13:49 . 2009-09-04 09:44 -------- d-----w- c:\program files\Windows Live
2010-07-06 00:34 . 2010-02-11 00:40 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-07-06 00:34 . 2010-05-19 10:21 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-07-02 17:29 . 2010-07-02 17:29 -------- d-----w- c:\users\Guest\AppData\Roaming\Research In Motion
2010-07-01 15:39 . 2010-07-01 15:39 -------- d-----w- c:\users\Guest\AppData\Roaming\Toshiba
2010-07-01 15:24 . 2010-07-01 15:24 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer
2010-07-01 15:24 . 2010-07-01 15:24 126264 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-01 15:24 . 2010-07-01 15:24 -------- d-----w- c:\users\Guest\AppData\Roaming\ATI
2010-06-30 06:25 . 2010-08-11 01:49 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-27 13:42 . 2010-01-20 14:42 -------- d-----w- c:\program files\Microsoft.NET
2010-06-27 13:27 . 2010-06-27 13:27 53248 ----a-r- c:\users\Lynn\AppData\Roaming\Microsoft\Installer\{B2F3FB19-D848-479C-818E-130ABC9366DB}\ARPPRODUCTICON.exe
2010-06-25 10:58 . 2010-07-01 15:24 53632 ----a-w- c:\users\Guest\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-06-25 10:58 . 2010-06-25 10:59 53632 ----a-w- c:\users\Lynn\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-06-22 02:47 . 2010-08-11 01:49 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-11 01:49 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-11 01:49 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-21 23:21 . 2010-01-22 10:21 256 ----a-w- c:\windows\system32\pool.bin
2010-06-21 23:20 . 2010-06-21 23:20 26694 ----a-r- c:\users\Lynn\AppData\Roaming\Microsoft\Installer\{3C9D88A7-D9A4-4CBD-82A5-1AF84A8596B5}\BlackBerry.exe
2010-06-21 22:50 . 2010-06-21 22:50 26694 ----a-r- c:\users\Lynn\AppData\Roaming\Microsoft\Installer\{433540D0-73A8-4D8F-B8DF-F4AFB0D0848C}\BlackBerry.exe
2010-06-19 06:33 . 2010-08-11 01:49 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-11 01:49 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-11 01:49 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 18:02 . 2010-06-18 18:02 -------- d-----w- c:\program files\Bonjour
2010-06-16 05:48 . 2010-08-11 01:49 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-15 12:15 . 2010-06-15 12:15 -------- d-----w- c:\programdata\FileCure
2010-06-14 06:12 . 2010-08-11 01:49 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-08 06:02 . 2010-08-11 01:49 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 00:36 . 2010-02-11 00:40 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-01 17:37 . 2010-01-20 15:13 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 07:24 . 2010-06-11 14:40 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 14:40 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-19 19:00 . 2010-06-08 17:56 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbC1E2.tmp.exe
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 21:12 556432 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 611672]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-05 480608]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-11-10 738616]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-10 2065760]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnk.CommonStartup
backupExtension=.CommonStartup

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-29 1343400]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-08-10 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-10 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-10 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-10 308136]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-11-05 376832]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 111960]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:6522
Trusted Zone: o2.co.uk\*.broadband
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: CabBuilder - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\8l7apuae.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\components\FFGlobalExtension.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{248A609D-44EE-5DD2-FE36-B028DE7F50B1} - c:\users\Lynn\AppData\Roaming\Gioq\ifiku.exe
HKCU-Run-{BC75DF2E-3625-47B5-6251-15193FCBFEA4} - c:\users\Lynn\AppData\Roaming\Igxya\wanoa.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-bfxuktpf - c:\users\Lynn\AppData\Local\yipvxpbqu\agtpuiatssd.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-Hpuye - c:\users\Lynn\AppData\Local\DGMEndt.dll
MSConfigStartUp-lwvobboe - c:\users\Lynn\AppData\Local\iljwdwjfs\qenuocstssd.exe
MSConfigStartUp-userinit - c:\users\Lynn\AppData\Roaming\sdra64.exe
MSConfigStartUp-{248A609D-44EE-5DD2-FE36-B028DE7F50B1} - c:\users\Lynn\AppData\Roaming\Gioq\ifiku.exe
MSConfigStartUp-{BC75DF2E-3625-47B5-6251-15193FCBFEA4} - c:\users\Lynn\AppData\Roaming\Igxya\wanoa.exe
AddRemove-Hotel Dash Suite Success_is1 - c:\program files\Hotel Dash Suite Success\ReflexiveArcade\unins000.exe
AddRemove-{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B} - c:\program files\Amazon\UninstallerAmazon.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2010-08-11 23:36:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-11 22:36

Pre-Run: 16,541,470,720 bytes free
Post-Run: 17,818,750,976 bytes free

- - End Of File - - E3E322CCD9E4E4DF0334754A6502F3F0

yellowsubmarine
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-08-10
OS OS : Windows 7
Points Points : 23273
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir :(

Post by Belahzur on 13th August 2010, 12:06 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    File::
    c:\users\Lynn\AppData\Local\ukizoxufap.dll

    DDS::
    uInternet Settings,ProxyOverride =
    uInternet Settings,ProxyServer = http=127.0.0.1:6522

    RegLock::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivir :(

Post by yellowsubmarine on 13th August 2010, 10:42 am

Hey Belahzur,

Here is the latest log:

ComboFix 10-08-12.03 - Lynn 13/08/2010 11:21:54.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3582.2410 [GMT 1:00]
Running from: c:\users\Lynn\Downloads\ComboFix.exe
Command switches used :: c:\users\Lynn\Downloads\CFScript.txt
* Created a new restore point

FILE ::
"c:\users\Lynn\AppData\Local\ukizoxufap.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Lynn\AppData\Local\ukizoxufap.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-13 to 2010-08-13 )))))))))))))))))))))))))))))))
.

2010-08-13 10:31 . 2010-08-13 10:31 -------- d-----w- c:\users\Lynn\AppData\Local\temp
2010-08-13 10:31 . 2010-08-13 10:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-13 10:31 . 2010-08-13 10:31 -------- d-----w- c:\users\Mcx1-LYNN-TOSH.Lynn-TOSH\AppData\Local\temp
2010-08-13 10:31 . 2010-08-13 10:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-13 10:18 . 2010-08-13 10:18 -------- d-----w- C:\32788R22FWJFW
2010-08-13 10:13 . 2010-08-13 10:13 -------- d-----w- c:\users\Lynn\AppData\Roaming\AVG9
2010-08-11 22:30 . 2010-08-11 22:30 -------- d-----w- C:\Device
2010-08-11 11:16 . 2010-08-11 11:16 -------- d-----w- C:\_OTL
2010-08-11 11:12 . 2010-08-11 11:13 102135128 ----a-w- c:\users\Lynn\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\Extractor.exe
2010-08-11 02:52 . 2010-08-11 02:52 -------- d-----w- C:\$AVG
2010-08-11 01:47 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-08-10 22:09 . 2010-08-10 22:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-10 22:09 . 2010-08-10 22:09 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-10 22:09 . 2010-08-10 22:09 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-10 22:09 . 2010-08-10 22:09 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-10 22:09 . 2010-08-13 10:16 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-10 22:09 . 2010-08-10 22:09 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-10 22:07 . 2010-08-10 22:09 -------- d-----w- c:\programdata\avg9
2010-08-10 22:07 . 2010-08-10 22:07 -------- d-----w- c:\programdata\avg8
2010-08-10 22:04 . 2010-08-10 22:07 -------- d-----w- c:\program files\AVG
2010-08-10 19:43 . 2010-08-10 21:04 -------- d-----w- c:\program files\Spyware Doctor
2010-08-10 16:02 . 2010-08-10 16:02 -------- d-----w- c:\users\Lynn\AppData\Roaming\Malwarebytes
2010-08-10 15:52 . 2010-08-10 15:52 -------- d-----w- c:\users\Lynn\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2010-08-10 15:45 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-10 15:45 . 2010-08-10 15:45 -------- d-----w- c:\programdata\Malwarebytes
2010-08-10 15:45 . 2010-08-10 15:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-10 15:45 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-03 20:38 . 2010-08-03 20:38 1821192 ----a-w- c:\users\Lynn\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\vcredist_x86.exe
2010-08-03 20:38 . 2010-08-03 20:38 400728 ----a-w- c:\users\Lynn\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\BBDesktopInstaller.exe
2010-08-03 20:38 . 2010-08-03 20:38 2959376 ----a-w- c:\users\Lynn\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\dotnetfx35setup.exe
2010-08-03 20:38 . 2010-08-03 20:38 128472 ----a-w- c:\users\Lynn\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\Helper.exe
2010-07-27 14:00 . 2010-08-11 18:11 -------- d-----w- c:\programdata\Trymedia
2010-07-27 13:54 . 2010-08-07 17:46 -------- d-----w- c:\program files\RealArcade
2010-07-27 13:41 . 2010-08-11 22:36 -------- d-----w- c:\users\Mcx1-LYNN-TOSH.Lynn-TOSH
2010-07-22 17:01 . 2010-07-22 17:01 -------- d-----w- c:\program files\iPod
2010-07-22 16:57 . 2010-07-22 16:57 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-22 16:56 . 2010-07-22 16:56 -------- d-----w- c:\programdata\TOSHIBA Tempro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 12:44 . 2009-09-04 09:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-11 12:44 . 2009-09-04 09:32 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-08-11 11:46 . 2010-02-26 19:03 -------- d-----w- c:\users\Lynn\AppData\Roaming\Yzbig
2010-08-11 11:46 . 2010-03-21 15:30 -------- d-----w- c:\users\Lynn\AppData\Roaming\Edhugi
2010-08-11 11:42 . 2010-01-20 13:44 110816 ----a-w- c:\users\Lynn\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-11 11:35 . 2010-01-22 10:21 -------- d-----w- c:\users\Lynn\AppData\Roaming\Research In Motion
2010-08-11 11:30 . 2010-01-22 10:19 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-08-11 11:29 . 2010-03-01 15:58 -------- d-----w- c:\programdata\Roxio
2010-08-11 11:29 . 2009-09-04 09:16 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-11 11:26 . 2010-01-22 10:19 -------- d-----w- c:\program files\Research In Motion
2010-08-11 11:26 . 2010-01-22 10:19 -------- d-----w- c:\programdata\Research In Motion
2010-08-11 11:16 . 2010-06-07 05:17 -------- d-----w- c:\users\Lynn\AppData\Roaming\Gioq
2010-08-11 11:16 . 2010-02-17 05:31 -------- d-----w- c:\users\Lynn\AppData\Roaming\Igxya
2010-08-11 01:54 . 2009-09-04 09:39 -------- d-----w- c:\program files\Microsoft Works
2010-08-10 20:51 . 2010-01-27 17:54 -------- d-----w- c:\program files\SharpReader
2010-08-10 18:28 . 2010-01-20 17:38 -------- d-----w- c:\programdata\Electronic Arts
2010-08-10 18:08 . 2010-01-20 17:19 -------- d-----w- c:\program files\Electronic Arts
2010-08-10 18:08 . 2009-09-04 09:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-10 15:36 . 2009-07-14 00:59 0 ----a-w- c:\windows\system32\drivers\brfiltlo.sys
2010-08-10 15:36 . 2009-07-13 22:02 782336 ----a-w- c:\windows\system32\drivers\b57nd60x.sys
2010-08-10 15:29 . 2010-01-20 21:21 -------- d-----w- c:\users\Lynn\AppData\Roaming\BitTorrent
2010-08-06 22:36 . 2010-04-11 15:08 -------- d-----w- c:\users\Lynn\AppData\Roaming\Skype
2010-08-06 17:20 . 2010-04-11 15:09 -------- d-----w- c:\users\Lynn\AppData\Roaming\skypePM
2010-07-29 06:30 . 2010-08-11 01:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 01:49 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 13:39 . 2010-06-12 21:20 -------- d-----w- c:\users\Lynn\AppData\Roaming\BitZipper
2010-07-22 21:55 . 2009-09-04 09:36 -------- d-----w- c:\program files\TOSHIBA Games
2010-07-22 21:51 . 2010-01-21 11:45 -------- d-----w- c:\users\Lynn\AppData\Roaming\PlayFirst
2010-07-22 21:45 . 2010-01-25 20:26 2288240 ----a-w- c:\programdata\WildTangent\TOSHIBA Game Console\Downloads\en\Installers\SetupGamesClient.exe
2010-07-22 17:03 . 2010-06-18 18:05 -------- d-----w- c:\program files\iTunes
2010-07-22 17:01 . 2010-01-20 15:03 -------- d-----w- c:\program files\Common Files\Apple
2010-07-22 16:56 . 2009-09-04 09:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-22 16:55 . 2009-09-04 09:34 -------- d-----w- c:\program files\Toshiba TEMPRO
2010-07-22 16:28 . 2010-04-29 17:38 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-07-22 16:28 . 2010-05-20 09:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-07-22 16:27 . 2010-04-29 17:37 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-07-08 13:49 . 2009-09-04 09:44 -------- d-----w- c:\program files\Windows Live
2010-07-06 00:34 . 2010-02-11 00:40 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-07-06 00:34 . 2010-05-19 10:21 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-07-02 17:29 . 2010-07-02 17:29 -------- d-----w- c:\users\Guest\AppData\Roaming\Research In Motion
2010-07-01 15:39 . 2010-07-01 15:39 -------- d-----w- c:\users\Guest\AppData\Roaming\Toshiba
2010-07-01 15:24 . 2010-07-01 15:24 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer
2010-07-01 15:24 . 2010-07-01 15:24 126264 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-01 15:24 . 2010-07-01 15:24 -------- d-----w- c:\users\Guest\AppData\Roaming\ATI
2010-06-30 06:25 . 2010-08-11 01:49 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-27 13:42 . 2010-01-20 14:42 -------- d-----w- c:\program files\Microsoft.NET
2010-06-27 13:27 . 2010-06-27 13:27 53248 ----a-r- c:\users\Lynn\AppData\Roaming\Microsoft\Installer\{B2F3FB19-D848-479C-818E-130ABC9366DB}\ARPPRODUCTICON.exe
2010-06-25 10:58 . 2010-07-01 15:24 53632 ----a-w- c:\users\Guest\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-06-25 10:58 . 2010-06-25 10:59 53632 ----a-w- c:\users\Lynn\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-06-22 02:47 . 2010-08-11 01:49 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-11 01:49 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-11 01:49 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-21 23:21 . 2010-01-22 10:21 256 ----a-w- c:\windows\system32\pool.bin
2010-06-21 23:20 . 2010-06-21 23:20 26694 ----a-r- c:\users\Lynn\AppData\Roaming\Microsoft\Installer\{3C9D88A7-D9A4-4CBD-82A5-1AF84A8596B5}\BlackBerry.exe
2010-06-21 22:50 . 2010-06-21 22:50 26694 ----a-r- c:\users\Lynn\AppData\Roaming\Microsoft\Installer\{433540D0-73A8-4D8F-B8DF-F4AFB0D0848C}\BlackBerry.exe
2010-06-19 06:33 . 2010-08-11 01:49 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-11 01:49 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-11 01:49 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 18:02 . 2010-06-18 18:02 -------- d-----w- c:\program files\Bonjour
2010-06-16 05:48 . 2010-08-11 01:49 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-15 12:15 . 2010-06-15 12:15 -------- d-----w- c:\programdata\FileCure
2010-06-14 06:12 . 2010-08-11 01:49 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-08 06:02 . 2010-08-11 01:49 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 00:36 . 2010-02-11 00:40 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-01 17:37 . 2010-01-20 15:13 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 07:24 . 2010-06-11 14:40 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 14:40 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-19 19:00 . 2010-06-08 17:56 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbC1E2.tmp.exe
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 21:12 556432 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 611672]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-05 480608]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-11-10 738616]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-10 2065760]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnk.CommonStartup
backupExtension=.CommonStartup

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-29 1343400]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-08-10 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-10 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-10 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-10 308136]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-11-05 376832]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 111960]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
Trusted Zone: o2.co.uk\*.broadband
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: CabBuilder - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\8l7apuae.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\components\FFGlobalExtension.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
Completion time: 2010-08-13 11:39:30
ComboFix-quarantined-files.txt 2010-08-13 10:39
ComboFix2.txt 2010-08-11 22:36

Pre-Run: 17,917,956,096 bytes free
Post-Run: 17,895,112,704 bytes free

- - End Of File - - 147D9273F93AFB838E6B538B2BD229A6

yellowsubmarine
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-08-10
OS OS : Windows 7
Points Points : 23273
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir :(

Post by Belahzur on 13th August 2010, 9:35 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivir :(

Post by yellowsubmarine on 13th August 2010, 11:19 pm

Hey Belahzur.

Not sure if the scan went well, but i think this is the right log.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=58dc3980f637db42aafeafa3072095e3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-13 11:09:01
# local_time=2010-08-14 12:09:01 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1029 16777213 100 90 43635 260111 0 0
# compatibility_mode=5893 16776574 66 85 34190844 34204644 0 0
# compatibility_mode=8192 67108863 100 0 96 96 0 0
# scanned=142394
# found=4
# cleaned=4
# scan_time=2687
C:\_OTL\MovedFiles\08112010_121613\C_Users\Lynn\AppData\Local\iljwdwjfs\qenuocstssd.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08112010_121613\C_Users\Lynn\AppData\Local\yipvxpbqu\agtpuiatssd.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08112010_121613\C_Users\Lynn\AppData\Roaming\Gioq\ifiku.exe a variant of Win32/Kryptik.FXQ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08112010_121613\C_Users\Lynn\AppData\Roaming\Igxya\wanoa.exe a variant of Win32/Kryptik.FXX trojan (deleted - quarantined) 00000000000000000000000000000000 C

yellowsubmarine
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-08-10
OS OS : Windows 7
Points Points : 23273
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir :(

Post by Belahzur on 14th August 2010, 3:26 pm

Hello.

I see that you are running BitTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    BitTorrent
    Java(TM) 6 Update 14

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe that you downloaded to install the newest version.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivir :(

Post by yellowsubmarine on 14th August 2010, 4:28 pm

Hello,

I've removed the programs, but it won't let me install the JRE. The site keeps telling me to contact customer service every time I click continue after picking which platform I'm using.

Besides that, the machine is running perfectly. I can't thank you enough for your help. Thought I was gonna lose control of my laptop Smile

yellowsubmarine
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-08-10
OS OS : Windows 7
Points Points : 23273
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum