BleepingComputer.com: Keep gettin pop-ups, goolgle redirects and BSOD with message, "IRQL_NOT_LESS_OR_EQUAL".

A few months ago, I was browsing the internet on seemingly respectable sites when all of a sudden my computer flashed a blue screen at me with the message IRQL_NOT_LESS_OR_EQUAL. I've tried to find out how to get rid of the problem, but all it has left me with is more stress! Evertime I try to click on a google search result, it either pops up a porn site/ serial search engine or redirects me to something else entirely! I've tried using a registry cleaner,(don't know if that does anything! ) Anti-malware bytes and Microsoft Security Essentials, but they all say nothing's wrong! I'm on my last legs here, as it's changing my Microsoft Office documents into some other file type called a DOCX file, and even though it isn't affecting it, it is terribly irritating! Can anyone help me?

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Sarah at 17:27:55.88 on 14/05/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1916.1014 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
D:\Other\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.tofugu.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
mStart Page = hxxp://yeppo.net
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TBSB05541 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\veehd plugin\tbunsxdad.tmp\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Veehd Plugin: {32ea9cd0-5187-4fe3-b989-b4d1408d2802} - c:\program files\veehd plugin\tbunsxdad.tmp\tbcore3.dll
uRun: [TOSHIBA Online Product Information] c:\program files\toshiba\toshiba online product information\topi.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaReminder.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [TOSHIBA Online Product Information] c:\program files\toshiba\toshiba online product information\topi.exe
StartupFolder: c:\users\sarah\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.164.142,93.188.160.82
TCP: {9B8B426B-4319-455B-86C5-F6B856E40456} = 93.188.164.142,93.188.160.82
TCP: 35B4954393438323 = 93.188.164.142,93.188.160.82
TCP: 4516C6B64516C6B6A656236683 = 93.188.164.142,93.188.160.82
TCP: {DBB8C238-1AE5-478E-A21A-A0CEEF094FAE} = 93.188.164.142,93.188.160.82
Notify: igfxcui - igfxdev.dll
AppInit_DLLs:
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsld1cfba76;MpKsld1cfba76;c:\programdata\microsoft\microsoft antimalware\definition updates\{07859454-e5f9-4e09-84e1-ad5f4fb028a8}\MpKsld1cfba76.sys [2011-5-14 28752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-7 62832]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-9-4 7680]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2011-1-15 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-4 187392]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2011-1-15 376320]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2011-1-15 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
S1 MpKsl406eb0c9;MpKsl406eb0c9;c:\programdata\microsoft\microsoft antimalware\definition updates\{07859454-e5f9-4e09-84e1-ad5f4fb028a8}\MpKsl406eb0c9.sys [2011-4-9 28752]
S1 MpKslb5e2588b;MpKslb5e2588b;c:\programdata\microsoft\microsoft antimalware\definition updates\{07859454-e5f9-4e09-84e1-ad5f4fb028a8}\MpKslb5e2588b.sys [2011-5-5 28752]
S1 MpKslc908b192;MpKslc908b192;c:\programdata\microsoft\microsoft antimalware\definition updates\{07859454-e5f9-4e09-84e1-ad5f4fb028a8}\MpKslc908b192.sys [2011-3-26 28752]
S1 MpKsld97010ed;MpKsld97010ed;c:\programdata\microsoft\microsoft antimalware\definition updates\{07859454-e5f9-4e09-84e1-ad5f4fb028a8}\MpKsld97010ed.sys [2011-4-30 28752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-15 135664]
S2 iproty;Windows Autenthification Service;c:\windows\system32\iproty.exe [2011-3-21 18944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-15 135664]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-6 52224]
.
=============== Created Last 30 ================
.
2011-05-14 16:11:06 -------- d-----w- c:\program files\NoVirusThanks
2011-05-14 09:22:05 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{07859454-e5f9-4e09-84e1-ad5f4fb028a8}\MpKsld1cfba76.sys
2011-05-14 00:23:35 0 ---ha-w- c:\users\sarah\appdata\local\BIT30D.tmp
2011-05-13 21:17:12 -------- d-----w- c:\users\sarah\appdata\local\DDMSettings
2011-05-13 21:01:32 -------- d-----w- c:\program files\common files\PX Storage Engine
2011-05-13 21:00:54 -------- d-----w- c:\program files\common files\DivX Shared
2011-05-13 20:50:41 -------- d-----w- c:\program files\DivX
2011-05-13 20:48:38 -------- d-----w- c:\progra~2\DivX
2011-05-13 20:47:16 -------- d-----w- c:\program files\Veehd Plugin
2011-05-07 19:11:35 -------- d-----w- c:\progra~2\Electronic Arts
2011-05-07 18:57:54 -------- d-----w- c:\program files\Microsoft WSE
2011-05-07 18:57:36 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-05-05 18:06:18 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{07859454-e5f9-4e09-84e1-ad5f4fb028a8}\MpKslb5e2588b.sys
2011-05-01 19:29:02 -------- d-----w- c:\progra~2\TorrentEasy
2011-05-01 14:18:14 -------- dc-h--w- c:\progra~2\{672F14F5-C808-4E08-A382-53913643258A}
2011-05-01 14:17:59 -------- d-----w- c:\users\sarah\appdata\local\PackageAware
2011-04-30 20:16:45 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{07859454-e5f9-4e09-84e1-ad5f4fb028a8}\MpKsld97010ed.sys
2011-04-26 12:10:44 -------- d-----w- c:\users\sarah\appdata\roaming\Synthesia
2011-04-26 12:09:50 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-04-26 12:09:22 -------- d-----w- c:\program files\Synthesia
2011-04-24 23:23:55 -------- d-----w- c:\program files\iPod
2011-04-24 23:23:54 -------- d-----w- c:\program files\iTunes
2011-04-24 23:21:53 -------- d-----w- c:\program files\Bonjour
2011-04-20 21:22:39 -------- d-----w- c:\users\sarah\appdata\roaming\Philipp Winterberg
2011-04-20 21:22:33 -------- d-----w- c:\program files\Free RAR Extract Frog
2011-04-18 19:37:50 -------- d-----w- c:\users\sarah\appdata\local\Graboid_Inc
2011-04-18 19:37:50 -------- d-----w- c:\users\sarah\appdata\local\Graboid
2011-04-18 19:37:49 -------- d-----w- c:\users\sarah\appdata\local\Geckofx
2011-04-18 19:37:02 -------- d-----w- c:\program files\VideoLAN
2011-04-18 19:36:45 -------- d-----w- c:\program files\Graboid
.
==================== Find3M ====================
.
2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 15:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-26 13:39:02 249856 ------w- c:\windows\Setup1.exe
2011-03-26 13:39:00 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-03-21 21:48:22 18944 ----a-w- c:\windows\system32\iproty.exe
2011-03-07 22:46:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-06 15:13:39 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-18 16:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: TOSHIBA_ rev.FG00 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x868FA555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x869007b0]; MOV EAX, [0x8690082c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82E3A52F] -> \Device\Harddisk0\DR0[0x868D6030]
3 CLASSPNP[0x88E0459E] -> ntkrnlpa!IofCallDriver[0x82E3A52F] -> [0x86ADE400]
\Driver\iaStor[0x86908E10] -> IRP_MJ_CREATE -> 0x868FA555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskTOSHIBA_MK2555GSX_______________________FG001M__#4&3637fc5f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 17:29:22.82 ===============

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  
  
• Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  
  
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  
  
• In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  
  
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  
  
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  
  
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  
  
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
  
  
• Please do not PM me directly for help. If you have any questions, post them in this topic.
  
  
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

• Double-click on RKUnhookerLE.exe to start the program.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• Click the Report tab, then click Scan.
  
• Check Drivers, Stealth Code, and uncheck the rest.
  
• Click OK.
  
• Wait until it's finished and then go to File > Save Report.
  
• Save the report to your Desktop.
  
• Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report

• Please download OTL from here:
  
  • Main Mirror
  
  
• Save it to your desktop.
  
• Double click on the icon on your desktop.
  
• Click the "Scan All Users" checkbox.
  
• Change the "Extra Registry" option to "SafeList"
  
• Push the button.
  
• Two reports will open, copy and paste them in a reply here:
  
  • OTL.txt <-- Will be opened
    
  • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

First of all; this is the RKU report.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8F21D000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6451200 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82E06000 C:\Windows\system32\ntkrnlpa.exe 4268032 bytes (Microsoft Corporation, NT Kernel & System)
0x82E06000 PnpManager 4268032 bytes
0x82E06000 RAW 4268032 bytes
0x82E06000 WMIxWDM 4268032 bytes
0x91430000 C:\Windows\system32\drivers\RTKVHDA.sys 2736128 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x91E20000 Win32k 2408448 bytes
0x91E20000 C:\Windows\System32\win32k.sys 2408448 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x89028000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x88C14000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x90819000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8D80E000 C:\Windows\System32\Drivers\dump_iaStor.sys 892928 bytes
0x88A2F000 C:\Windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8F844000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x88E1A000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x9091B000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x83510000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x98890000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x89F4C000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83430000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x83614000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xABEA2000 C:\Windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)
0x89E24000 C:\Windows\system32\DRIVERS\RTL8187B.sys 413696 bytes (Realtek Semiconductor Corporation , Realtek RTL8187B NDIS Driver)
0x88D81000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x88B8D000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xABE19000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x98967000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8F93F000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x83755000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x83693000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x88F34000 C:\Windows\system32\DRIVERS\tos_sps32.sys 290816 bytes (TOSHIBA Corporation, tos_sps32)
0x89EE3000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8ED80000 C:\Windows\system32\drivers\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x834CE000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x835BB000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x91751000 C:\Windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver)
0x891A3000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x88ED1000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x91714000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x9881E000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8F8FB000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x83218000 ACPI_HAL 225280 bytes
0x83218000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x88B48000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8ED3E000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8EC4A000 C:\Windows\system32\DRIVERS\SynTP.sys 208896 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x88FA8000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x837CB000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x89172000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8F9B8000 C:\Windows\system32\DRIVERS\Rt86win7.sys 200704 bytes (Realtek , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x916CC000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x88F7B000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x88D43000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x836EC000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8D919000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xABE6A000 C:\Windows\System32\drivers\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x88FDA000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x88F0F000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x917A8000 C:\Windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver)
0x88B12000 C:\Windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x89E00000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8ECD6000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x98931000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8EC0B000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8D95A000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8D8FA000 C:\Windows\system32\drivers\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8F999000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x88A00000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x920B0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x89E9E000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x98859000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x89EB9000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x89FD1000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x916FB000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x83400000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8F200000 C:\Windows\system32\drivers\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8ECB3000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8ECF8000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8ED10000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8ED27000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8D9B9000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x91791000 C:\Windows\system32\drivers\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x837A0000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x88D6E000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x89F39000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x88E00000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8ECA1000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8EC34000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x89FEA000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x89008000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x90800000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x88B7C000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8EDC4000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x83721000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x834B5000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x88C00000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8D9E3000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x89ED3000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x891EF000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x89F29000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x83745000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8F98A000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x83600000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8D800000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8D9AB000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x837BD000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x88DDE000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8ED72000 C:\Windows\system32\drivers\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x83685000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8EC94000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x909E7000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8F9E9000 C:\Windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x909D0000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8EC7D000 C:\Windows\system32\drivers\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x98952000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8D97B000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x88A1F000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0xABE96000 C:\Windows\system32\DRIVERS\NisDrvWFP.sys 49152 bytes (Microsoft Corporation, Microsoft Network Inspection System Driver)
0x8D9D0000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x8D94E000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8373A000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x89E93000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x8D9A0000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8ECCB000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8F934000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x83716000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x909DD000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x88B35000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x88DF5000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8D9F4000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x98927000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8EC8A000 C:\Windows\system32\DRIVERS\tdcmdpst.sys 40960 bytes (TOSHIBA Corporation., TOSHIBA ODD Writing Driver for x86.)
0x89E89000 C:\Windows\System32\drivers\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x88B3F000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x88B09000 C:\Windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x88DEC000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xABF15000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x92080000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x836DB000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x834C6000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x83732000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8EC2C000 C:\Windows\system32\DRIVERS\FwLnk.sys 32768 bytes (TOSHIBA Corporation, TOSHIBA Firmware Linkage 32-bit Driver)
0x89000000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x836E4000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8D988000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8D990000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8D998000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x891E7000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x9895F000 C:\Windows\system32\DRIVERS\XAudio32.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8D947000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8D940000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x837B6000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8D9DC000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8F9F8000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x88BF9000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl2a09b02c.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xABE90000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl6b81e037.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x88BED000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl6e94b0c3.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x88E13000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsle5b459bb.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x90811000 C:\Windows\system32\DRIVERS\pgeffect.sys 24576 bytes (TOSHIBA Corporation, TOSHIBA Universal Camera Filter Driver)
0x891E2000 C:\Windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x8EC46000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9888C000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x86B3E000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8F9FE000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8F9F6000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x046D0000 Hidden Image-->PCHealthInfo.dll [ EPROCESS 0x8830DAB8 ] PID: 3392, 110592 bytes
0x046F0000 Hidden Image-->SwUpdates.dll [ EPROCESS 0x8830DAB8 ] PID: 3392, 126976 bytes
0x08590000 Hidden Image-->Microsoft.mshtml.dll [ EPROCESS 0x8830DAB8 ] PID: 3392, 8015872 bytes
0x03F50000 Hidden Image-->Alerts.dll [ EPROCESS 0x8830DAB8 ] PID: 3392, 94208 bytes


And then these are the OTL reports.

OTL logfile created on: 5/18/2011 7:56:18 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sarah\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 85.95 Gb Free Space | 73.91% Space Free | Partition Type: NTFS
Drive D: | 116.21 Gb Total Space | 97.14 Gb Free Space | 83.60% Space Free | Partition Type: NTFS
Drive E: | 5.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SARAH-TOSH | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/18 19:55:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
PRC - [2011/05/17 20:10:55 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/20 05:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 05:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/11 13:26:42 | 000,226,984 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/08/17 11:48:46 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/08/17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/08/13 13:31:24 | 000,521,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2009/08/12 11:30:42 | 006,203,296 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
PRC - [2009/08/11 12:37:50 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/08/10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/06 15:02:02 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
PRC - [2009/08/05 15:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2009/08/05 15:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2009/08/05 15:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2009/08/03 18:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/03 18:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/13 16:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2009/07/07 10:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\RSelect\RSelSvc.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe


========== Modules (SafeList) ==========

MOD - [2011/05/18 19:55:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
MOD - [2010/11/20 04:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/21 22:48:22 | 000,018,944 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\iproty.exe -- (iproty)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/08/17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/05 15:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/03 18:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/07 10:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/04/29 12:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - [2011/05/18 19:47:41 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl6b81e037.sys -- (MpKsl6b81e037)
DRV - [2011/05/18 19:45:09 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl2a09b02c.sys -- (MpKsl2a09b02c)
DRV - [2011/05/18 19:43:02 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsle5b459bb.sys -- (MpKsle5b459bb)
DRV - [2011/05/18 19:40:32 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl6e94b0c3.sys -- (MpKsl6e94b0c3)
DRV - [2011/05/05 19:06:18 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKslb5e2588b.sys -- (MpKslb5e2588b)
DRV - [2011/04/30 21:16:45 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsld97010ed.sys -- (MpKsld97010ed)
DRV - [2011/04/09 20:12:23 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl406eb0c9.sys -- (MpKsl406eb0c9)
DRV - [2011/03/26 11:43:04 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKslc908b192.sys -- (MpKslc908b192)
DRV - [2010/11/20 03:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/08/13 09:37:00 | 000,376,320 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/07/30 17:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/24 16:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 23:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/07 08:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\FwLnk.sys -- (FwLnk)
DRV - [2009/06/24 18:23:12 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/06/22 18:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/04/29 12:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2006/04/10 06:02:18 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yeppo.net


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2828275537-3082013931-1688591469-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\S-1-5-21-2828275537-3082013931-1688591469-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2828275537-3082013931-1688591469-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2828275537-3082013931-1688591469-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2011/01/15 07:38:37 | 000,001,093 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.8minutedating.com
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 127.0.0.1 xinmin.cn
O1 - Hosts: 127.0.0.1 xy95.cn
O1 - Hosts: 127.0.0.1 koralda.com
O1 - Hosts: 127.0.0.1 weirden.com
O1 - Hosts: 127.0.0.1 nanocloudcontroller.com
O1 - Hosts: 127.0.0.1 coo0lnet.net
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (TBSB05541 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Veehd Plugin\tbunsxDAD.tmp\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Veehd Plugin) - {32EA9CD0-5187-4FE3-B989-B4D1408D2802} - C:\Program Files\Veehd Plugin\tbunsxDAD.tmp\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2828275537-3082013931-1688591469-1001\..\Toolbar\WebBrowser: (Veehd Plugin) - {32EA9CD0-5187-4FE3-B989-B4D1408D2802} - C:\Program Files\Veehd Plugin\tbunsxDAD.tmp\tbcore3.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-21-2828275537-3082013931-1688591469-1001..\Run: [EA Core] File not found
O4 - HKU\S-1-5-21-2828275537-3082013931-1688591469-1001..\Run: [TOSHIBA Online Product Information] C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.142,93.188.160.82
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/22 00:48:37 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{a6bec6d4-2072-11e0-8cf7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a6bec6d4-2072-11e0-8cf7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/04/30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/18 19:55:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2011/05/17 21:42:33 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/05/17 21:37:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/05/17 21:27:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/17 21:26:39 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011/05/17 21:26:39 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011/05/17 21:26:39 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011/05/17 21:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/05/17 21:24:28 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Windows Live
[2011/05/17 20:10:55 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/14 17:31:55 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\gmer
[2011/05/14 17:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\NoVirusThanks
[2011/05/14 01:25:58 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/05/13 22:01:44 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\DivX
[2011/05/13 22:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/05/13 21:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/05/13 21:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/05/13 21:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Veehd Plugin
[2011/05/08 19:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011/05/07 20:13:29 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\Electronic Arts
[2011/05/07 20:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/05/07 19:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2011/05/07 19:57:36 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011/05/07 19:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2011/05/01 20:29:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TorrentEasy
[2011/05/01 15:18:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\{672F14F5-C808-4E08-A382-53913643258A}
[2011/05/01 15:17:59 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\PackageAware
[2011/04/26 13:10:44 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Synthesia
[2011/04/26 13:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synthesia
[2011/04/26 13:09:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\Synthesia Music
[2011/04/26 13:09:50 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011/04/26 13:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Synthesia
[2011/04/25 00:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/25 00:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/25 00:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/25 00:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/20 22:22:39 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Philipp Winterberg
[2011/04/20 22:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free RAR Extract Frog
[2011/04/20 22:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\Free RAR Extract Frog
[2011/04/18 20:40:33 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\vlc
[2011/04/18 20:37:50 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Graboid_Inc
[2011/04/18 20:37:50 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Graboid
[2011/04/18 20:37:49 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Geckofx
[2011/04/18 20:37:48 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Mozilla
[2011/04/18 20:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/04/18 20:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Sarah\AppData\Local\*.tmp files -> C:\Users\Sarah\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/18 19:55:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2011/05/18 19:55:12 | 000,016,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/18 19:55:12 | 000,016,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/18 19:52:56 | 000,621,742 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/18 19:52:56 | 000,108,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/18 19:52:19 | 000,133,632 | ---- | M] () -- C:\Users\Sarah\Desktop\RKUnhookerLE.EXE
[2011/05/18 19:47:59 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/18 19:47:59 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/05/18 19:47:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/18 19:47:20 | 236,494,207 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/18 19:47:19 | 1506,795,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/17 23:27:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/17 20:10:55 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/14 17:22:53 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\defogger_reenable
[2011/05/14 01:23:35 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\AppData\Local\{A318411C-33B2-44DD-8A4D-B46BD3F29091}
[2011/05/08 19:31:13 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011/05/07 19:57:25 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2011/04/30 21:33:47 | 000,001,152 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/04/26 13:10:28 | 000,001,864 | ---- | M] () -- C:\Users\Sarah\Desktop\Play Synthesia.lnk
[2011/04/25 12:10:08 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/04/25 00:25:36 | 000,002,503 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/25 00:24:37 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/24 15:47:05 | 000,000,534 | ---- | M] () -- C:\Windows\System32\tmp.xml
[2011/04/20 22:22:35 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Free RAR Extract Frog.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Sarah\AppData\Local\*.tmp files -> C:\Users\Sarah\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/18 19:52:18 | 000,133,632 | ---- | C] () -- C:\Users\Sarah\Desktop\RKUnhookerLE.EXE
[2011/05/17 21:35:43 | 000,001,218 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/05/17 21:33:51 | 000,001,287 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/05/17 21:31:41 | 000,001,371 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/05/17 21:30:05 | 000,002,399 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/05/14 17:22:53 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\defogger_reenable
[2011/05/14 01:23:19 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Local\{A318411C-33B2-44DD-8A4D-B46BD3F29091}
[2011/05/08 19:31:13 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011/05/07 19:57:25 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2011/04/26 13:09:53 | 000,001,864 | ---- | C] () -- C:\Users\Sarah\Desktop\Play Synthesia.lnk
[2011/04/25 00:24:37 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/20 22:22:35 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Free RAR Extract Frog.lnk
[2011/03/21 22:48:21 | 000,018,944 | ---- | C] () -- C:\Windows\System32\iproty.exe
[2011/01/15 07:57:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/09/04 17:55:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/09/04 17:55:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/04 10:23:47 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/27 08:57:38 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/08/27 08:57:38 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/08/27 08:57:38 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/08/27 08:57:38 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,334,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,621,742 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,108,792 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

OTL logfile created on: 5/18/2011 7:56:18 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sarah\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 85.95 Gb Free Space | 73.91% Space Free | Partition Type: NTFS
Drive D: | 116.21 Gb Total Space | 97.14 Gb Free Space | 83.60% Space Free | Partition Type: NTFS
Drive E: | 5.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SARAH-TOSH | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/18 19:55:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
PRC - [2011/05/17 20:10:55 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/20 05:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 05:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/11 13:26:42 | 000,226,984 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/08/17 11:48:46 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/08/17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/08/13 13:31:24 | 000,521,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2009/08/12 11:30:42 | 006,203,296 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
PRC - [2009/08/11 12:37:50 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/08/10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/06 15:02:02 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
PRC - [2009/08/05 15:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2009/08/05 15:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2009/08/05 15:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2009/08/03 18:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/03 18:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/13 16:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2009/07/07 10:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\RSelect\RSelSvc.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe


========== Modules (SafeList) ==========

MOD - [2011/05/18 19:55:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
MOD - [2010/11/20 04:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/21 22:48:22 | 000,018,944 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\iproty.exe -- (iproty)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/08/17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/05 15:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/03 18:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/07 10:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/04/29 12:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - [2011/05/18 19:47:41 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl6b81e037.sys -- (MpKsl6b81e037)
DRV - [2011/05/18 19:45:09 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl2a09b02c.sys -- (MpKsl2a09b02c)
DRV - [2011/05/18 19:43:02 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsle5b459bb.sys -- (MpKsle5b459bb)
DRV - [2011/05/18 19:40:32 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl6e94b0c3.sys -- (MpKsl6e94b0c3)
DRV - [2011/05/05 19:06:18 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKslb5e2588b.sys -- (MpKslb5e2588b)
DRV - [2011/04/30 21:16:45 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsld97010ed.sys -- (MpKsld97010ed)
DRV - [2011/04/09 20:12:23 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl406eb0c9.sys -- (MpKsl406eb0c9)
DRV - [2011/03/26 11:43:04 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKslc908b192.sys -- (MpKslc908b192)
DRV - [2010/11/20 03:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/08/13 09:37:00 | 000,376,320 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/07/30 17:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/24 16:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 23:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/07 08:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\FwLnk.sys -- (FwLnk)
DRV - [2009/06/24 18:23:12 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/06/22 18:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/04/29 12:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2006/04/10 06:02:18 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yeppo.net


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2828275537-3082013931-1688591469-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\S-1-5-21-2828275537-3082013931-1688591469-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2828275537-3082013931-1688591469-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2828275537-3082013931-1688591469-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2011/01/15 07:38:37 | 000,001,093 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.8minutedating.com
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 127.0.0.1 xinmin.cn
O1 - Hosts: 127.0.0.1 xy95.cn
O1 - Hosts: 127.0.0.1 koralda.com
O1 - Hosts: 127.0.0.1 weirden.com
O1 - Hosts: 127.0.0.1 nanocloudcontroller.com
O1 - Hosts: 127.0.0.1 coo0lnet.net
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (TBSB05541 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Veehd Plugin\tbunsxDAD.tmp\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Veehd Plugin) - {32EA9CD0-5187-4FE3-B989-B4D1408D2802} - C:\Program Files\Veehd Plugin\tbunsxDAD.tmp\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2828275537-3082013931-1688591469-1001\..\Toolbar\WebBrowser: (Veehd Plugin) - {32EA9CD0-5187-4FE3-B989-B4D1408D2802} - C:\Program Files\Veehd Plugin\tbunsxDAD.tmp\tbcore3.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-21-2828275537-3082013931-1688591469-1001..\Run: [EA Core] File not found
O4 - HKU\S-1-5-21-2828275537-3082013931-1688591469-1001..\Run: [TOSHIBA Online Product Information] C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.142,93.188.160.82
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/22 00:48:37 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{a6bec6d4-2072-11e0-8cf7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a6bec6d4-2072-11e0-8cf7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/04/30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/18 19:55:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2011/05/17 21:42:33 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/05/17 21:37:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/05/17 21:27:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/17 21:26:39 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011/05/17 21:26:39 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011/05/17 21:26:39 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011/05/17 21:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/05/17 21:24:28 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Windows Live
[2011/05/17 20:10:55 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/14 17:31:55 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\gmer
[2011/05/14 17:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\NoVirusThanks
[2011/05/14 01:25:58 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/05/13 22:01:44 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\DivX
[2011/05/13 22:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/05/13 21:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/05/13 21:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/05/13 21:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Veehd Plugin
[2011/05/08 19:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011/05/07 20:13:29 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\Electronic Arts
[2011/05/07 20:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/05/07 19:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2011/05/07 19:57:36 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011/05/07 19:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2011/05/01 20:29:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TorrentEasy
[2011/05/01 15:18:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\{672F14F5-C808-4E08-A382-53913643258A}
[2011/05/01 15:17:59 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\PackageAware
[2011/04/26 13:10:44 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Synthesia
[2011/04/26 13:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synthesia
[2011/04/26 13:09:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\Synthesia Music
[2011/04/26 13:09:50 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011/04/26 13:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Synthesia
[2011/04/25 00:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/25 00:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/25 00:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/25 00:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/20 22:22:39 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Philipp Winterberg
[2011/04/20 22:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free RAR Extract Frog
[2011/04/20 22:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\Free RAR Extract Frog
[2011/04/18 20:40:33 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\vlc
[2011/04/18 20:37:50 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Graboid_Inc
[2011/04/18 20:37:50 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Graboid
[2011/04/18 20:37:49 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Geckofx
[2011/04/18 20:37:48 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Mozilla
[2011/04/18 20:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/04/18 20:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Sarah\AppData\Local\*.tmp files -> C:\Users\Sarah\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/18 19:55:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2011/05/18 19:55:12 | 000,016,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/18 19:55:12 | 000,016,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/18 19:52:56 | 000,621,742 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/18 19:52:56 | 000,108,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/18 19:52:19 | 000,133,632 | ---- | M] () -- C:\Users\Sarah\Desktop\RKUnhookerLE.EXE
[2011/05/18 19:47:59 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/18 19:47:59 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/05/18 19:47:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/18 19:47:20 | 236,494,207 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/18 19:47:19 | 1506,795,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/17 23:27:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/17 20:10:55 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/14 17:22:53 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\defogger_reenable
[2011/05/14 01:23:35 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\AppData\Local\{A318411C-33B2-44DD-8A4D-B46BD3F29091}
[2011/05/08 19:31:13 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011/05/07 19:57:25 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2011/04/30 21:33:47 | 000,001,152 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/04/26 13:10:28 | 000,001,864 | ---- | M] () -- C:\Users\Sarah\Desktop\Play Synthesia.lnk
[2011/04/25 12:10:08 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/04/25 00:25:36 | 000,002,503 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/25 00:24:37 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/24 15:47:05 | 000,000,534 | ---- | M] () -- C:\Windows\System32\tmp.xml
[2011/04/20 22:22:35 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Free RAR Extract Frog.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Sarah\AppData\Local\*.tmp files -> C:\Users\Sarah\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/18 19:52:18 | 000,133,632 | ---- | C] () -- C:\Users\Sarah\Desktop\RKUnhookerLE.EXE
[2011/05/17 21:35:43 | 000,001,218 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/05/17 21:33:51 | 000,001,287 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/05/17 21:31:41 | 000,001,371 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/05/17 21:30:05 | 000,002,399 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/05/14 17:22:53 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\defogger_reenable
[2011/05/14 01:23:19 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Local\{A318411C-33B2-44DD-8A4D-B46BD3F29091}
[2011/05/08 19:31:13 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011/05/07 19:57:25 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2011/04/26 13:09:53 | 000,001,864 | ---- | C] () -- C:\Users\Sarah\Desktop\Play Synthesia.lnk
[2011/04/25 00:24:37 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/20 22:22:35 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Free RAR Extract Frog.lnk
[2011/03/21 22:48:21 | 000,018,944 | ---- | C] () -- C:\Windows\System32\iproty.exe
[2011/01/15 07:57:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/09/04 17:55:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/09/04 17:55:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/04 10:23:47 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/27 08:57:38 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/08/27 08:57:38 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/08/27 08:57:38 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/08/27 08:57:38 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,334,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,621,742 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,108,792 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

Hi!

OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
  
• Copy and Paste the following code into the textbox.
  

  :Services
  :OTL
  SRV - [2011/03/21 22:48:22 | 000,018,944 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\iproty.exe -- (iproty)
  O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  O4 - HKU\S-1-5-21-2828275537-3082013931-1688591469-1001..\Run: [EA Core] File not found
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.142,93.188.160.82
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O33 - MountPoints2\{a6bec6d4-2072-11e0-8cf7-806e6f6e6963}\Shell - "" = AutoRun
  O33 - MountPoints2\{a6bec6d4-2072-11e0-8cf7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/04/30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts)
  [2011/05/01 15:18:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\{672F14F5-C808-4E08-A382-53913643258A}
  [2011/05/14 01:23:35 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\AppData\Local\{A318411C-33B2-44DD-8A4D-B46BD3F29091}
  [2011/05/14 01:23:19 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Local\{A318411C-33B2-44DD-8A4D-B46BD3F29091}
  [2011/03/21 22:48:21 | 000,018,944 | ---- | C] () -- C:\Windows\System32\iproty.exe
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  :Commands
  [purity]
  [resethosts]
  [CreateRestorePoint]
  [emptytemp]
  [EMPTYFLASH]
  

  
  
• Push
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• Click the OK button.
  
• A report will open. Copy and Paste that report in your next reply.
  
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



Running TDSSKiller

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

NEXT:



What issues are you currently experiencing with your computer?

Nothing bad is happening so far. The programs seem to have done some good. The only thing is the file types but I can live with that. I'll wait for a few days to see if something else happens.

OTL said this:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service iproty stopped successfully!
Service iproty deleted successfully!
C:\Windows\System32\iproty.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2828275537-3082013931-1688591469-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6bec6d4-2072-11e0-8cf7-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6bec6d4-2072-11e0-8cf7-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6bec6d4-2072-11e0-8cf7-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6bec6d4-2072-11e0-8cf7-806e6f6e6963}\ not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
C:\ProgramData\{672F14F5-C808-4E08-A382-53913643258A} folder moved successfully.
C:\Users\Sarah\AppData\Local\{A318411C-33B2-44DD-8A4D-B46BD3F29091} moved successfully.
File C:\Users\Sarah\AppData\Local\{A318411C-33B2-44DD-8A4D-B46BD3F29091} not found.
File C:\Windows\System32\iproty.exe not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sarah\Desktop\cmd.bat deleted successfully.
C:\Users\Sarah\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41044 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sarah
->Temp folder emptied: 161583332 bytes
->Temporary Internet Files folder emptied: 1659128914 bytes
->Java cache emptied: 318666 bytes
->Flash cache emptied: 41514 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7907248 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,744.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Sarah
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05192011_195059

Files\Folders moved on Reboot...
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File\Folder C:\Users\Sarah\AppData\Local\Temp\~DF0A9E72A6FE10A714.TMP not found!
File\Folder C:\Users\Sarah\AppData\Local\Temp\~DF93A0499CEA8C3C3F.TMP not found!
File\Folder C:\Users\Sarah\AppData\Local\Temp\~DFF182A47B8F9038ED.TMP not found!
File\Folder C:\Users\Sarah\AppData\Local\Temp\~DFFD48640EF5E712EF.TMP not found!
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ISX0P159\topic397318[1].html moved successfully.
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

The TDS Killer said this:

2011/05/19 20:13:30.0678 3868 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/19 20:13:30.0818 3868 ================================================================================
2011/05/19 20:13:30.0818 3868 SystemInfo:
2011/05/19 20:13:30.0818 3868
2011/05/19 20:13:30.0818 3868 OS Version: 6.1.7601 ServicePack: 1.0
2011/05/19 20:13:30.0818 3868 Product type: Workstation
2011/05/19 20:13:30.0818 3868 ComputerName: SARAH-TOSH
2011/05/19 20:13:30.0818 3868 UserName: Sarah
2011/05/19 20:13:30.0818 3868 Windows directory: C:\Windows
2011/05/19 20:13:30.0818 3868 System windows directory: C:\Windows
2011/05/19 20:13:30.0818 3868 Processor architecture: Intel x86
2011/05/19 20:13:30.0818 3868 Number of processors: 2
2011/05/19 20:13:30.0818 3868 Page size: 0x1000
2011/05/19 20:13:30.0818 3868 Boot type: Normal boot
2011/05/19 20:13:30.0818 3868 ================================================================================
2011/05/19 20:13:31.0489 3868 Initialize success
2011/05/19 20:13:33.0673 3816 ================================================================================
2011/05/19 20:13:33.0673 3816 Scan started
2011/05/19 20:13:33.0673 3816 Mode: Manual;
2011/05/19 20:13:33.0673 3816 ================================================================================
2011/05/19 20:13:34.0718 3816 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/05/19 20:13:34.0858 3816 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/05/19 20:13:34.0999 3816 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/05/19 20:13:35.0139 3816 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/19 20:13:35.0436 3816 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/19 20:13:35.0560 3816 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/19 20:13:35.0779 3816 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/05/19 20:13:35.0919 3816 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/05/19 20:13:36.0044 3816 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/05/19 20:13:36.0216 3816 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/05/19 20:13:36.0340 3816 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/05/19 20:13:36.0450 3816 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/05/19 20:13:36.0559 3816 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/19 20:13:36.0668 3816 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/19 20:13:36.0793 3816 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
2011/05/19 20:13:36.0918 3816 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/19 20:13:37.0011 3816 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
2011/05/19 20:13:37.0120 3816 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/05/19 20:13:37.0261 3816 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/05/19 20:13:37.0386 3816 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/19 20:13:37.0526 3816 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/19 20:13:37.0651 3816 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/05/19 20:13:37.0900 3816 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\drivers\atikmdag.sys
2011/05/19 20:13:38.0119 3816 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/05/19 20:13:38.0228 3816 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/19 20:13:38.0337 3816 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/05/19 20:13:38.0462 3816 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/19 20:13:38.0571 3816 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/19 20:13:38.0680 3816 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/19 20:13:38.0790 3816 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/19 20:13:38.0899 3816 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/05/19 20:13:39.0008 3816 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/19 20:13:39.0117 3816 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/19 20:13:39.0195 3816 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/19 20:13:39.0304 3816 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/19 20:13:39.0460 3816 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/19 20:13:39.0585 3816 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/05/19 20:13:39.0726 3816 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/19 20:13:39.0835 3816 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/05/19 20:13:39.0975 3816 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/19 20:13:40.0100 3816 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/05/19 20:13:40.0209 3816 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/05/19 20:13:40.0318 3816 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/19 20:13:40.0443 3816 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/05/19 20:13:40.0568 3816 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/19 20:13:40.0708 3816 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/05/19 20:13:40.0849 3816 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/05/19 20:13:40.0974 3816 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/05/19 20:13:41.0130 3816 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/05/19 20:13:41.0239 3816 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/19 20:13:41.0442 3816 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/05/19 20:13:41.0629 3816 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/19 20:13:41.0738 3816 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/05/19 20:13:41.0863 3816 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/05/19 20:13:41.0956 3816 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/05/19 20:13:42.0081 3816 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/19 20:13:42.0190 3816 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/05/19 20:13:42.0284 3816 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/05/19 20:13:42.0393 3816 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/19 20:13:42.0502 3816 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/05/19 20:13:42.0612 3816 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/05/19 20:13:42.0736 3816 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/05/19 20:13:42.0861 3816 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/19 20:13:42.0970 3816 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/19 20:13:43.0111 3816 FwLnk (0f76e205bdc60364f08a5949082771ca) C:\Windows\system32\DRIVERS\FwLnk.sys
2011/05/19 20:13:43.0204 3816 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/19 20:13:43.0345 3816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/19 20:13:43.0563 3816 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/19 20:13:43.0688 3816 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/05/19 20:13:43.0813 3816 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/05/19 20:13:43.0906 3816 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/19 20:13:44.0016 3816 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/19 20:13:44.0125 3816 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/19 20:13:44.0250 3816 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/05/19 20:13:44.0374 3816 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/05/19 20:13:44.0530 3816 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/05/19 20:13:44.0655 3816 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/05/19 20:13:44.0811 3816 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/05/19 20:13:44.0905 3816 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/19 20:13:45.0030 3816 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/05/19 20:13:45.0170 3816 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/19 20:13:45.0264 3816 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
2011/05/19 20:13:45.0513 3816 igfx (315aaaa2bc9bc778adc0454b3ca8dcce) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/19 20:13:45.0794 3816 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/19 20:13:46.0028 3816 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/19 20:13:46.0153 3816 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/05/19 20:13:46.0278 3816 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/19 20:13:46.0387 3816 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/19 20:13:46.0496 3816 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/05/19 20:13:46.0590 3816 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/05/19 20:13:46.0746 3816 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/05/19 20:13:46.0855 3816 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/05/19 20:13:46.0948 3816 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/05/19 20:13:47.0073 3816 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/05/19 20:13:47.0198 3816 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/05/19 20:13:47.0323 3816 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/19 20:13:47.0541 3816 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/19 20:13:48.0196 3816 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/19 20:13:48.0477 3816 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/19 20:13:48.0649 3816 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/19 20:13:48.0852 3816 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/19 20:13:49.0023 3816 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/19 20:13:49.0288 3816 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/05/19 20:13:49.0476 3816 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/19 20:13:49.0585 3816 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/19 20:13:49.0756 3816 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/19 20:13:49.0912 3816 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/05/19 20:13:50.0022 3816 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/19 20:13:50.0131 3816 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/05/19 20:13:50.0287 3816 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/19 20:13:50.0380 3816 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/05/19 20:13:50.0490 3816 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/05/19 20:13:50.0599 3816 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/05/19 20:13:50.0973 3816 MpKsl155a9909 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl155a9909.sys
2011/05/19 20:13:51.0894 3816 MpKsl38aa548c (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl38aa548c.sys
2011/05/19 20:13:52.0268 3816 MpKsl406eb0c9 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl406eb0c9.sys
2011/05/19 20:13:52.0892 3816 MpKsl53a31132 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl53a31132.sys
2011/05/19 20:13:53.0547 3816 MpKsl7155c326 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl7155c326.sys
2011/05/19 20:13:53.0906 3816 MpKsl77a1c065 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl77a1c065.sys
2011/05/19 20:13:54.0140 3816 MpKsl7adab07b (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl7adab07b.sys
2011/05/19 20:13:54.0748 3816 MpKsl947860cc (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl947860cc.sys
2011/05/19 20:13:55.0450 3816 MpKslb5e2588b (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKslb5e2588b.sys
2011/05/19 20:13:56.0137 3816 MpKslc908b192 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKslc908b192.sys
2011/05/19 20:13:56.0496 3816 MpKsld97010ed (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsld97010ed.sys
2011/05/19 20:13:57.0151 3816 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/05/19 20:13:57.0260 3816 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/19 20:13:57.0400 3816 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/05/19 20:13:57.0494 3816 mrxsmb (b272b4c3e085ea860c12f2e4faf2ffa2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/19 20:13:57.0603 3816 mrxsmb10 (9ac33ef26c8a3ad0f117d00eb7301d03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/19 20:13:57.0712 3816 mrxsmb20 (e0abdb5ed7e199e242a7d028e76c1d3a) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/19 20:13:57.0837 3816 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/05/19 20:13:57.0946 3816 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/05/19 20:13:58.0056 3816 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/05/19 20:13:58.0165 3816 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/19 20:13:58.0258 3816 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/05/19 20:13:58.0399 3816 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/19 20:13:58.0524 3816 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/19 20:13:58.0633 3816 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/05/19 20:13:58.0773 3816 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/05/19 20:13:58.0898 3816 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/05/19 20:13:59.0007 3816 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/05/19 20:13:59.0101 3816 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/19 20:13:59.0210 3816 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/05/19 20:13:59.0366 3816 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/19 20:13:59.0538 3816 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/05/19 20:13:59.0647 3816 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/19 20:13:59.0787 3816 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/19 20:13:59.0881 3816 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/19 20:13:59.0990 3816 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/19 20:14:00.0084 3816 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/05/19 20:14:00.0208 3816 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/19 20:14:00.0318 3816 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/19 20:14:00.0458 3816 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/19 20:14:00.0552 3816 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/05/19 20:14:00.0661 3816 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/05/19 20:14:00.0801 3816 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/19 20:14:00.0910 3816 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
2011/05/19 20:14:01.0035 3816 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/05/19 20:14:01.0160 3816 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
2011/05/19 20:14:01.0285 3816 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
2011/05/19 20:14:01.0410 3816 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/05/19 20:14:01.0550 3816 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/05/19 20:14:01.0675 3816 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/05/19 20:14:01.0815 3816 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/05/19 20:14:01.0909 3816 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/19 20:14:02.0018 3816 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/05/19 20:14:02.0112 3816 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/05/19 20:14:02.0205 3816 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/19 20:14:02.0314 3816 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/05/19 20:14:02.0424 3816 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/05/19 20:14:02.0564 3816 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\Windows\system32\DRIVERS\pgeffect.sys
2011/05/19 20:14:02.0704 3816 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/19 20:14:02.0829 3816 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/05/19 20:14:02.0970 3816 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/19 20:14:03.0094 3816 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/19 20:14:03.0219 3816 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/19 20:14:03.0344 3816 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/19 20:14:03.0484 3816 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/19 20:14:03.0594 3816 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/19 20:14:03.0703 3816 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/19 20:14:03.0843 3816 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/19 20:14:03.0937 3816 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/19 20:14:04.0046 3816 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/19 20:14:04.0140 3816 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/19 20:14:04.0249 3816 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/19 20:14:04.0374 3816 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/19 20:14:04.0483 3816 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/19 20:14:04.0592 3816 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/05/19 20:14:04.0701 3816 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/05/19 20:14:04.0873 3816 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/19 20:14:05.0060 3816 RT25USBAP (9c377dbf9d2d19098db935dc1e8361a3) C:\Windows\system32\DRIVERS\rt25usbap.sys
2011/05/19 20:14:05.0185 3816 RTHDMIAzAudService (87407b31ea6ff0dc4765258164b98bea) C:\Windows\system32\drivers\RtHDMIV.sys
2011/05/19 20:14:05.0310 3816 RTL8167 (6465166dd9b2f841dabad16abdadbe98) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/05/19 20:14:05.0466 3816 RTL8187B (0a804a2375b99419d13821b451651856) C:\Windows\system32\DRIVERS\RTL8187B.sys
2011/05/19 20:14:05.0684 3816 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/05/19 20:14:05.0809 3816 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/19 20:14:05.0949 3816 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/19 20:14:06.0058 3816 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/19 20:14:06.0168 3816 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/05/19 20:14:06.0261 3816 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/19 20:14:06.0402 3816 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/05/19 20:14:06.0495 3816 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/19 20:14:06.0589 3816 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/19 20:14:06.0698 3816 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/19 20:14:06.0823 3816 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/05/19 20:14:06.0932 3816 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/19 20:14:07.0041 3816 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/19 20:14:07.0150 3816 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/05/19 20:14:07.0275 3816 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/05/19 20:14:07.0400 3816 srv (112127c3b2e64d7680cc39cd0a39dd7e) C:\Windows\system32\DRIVERS\srv.sys
2011/05/19 20:14:07.0509 3816 srv2 (e5dd784a4ee5ebc72a86c677c988fcdb) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/19 20:14:07.0650 3816 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/19 20:14:07.0821 3816 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/05/19 20:14:07.0946 3816 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/05/19 20:14:08.0055 3816 srvnet (cdbe627e16cc9e98f343d73f8e81d258) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/19 20:14:08.0180 3816 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/19 20:14:08.0305 3816 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/05/19 20:14:08.0430 3816 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/19 20:14:08.0570 3816 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/05/19 20:14:08.0742 3816 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/19 20:14:08.0851 3816 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/19 20:14:08.0976 3816 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/05/19 20:14:09.0069 3816 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/05/19 20:14:09.0163 3816 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/05/19 20:14:09.0256 3816 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/19 20:14:09.0366 3816 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/05/19 20:14:09.0522 3816 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\Windows\system32\DRIVERS\tos_sps32.sys
2011/05/19 20:14:09.0662 3816 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/19 20:14:09.0818 3816 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/05/19 20:14:09.0943 3816 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/19 20:14:10.0052 3816 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/05/19 20:14:10.0161 3816 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/19 20:14:10.0255 3816 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/19 20:14:10.0380 3816 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/19 20:14:10.0473 3816 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/05/19 20:14:10.0582 3816 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/19 20:14:10.0707 3816 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/19 20:14:10.0832 3816 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
2011/05/19 20:14:11.0035 3816 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/05/19 20:14:11.0128 3816 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/19 20:14:11.0238 3816 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/05/19 20:14:11.0378 3816 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/19 20:14:11.0487 3816 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/19 20:14:11.0581 3816 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/19 20:14:11.0690 3816 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/19 20:14:11.0815 3816 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
2011/05/19 20:14:11.0955 3816 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/05/19 20:14:12.0064 3816 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/19 20:14:12.0174 3816 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/05/19 20:14:12.0267 3816 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/05/19 20:14:12.0376 3816 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/05/19 20:14:12.0470 3816 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/05/19 20:14:12.0579 3816 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/05/19 20:14:12.0688 3816 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/05/19 20:14:12.0829 3816 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/05/19 20:14:12.0969 3816 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/05/19 20:14:13.0094 3816 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/19 20:14:13.0188 3816 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/05/19 20:14:13.0297 3816 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/19 20:14:13.0422 3816 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/19 20:14:13.0546 3816 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/19 20:14:13.0562 3816 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/19 20:14:13.0702 3816 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/05/19 20:14:13.0827 3816 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/19 20:14:13.0983 3816 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/19 20:14:14.0092 3816 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/05/19 20:14:14.0217 3816 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/19 20:14:14.0389 3816 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/19 20:14:14.0529 3816 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/19 20:14:14.0654 3816 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/05/19 20:14:14.0810 3816 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/19 20:14:14.0935 3816 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
2011/05/19 20:14:14.0997 3816 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/19 20:14:14.0997 3816 ================================================================================
2011/05/19 20:14:14.0997 3816 Scan finished
2011/05/19 20:14:14.0997 3816 ================================================================================
2011/05/19 20:14:15.0013 0708 Detected object count: 1
2011/05/19 20:14:45.0542 0708 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/19 20:14:45.0542 0708 \HardDisk0 - ok
2011/05/19 20:14:45.0542 0708 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

Hold on, Google still seems to be redirecting me.

Hi RedAppleDolly!

The main infection that you were infected with is called TDL4.

See the snippet of text below:

Quote

You can read more about this infection here:

• TDL4 Rootkit - Bootkit
  
• TDSS: Rootkit technologies from the beginning
  
• TDL3: The Rootkit of All Evil?
  
• Backdoor.Tdss.565
  
• TDL3: Part I A detailed analysis of TDL rootkit 3rd generation

Special thanks to quietman7 for providing the above links.



NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.

• Please post the C:\ComboFix.txt for further review.

Here it is:

ComboFix 11-05-19.02 - Sarah 20/05/2011 21:08:55.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1916.1248 [GMT 1:00]
Running from: c:\users\Sarah\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Veehd Plugin\tbunsxDAD.tmp\tbHElper.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-20 to 2011-05-20 )))))))))))))))))))))))))))))))
.
.
2011-05-20 20:16 . 2011-05-20 20:20 -------- d-----w- c:\users\Sarah\AppData\Local\temp
2011-05-20 20:16 . 2011-05-20 20:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-20 19:59 . 2011-05-20 19:59 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl4090720a.sys
2011-05-19 19:35 . 2011-05-19 19:35 -------- d-----w- c:\users\Sarah\AppData\Local\{38F16D47-0925-458A-9349-A28FBE77ECAE}
2011-05-19 18:51 . 2011-05-19 18:51 18944 ----a-w- c:\windows\system32\dnixt.exe
2011-05-19 18:50 . 2011-05-19 18:50 -------- d-----w- C:\_OTL
2011-05-19 18:46 . 2011-05-19 18:46 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl7155c326.sys
2011-05-17 20:42 . 2011-05-17 20:42 -------- d-----w- c:\windows\en
2011-05-17 20:40 . 2010-09-22 23:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-05-17 20:26 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-05-17 20:26 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-05-17 20:26 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-05-17 20:26 . 2011-05-17 20:26 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\b040c4261cc14d005\InstallManager_WLE_WLE.exe
2011-05-17 20:25 . 2011-05-17 20:25 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\983f533d1cc14d004\MeshBetaRemover.exe
2011-05-17 20:25 . 2011-05-17 20:25 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\94eebc401cc14d003\DXSETUP.exe
2011-05-17 20:25 . 2011-05-17 20:25 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\94eebc401cc14d003\dsetup32.dll
2011-05-17 20:25 . 2011-05-17 20:25 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\94eebc401cc14d003\DSETUP.dll
2011-05-17 20:25 . 2011-05-17 20:25 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\877f42961cc14d002\DSETUP.dll
2011-05-17 20:25 . 2011-05-17 20:25 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\877f42961cc14d002\DXSETUP.exe
2011-05-17 20:25 . 2011-05-17 20:25 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\877f42961cc14d002\dsetup32.dll
2011-05-17 20:24 . 2011-05-17 20:24 6260088 ----a-w- c:\program files\Common Files\Windows Live\.cache\7a7f20941cc14d001\Silverlight.4.0.exe
2011-05-17 20:24 . 2011-05-17 21:00 -------- d-----w- c:\users\Sarah\AppData\Local\Windows Live
2011-05-17 19:10 . 2011-05-17 19:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 16:11 . 2011-05-14 16:11 -------- d-----w- c:\program files\NoVirusThanks
2011-05-14 00:23 . 2011-05-14 00:23 0 ---ha-w- c:\users\Sarah\AppData\Local\BIT30D.tmp
2011-05-13 21:01 . 2011-05-13 21:01 -------- d-----w- c:\users\Sarah\AppData\Roaming\DivX
2011-05-13 21:01 . 2011-05-15 11:38 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-05-13 20:50 . 2011-05-15 11:38 -------- d-----w- c:\program files\DivX
2011-05-13 20:48 . 2011-05-15 11:38 -------- d-----w- c:\programdata\DivX
2011-05-13 20:47 . 2011-05-13 20:47 -------- d-----w- c:\program files\Veehd Plugin
2011-05-07 19:11 . 2011-05-08 18:31 -------- d-----w- c:\programdata\Electronic Arts
2011-05-07 18:57 . 2011-05-07 18:57 -------- d-----w- c:\program files\Microsoft WSE
2011-05-07 18:57 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-05-07 18:39 . 2011-05-07 19:08 -------- d-----w- c:\program files\Electronic Arts
2011-05-05 18:06 . 2011-05-05 18:06 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKslb5e2588b.sys
2011-05-01 19:29 . 2011-05-01 19:29 -------- d-----w- c:\programdata\TorrentEasy
2011-05-01 14:17 . 2011-05-01 14:17 -------- d-----w- c:\users\Sarah\AppData\Local\PackageAware
2011-04-30 20:16 . 2011-04-30 20:16 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsld97010ed.sys
2011-04-26 12:10 . 2011-04-26 12:10 -------- d-----w- c:\users\Sarah\AppData\Roaming\Synthesia
2011-04-26 12:09 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-04-26 12:09 . 2011-04-26 12:10 -------- d-----w- c:\program files\Synthesia
2011-04-24 23:23 . 2011-04-24 23:23 -------- d-----w- c:\program files\iPod
2011-04-24 23:23 . 2011-04-24 23:24 -------- d-----w- c:\program files\iTunes
2011-04-24 23:21 . 2011-04-24 23:21 -------- d-----w- c:\program files\Bonjour
2011-04-20 21:22 . 2011-04-20 21:22 -------- d-----w- c:\users\Sarah\AppData\Roaming\Philipp Winterberg
2011-04-20 21:22 . 2011-04-20 21:22 -------- d-----w- c:\program files\Free RAR Extract Frog
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-17 20:27 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-09 19:12 . 2011-04-09 19:12 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl406eb0c9.sys
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-26 13:39 . 2011-03-26 13:39 249856 ------w- c:\windows\Setup1.exe
2011-03-26 13:39 . 2011-03-26 13:39 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-03-26 10:43 . 2011-03-26 10:43 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKslc908b192.sys
2011-03-07 22:46 . 2011-03-07 22:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-06 15:13 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32EA9CD0-5187-4FE3-B989-B4D1408D2802}"= "c:\program files\Veehd Plugin\tbunsxDAD.tmp\tbcore3.dll" [2011-04-19 2636800]
.
[HKEY_CLASSES_ROOT\clsid\{32ea9cd0-5187-4fe3-b989-b4d1408d2802}]
[HKEY_CLASSES_ROOT\TBSB05541.TBSB05541.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB05541.TBSB05541]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{32EA9CD0-5187-4FE3-B989-B4D1408D2802}"= "c:\program files\Veehd Plugin\tbunsxDAD.tmp\tbcore3.dll" [2011-04-19 2636800]
.
[HKEY_CLASSES_ROOT\clsid\{32ea9cd0-5187-4fe3-b989-b4d1408d2802}]
[HKEY_CLASSES_ROOT\TBSB05541.TBSB05541.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB05541.TBSB05541]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 611672]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl0e92d5af;MpKsl0e92d5af; [x]
R1 MpKsl1424d795;MpKsl1424d795; [x]
R1 MpKsl1e022a71;MpKsl1e022a71; [x]
R1 MpKsl21c5134d;MpKsl21c5134d; [x]
R1 MpKsl28f833ef;MpKsl28f833ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl28f833ef.sys [x]
R1 MpKsl2a505757;MpKsl2a505757; [x]
R1 MpKsl2df6adf9;MpKsl2df6adf9; [x]
R1 MpKsl318fd1a5;MpKsl318fd1a5; [x]
R1 MpKsl38ca0dfa;MpKsl38ca0dfa; [x]
R1 MpKsl3ca2cceb;MpKsl3ca2cceb; [x]
R1 MpKsl406eb0c9;MpKsl406eb0c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl406eb0c9.sys [2011-04-09 28752]
R1 MpKsl43de8b4f;MpKsl43de8b4f; [x]
R1 MpKsl4a1b8746;MpKsl4a1b8746; [x]
R1 MpKsl4a6ea528;MpKsl4a6ea528;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl4a6ea528.sys [x]
R1 MpKsl5211fe91;MpKsl5211fe91; [x]
R1 MpKsl54148b40;MpKsl54148b40; [x]
R1 MpKsl5b17d3ca;MpKsl5b17d3ca; [x]
R1 MpKsl66e95bf4;MpKsl66e95bf4; [x]
R1 MpKsl6b9e364f;MpKsl6b9e364f; [x]
R1 MpKsl6c433114;MpKsl6c433114; [x]
R1 MpKsl7155c326;MpKsl7155c326;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl7155c326.sys [2011-05-19 28752]
R1 MpKsl719f4bd4;MpKsl719f4bd4; [x]
R1 MpKsl733229bc;MpKsl733229bc; [x]
R1 MpKsl7a17e627;MpKsl7a17e627; [x]
R1 MpKsl7c568b44;MpKsl7c568b44; [x]
R1 MpKsl7c5729ca;MpKsl7c5729ca; [x]
R1 MpKsl7eb89171;MpKsl7eb89171; [x]
R1 MpKsl834c58f3;MpKsl834c58f3; [x]
R1 MpKsl910e0b50;MpKsl910e0b50; [x]
R1 MpKsl98d87ac0;MpKsl98d87ac0; [x]
R1 MpKsl9badf15d;MpKsl9badf15d; [x]
R1 MpKsla654d409;MpKsla654d409; [x]
R1 MpKslb0c52954;MpKslb0c52954; [x]
R1 MpKslb11de4a7;MpKslb11de4a7; [x]
R1 MpKslb5e2588b;MpKslb5e2588b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKslb5e2588b.sys [2011-05-05 28752]
R1 MpKslbee40013;MpKslbee40013;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKslbee40013.sys [x]
R1 MpKslbefb3aa4;MpKslbefb3aa4; [x]
R1 MpKslbf5ce967;MpKslbf5ce967; [x]
R1 MpKslc6df51fb;MpKslc6df51fb; [x]
R1 MpKslc836247e;MpKslc836247e; [x]
R1 MpKslc908b192;MpKslc908b192;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKslc908b192.sys [2011-03-26 28752]
R1 MpKslca81cd22;MpKslca81cd22; [x]
R1 MpKsld182a7f3;MpKsld182a7f3; [x]
R1 MpKsld97010ed;MpKsld97010ed;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsld97010ed.sys [2011-04-30 28752]
R1 MpKslde43c1f4;MpKslde43c1f4; [x]
R1 MpKsldeca8f6c;MpKsldeca8f6c; [x]
R1 MpKsleb391fba;MpKsleb391fba; [x]
R1 MpKsledc46f88;MpKsledc46f88; [x]
R1 MpKslf590d73a;MpKslf590d73a; [x]
R1 MpKslf60cd55d;MpKslf60cd55d; [x]
R2 dnixt;Windows Autenthification Service;c:\windows\system32\dnixt.exe [2011-05-19 18944]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 135664]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 MpKsl4090720a;MpKsl4090720a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl4090720a.sys [2011-05-20 28752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-08-13 376320]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 111960]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL4090720A
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 09:11]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 09:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://yeppo.net
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-SaveVid Plug-in - c:\programdata\{672F14F5-C808-4E08-A382-53913643258A}\SavevidSetupV2.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,4a,58,38,0d,07,00,4f,a0,27,43,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,4a,58,38,0d,07,00,4f,a0,27,43,\
.
[HKEY_USERS\S-1-5-21-2828275537-3082013931-1688591469-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2828275537-3082013931-1688591469-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-20 21:22:11
ComboFix-quarantined-files.txt 2011-05-20 20:22
.
Pre-Run: 93,818,548,224 bytes free
Post-Run: 95,270,014,976 bytes free
.
- - End Of File - - F5B1BE46D77FDB1DA006C8DDDD5BC902

Hi!

ComboFix Script

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Suspect::[102]
c:\windows\system32\dnixt.exe
c:\users\Sarah\AppData\Local\BIT30D.tmp
c:\windows\Setup1.exe

DirLook::
c:\users\Sarah\AppData\Local\{38F16D47-0925-458A-9349-A28FBE77ECAE}

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  
• When finished, it shall produce a log for you.
  
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.

Thank you. I think this has done the trick. Just one more thin though. There are a lot of folders that I think belong to the different programs I've used in doing this, is it safe to delete them or do they need to stat. Some of the folder names are _OTL and Qoobox.

ComboFix 11-05-19.02 - Sarah 21/05/2011 0:51.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1916.1043 [GMT 1:00]
Running from: c:\users\Sarah\Desktop\ComboFix.exe
Command switches used :: c:\users\Sarah\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\windows\Setup1.exe
file zipped: c:\windows\System32\dnixt.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-21 to 2011-05-21 )))))))))))))))))))))))))))))))
.
.
2011-05-21 00:11 . 2011-05-21 00:11 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-21 00:11 . 2011-05-21 00:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-20 20:22 . 2011-05-21 00:13 -------- d-----w- c:\users\Sarah\AppData\Local\temp
2011-05-20 19:59 . 2011-05-20 19:59 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl4090720a.sys
2011-05-19 19:35 . 2011-05-19 19:35 -------- d-----w- c:\users\Sarah\AppData\Local\{38F16D47-0925-458A-9349-A28FBE77ECAE}
2011-05-19 18:51 . 2011-05-19 18:51 18944 ----a-w- c:\windows\system32\dnixt.exe
2011-05-19 18:50 . 2011-05-19 18:50 -------- d-----w- C:\_OTL
2011-05-19 18:46 . 2011-05-19 18:46 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl7155c326.sys
2011-05-17 20:42 . 2011-05-17 20:42 -------- d-----w- c:\windows\en
2011-05-17 20:40 . 2010-09-22 23:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-05-17 20:26 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-05-17 20:26 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-05-17 20:26 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-05-17 20:26 . 2011-05-17 20:26 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\b040c4261cc14d005\InstallManager_WLE_WLE.exe
2011-05-17 20:25 . 2011-05-17 20:25 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\983f533d1cc14d004\MeshBetaRemover.exe
2011-05-17 20:25 . 2011-05-17 20:25 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\94eebc401cc14d003\DXSETUP.exe
2011-05-17 20:25 . 2011-05-17 20:25 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\94eebc401cc14d003\dsetup32.dll
2011-05-17 20:25 . 2011-05-17 20:25 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\94eebc401cc14d003\DSETUP.dll
2011-05-17 20:25 . 2011-05-17 20:25 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\877f42961cc14d002\DSETUP.dll
2011-05-17 20:25 . 2011-05-17 20:25 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\877f42961cc14d002\DXSETUP.exe
2011-05-17 20:25 . 2011-05-17 20:25 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\877f42961cc14d002\dsetup32.dll
2011-05-17 20:24 . 2011-05-17 20:24 6260088 ----a-w- c:\program files\Common Files\Windows Live\.cache\7a7f20941cc14d001\Silverlight.4.0.exe
2011-05-17 20:24 . 2011-05-20 21:25 -------- d-----w- c:\users\Sarah\AppData\Local\Windows Live
2011-05-17 19:10 . 2011-05-17 19:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 16:11 . 2011-05-14 16:11 -------- d-----w- c:\program files\NoVirusThanks
2011-05-14 00:23 . 2011-05-14 00:23 0 ---ha-w- c:\users\Sarah\AppData\Local\BIT30D.tmp
2011-05-13 21:01 . 2011-05-13 21:01 -------- d-----w- c:\users\Sarah\AppData\Roaming\DivX
2011-05-13 21:01 . 2011-05-15 11:38 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-05-13 20:50 . 2011-05-15 11:38 -------- d-----w- c:\program files\DivX
2011-05-13 20:48 . 2011-05-15 11:38 -------- d-----w- c:\programdata\DivX
2011-05-13 20:47 . 2011-05-13 20:47 -------- d-----w- c:\program files\Veehd Plugin
2011-05-07 19:11 . 2011-05-08 18:31 -------- d-----w- c:\programdata\Electronic Arts
2011-05-07 18:57 . 2011-05-07 18:57 -------- d-----w- c:\program files\Microsoft WSE
2011-05-07 18:57 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-05-07 18:39 . 2011-05-07 19:08 -------- d-----w- c:\program files\Electronic Arts
2011-05-05 18:06 . 2011-05-05 18:06 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKslb5e2588b.sys
2011-05-01 19:29 . 2011-05-01 19:29 -------- d-----w- c:\programdata\TorrentEasy
2011-05-01 14:17 . 2011-05-01 14:17 -------- d-----w- c:\users\Sarah\AppData\Local\PackageAware
2011-04-30 20:16 . 2011-04-30 20:16 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsld97010ed.sys
2011-04-26 12:10 . 2011-04-26 12:10 -------- d-----w- c:\users\Sarah\AppData\Roaming\Synthesia
2011-04-26 12:09 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-04-26 12:09 . 2011-04-26 12:10 -------- d-----w- c:\program files\Synthesia
2011-04-24 23:23 . 2011-04-24 23:23 -------- d-----w- c:\program files\iPod
2011-04-24 23:23 . 2011-04-24 23:24 -------- d-----w- c:\program files\iTunes
2011-04-24 23:21 . 2011-04-24 23:21 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-17 20:27 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-09 19:12 . 2011-04-09 19:12 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl406eb0c9.sys
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-26 13:39 . 2011-03-26 13:39 249856 ------w- c:\windows\Setup1.exe
2011-03-26 13:39 . 2011-03-26 13:39 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-03-26 10:43 . 2011-03-26 10:43 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKslc908b192.sys
2011-03-07 22:46 . 2011-03-07 22:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-06 15:13 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Sarah\AppData\Local\{38F16D47-0925-458A-9349-A28FBE77ECAE} ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32EA9CD0-5187-4FE3-B989-B4D1408D2802}"= "c:\program files\Veehd Plugin\tbunsxDAD.tmp\tbcore3.dll" [2011-04-19 2636800]
.
[HKEY_CLASSES_ROOT\clsid\{32ea9cd0-5187-4fe3-b989-b4d1408d2802}]
[HKEY_CLASSES_ROOT\TBSB05541.TBSB05541.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB05541.TBSB05541]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{32EA9CD0-5187-4FE3-B989-B4D1408D2802}"= "c:\program files\Veehd Plugin\tbunsxDAD.tmp\tbcore3.dll" [2011-04-19 2636800]
.
[HKEY_CLASSES_ROOT\clsid\{32ea9cd0-5187-4fe3-b989-b4d1408d2802}]
[HKEY_CLASSES_ROOT\TBSB05541.TBSB05541.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB05541.TBSB05541]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 611672]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl0e92d5af;MpKsl0e92d5af; [x]
R1 MpKsl1424d795;MpKsl1424d795; [x]
R1 MpKsl1e022a71;MpKsl1e022a71; [x]
R1 MpKsl21c5134d;MpKsl21c5134d; [x]
R1 MpKsl28f833ef;MpKsl28f833ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl28f833ef.sys [x]
R1 MpKsl2a505757;MpKsl2a505757; [x]
R1 MpKsl2df6adf9;MpKsl2df6adf9; [x]
R1 MpKsl318fd1a5;MpKsl318fd1a5; [x]
R1 MpKsl38ca0dfa;MpKsl38ca0dfa; [x]
R1 MpKsl3ca2cceb;MpKsl3ca2cceb; [x]
R1 MpKsl406eb0c9;MpKsl406eb0c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl406eb0c9.sys [2011-04-09 28752]
R1 MpKsl43de8b4f;MpKsl43de8b4f; [x]
R1 MpKsl4a1b8746;MpKsl4a1b8746; [x]
R1 MpKsl4a6ea528;MpKsl4a6ea528;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl4a6ea528.sys [x]
R1 MpKsl5211fe91;MpKsl5211fe91; [x]
R1 MpKsl54148b40;MpKsl54148b40; [x]
R1 MpKsl5b17d3ca;MpKsl5b17d3ca; [x]
R1 MpKsl66e95bf4;MpKsl66e95bf4; [x]
R1 MpKsl6b9e364f;MpKsl6b9e364f; [x]
R1 MpKsl6c433114;MpKsl6c433114; [x]
R1 MpKsl7155c326;MpKsl7155c326;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl7155c326.sys [2011-05-19 28752]
R1 MpKsl719f4bd4;MpKsl719f4bd4; [x]
R1 MpKsl733229bc;MpKsl733229bc; [x]
R1 MpKsl7a17e627;MpKsl7a17e627; [x]
R1 MpKsl7c568b44;MpKsl7c568b44; [x]
R1 MpKsl7c5729ca;MpKsl7c5729ca; [x]
R1 MpKsl7eb89171;MpKsl7eb89171; [x]
R1 MpKsl834c58f3;MpKsl834c58f3; [x]
R1 MpKsl910e0b50;MpKsl910e0b50; [x]
R1 MpKsl98d87ac0;MpKsl98d87ac0; [x]
R1 MpKsl9badf15d;MpKsl9badf15d; [x]
R1 MpKsla654d409;MpKsla654d409; [x]
R1 MpKslb0c52954;MpKslb0c52954; [x]
R1 MpKslb11de4a7;MpKslb11de4a7; [x]
R1 MpKslb5e2588b;MpKslb5e2588b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKslb5e2588b.sys [2011-05-05 28752]
R1 MpKslbee40013;MpKslbee40013;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKslbee40013.sys [x]
R1 MpKslbefb3aa4;MpKslbefb3aa4; [x]
R1 MpKslbf5ce967;MpKslbf5ce967; [x]
R1 MpKslc6df51fb;MpKslc6df51fb; [x]
R1 MpKslc836247e;MpKslc836247e; [x]
R1 MpKslc908b192;MpKslc908b192;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKslc908b192.sys [2011-03-26 28752]
R1 MpKslca81cd22;MpKslca81cd22; [x]
R1 MpKsld182a7f3;MpKsld182a7f3; [x]
R1 MpKsld97010ed;MpKsld97010ed;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsld97010ed.sys [2011-04-30 28752]
R1 MpKslde43c1f4;MpKslde43c1f4; [x]
R1 MpKsldeca8f6c;MpKsldeca8f6c; [x]
R1 MpKsleb391fba;MpKsleb391fba; [x]
R1 MpKsledc46f88;MpKsledc46f88; [x]
R1 MpKslf590d73a;MpKslf590d73a; [x]
R1 MpKslf60cd55d;MpKslf60cd55d; [x]
R2 dnixt;Windows Autenthification Service;c:\windows\system32\dnixt.exe [2011-05-19 18944]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 MpKsl4090720a;MpKsl4090720a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl4090720a.sys [2011-05-20 28752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-08-13 376320]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 09:11]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 09:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://yeppo.net
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,4a,58,38,0d,07,00,4f,a0,27,43,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,4a,58,38,0d,07,00,4f,a0,27,43,\
.
[HKEY_USERS\S-1-5-21-2828275537-3082013931-1688591469-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2828275537-3082013931-1688591469-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\DllHost.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-05-21 01:17:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-21 00:17
ComboFix2.txt 2011-05-20 20:22
.
Pre-Run: 94,942,228,480 bytes free
Post-Run: 94,890,868,736 bytes free
.
- - End Of File - - 2DEAADA26C7CE9BC517F1EAB62789392
Upload was successful

Hi RedApplyDolly!

We have a special method for cleaning up our tools. We'll do that at the end.



ComboFix Script

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic397318.html/page__view__findpost__p__2256534
Collect::
c:\windows\System32\dnixt.exe
Folder::
c:\users\Sarah\AppData\Local\{38F16D47-0925-458A-9349-A28FBE77ECAE} 

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  
• When finished, it shall produce a log for you.
  
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

• Open Malwarebytes' Anti-Malware
  
• Select the Update tab
  
• Click Check for Updates
  
• After the update have been completed, Select the Scanner tab.
  
• Select Perform quick scan, then click on Scan
  
• Leave the default options as it is and click on Start Scan
  
• When done, you will be prompted. Click OK, then click on Show Results
  
• Checked (ticked) all items and click on Remove Selected
  
• After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
  
  
• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
  
• Check
  
• Make sure that the option "Remove found threats" is Unchecked
  
• When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
  
  • Enable Anti-Stealth technology
  
  
• Push the Start button.
  
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push

NEXT:



Security Check
Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

First Combofix:

ComboFix 11-05-21.03 - Sarah 22/05/2011 9:18.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1916.1147 [GMT 1:00]
Running from: c:\users\Sarah\Desktop\ComboFix.exe
Command switches used :: c:\users\Sarah\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\windows\System32\dnixt.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sarah\AppData\Local\{38F16D47-0925-458A-9349-A28FBE77ECAE}
c:\windows\System32\dnixt.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_dnixt
.
.
((((((((((((((((((((((((( Files Created from 2011-04-22 to 2011-05-22 )))))))))))))))))))))))))))))))
.
.
2011-05-22 08:26 . 2011-05-22 08:28 -------- d-----w- c:\users\Sarah\AppData\Local\temp
2011-05-22 08:26 . 2011-05-22 08:26 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-22 08:26 . 2011-05-22 08:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-22 08:26 . 2011-05-22 08:26 18944 ----a-w- c:\windows\system32\qprotp.exe
2011-05-22 08:06 . 2011-05-22 08:06 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C7E53A5-5872-4557-A639-01B9F8437C17}\MpKsl83e0912e.sys
2011-05-21 21:39 . 2011-05-21 21:39 -------- d-----w- c:\windows\system32\Wat
2011-05-21 18:25 . 2011-05-21 18:25 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-05-21 13:34 . 2011-05-21 13:34 -------- d-----w- c:\users\Sarah\AppData\Local\WinZip
2011-05-21 13:34 . 2011-05-21 13:34 -------- d-----w- c:\programdata\WinZip
2011-05-21 13:27 . 2010-11-30 10:43 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-05-21 13:27 . 2010-11-30 10:43 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7FBB8F0-37F1-4075-8E9B-B30781260A03}\gapaengine.dll
2011-05-21 13:26 . 2011-05-09 12:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C7E53A5-5872-4557-A639-01B9F8437C17}\mpengine.dll
2011-05-21 13:26 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-21 10:55 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-05-21 10:55 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-21 10:55 . 2011-02-23 04:47 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-21 10:55 . 2011-02-23 04:47 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-21 10:55 . 2011-02-23 04:47 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-21 10:55 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-21 10:55 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-21 10:55 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-05-19 18:50 . 2011-05-19 18:50 -------- d-----w- C:\_OTL
2011-05-17 20:42 . 2011-05-17 20:42 -------- d-----w- c:\windows\en
2011-05-17 20:40 . 2010-09-22 23:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-05-17 20:26 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-05-17 20:26 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-05-17 20:26 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-05-17 20:26 . 2011-05-17 20:26 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\b040c4261cc14d005\InstallManager_WLE_WLE.exe
2011-05-17 20:25 . 2011-05-17 20:25 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\983f533d1cc14d004\MeshBetaRemover.exe
2011-05-17 20:25 . 2011-05-17 20:25 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\94eebc401cc14d003\DXSETUP.exe
2011-05-17 20:25 . 2011-05-17 20:25 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\94eebc401cc14d003\dsetup32.dll
2011-05-17 20:25 . 2011-05-17 20:25 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\94eebc401cc14d003\DSETUP.dll
2011-05-17 20:25 . 2011-05-17 20:25 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\877f42961cc14d002\DSETUP.dll
2011-05-17 20:25 . 2011-05-17 20:25 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\877f42961cc14d002\DXSETUP.exe
2011-05-17 20:25 . 2011-05-17 20:25 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\877f42961cc14d002\dsetup32.dll
2011-05-17 20:24 . 2011-05-17 20:24 6260088 ----a-w- c:\program files\Common Files\Windows Live\.cache\7a7f20941cc14d001\Silverlight.4.0.exe
2011-05-17 20:24 . 2011-05-20 21:25 -------- d-----w- c:\users\Sarah\AppData\Local\Windows Live
2011-05-17 19:10 . 2011-05-17 19:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 16:11 . 2011-05-14 16:11 -------- d-----w- c:\program files\NoVirusThanks
2011-05-14 00:23 . 2011-05-14 00:23 0 ---ha-w- c:\users\Sarah\AppData\Local\BIT30D.tmp
2011-05-13 21:01 . 2011-05-13 21:01 -------- d-----w- c:\users\Sarah\AppData\Roaming\DivX
2011-05-13 21:01 . 2011-05-15 11:38 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-05-13 20:50 . 2011-05-15 11:38 -------- d-----w- c:\program files\DivX
2011-05-13 20:48 . 2011-05-15 11:38 -------- d-----w- c:\programdata\DivX
2011-05-13 20:47 . 2011-05-13 20:47 -------- d-----w- c:\program files\Veehd Plugin
2011-05-07 19:11 . 2011-05-08 18:31 -------- d-----w- c:\programdata\Electronic Arts
2011-05-07 18:57 . 2011-05-07 18:57 -------- d-----w- c:\program files\Microsoft WSE
2011-05-07 18:57 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-05-07 18:39 . 2011-05-07 19:08 -------- d-----w- c:\program files\Electronic Arts
2011-05-01 19:29 . 2011-05-01 19:29 -------- d-----w- c:\programdata\TorrentEasy
2011-05-01 14:17 . 2011-05-01 14:17 -------- d-----w- c:\users\Sarah\AppData\Local\PackageAware
2011-04-26 12:10 . 2011-04-26 12:10 -------- d-----w- c:\users\Sarah\AppData\Roaming\Synthesia
2011-04-26 12:09 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-04-26 12:09 . 2011-04-26 12:10 -------- d-----w- c:\program files\Synthesia
2011-04-24 23:23 . 2011-04-24 23:23 -------- d-----w- c:\program files\iPod
2011-04-24 23:23 . 2011-04-24 23:24 -------- d-----w- c:\program files\iTunes
2011-04-24 23:21 . 2011-04-24 23:21 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-17 20:27 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-26 13:39 . 2011-03-26 13:39 249856 ------w- c:\windows\Setup1.exe
2011-03-26 13:39 . 2011-03-26 13:39 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-03-07 22:46 . 2011-03-07 22:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-06 15:13 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32EA9CD0-5187-4FE3-B989-B4D1408D2802}"= "c:\program files\Veehd Plugin\tbunsxDAD.tmp\tbcore3.dll" [2011-04-19 2636800]
.
[HKEY_CLASSES_ROOT\clsid\{32ea9cd0-5187-4fe3-b989-b4d1408d2802}]
[HKEY_CLASSES_ROOT\TBSB05541.TBSB05541.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB05541.TBSB05541]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{32EA9CD0-5187-4FE3-B989-B4D1408D2802}"= "c:\program files\Veehd Plugin\tbunsxDAD.tmp\tbcore3.dll" [2011-04-19 2636800]
.
[HKEY_CLASSES_ROOT\clsid\{32ea9cd0-5187-4fe3-b989-b4d1408d2802}]
[HKEY_CLASSES_ROOT\TBSB05541.TBSB05541.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB05541.TBSB05541]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 611672]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl0e92d5af;MpKsl0e92d5af; [x]
R1 MpKsl1424d795;MpKsl1424d795; [x]
R1 MpKsl1e022a71;MpKsl1e022a71; [x]
R1 MpKsl21c5134d;MpKsl21c5134d; [x]
R1 MpKsl28f833ef;MpKsl28f833ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl28f833ef.sys [x]
R1 MpKsl2a505757;MpKsl2a505757; [x]
R1 MpKsl2df6adf9;MpKsl2df6adf9; [x]
R1 MpKsl318fd1a5;MpKsl318fd1a5; [x]
R1 MpKsl38ca0dfa;MpKsl38ca0dfa; [x]
R1 MpKsl3ca2cceb;MpKsl3ca2cceb; [x]
R1 MpKsl406eb0c9;MpKsl406eb0c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl406eb0c9.sys [x]
R1 MpKsl43de8b4f;MpKsl43de8b4f; [x]
R1 MpKsl4a1b8746;MpKsl4a1b8746; [x]
R1 MpKsl4a6ea528;MpKsl4a6ea528;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl4a6ea528.sys [x]
R1 MpKsl5211fe91;MpKsl5211fe91; [x]
R1 MpKsl54148b40;MpKsl54148b40; [x]
R1 MpKsl5b17d3ca;MpKsl5b17d3ca; [x]
R1 MpKsl66e95bf4;MpKsl66e95bf4; [x]
R1 MpKsl6b9e364f;MpKsl6b9e364f; [x]
R1 MpKsl6c433114;MpKsl6c433114; [x]
R1 MpKsl7155c326;MpKsl7155c326;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsl7155c326.sys [x]
R1 MpKsl719f4bd4;MpKsl719f4bd4; [x]
R1 MpKsl733229bc;MpKsl733229bc; [x]
R1 MpKsl7a17e627;MpKsl7a17e627; [x]
R1 MpKsl7c568b44;MpKsl7c568b44; [x]
R1 MpKsl7c5729ca;MpKsl7c5729ca; [x]
R1 MpKsl7eb89171;MpKsl7eb89171; [x]
R1 MpKsl834c58f3;MpKsl834c58f3; [x]
R1 MpKsl8fd38ec0;MpKsl8fd38ec0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C7E53A5-5872-4557-A639-01B9F8437C17}\MpKsl8fd38ec0.sys [x]
R1 MpKsl910e0b50;MpKsl910e0b50; [x]
R1 MpKsl98d87ac0;MpKsl98d87ac0; [x]
R1 MpKsl9badf15d;MpKsl9badf15d; [x]
R1 MpKsla654d409;MpKsla654d409; [x]
R1 MpKslb0c52954;MpKslb0c52954; [x]
R1 MpKslb11de4a7;MpKslb11de4a7; [x]
R1 MpKslb5e2588b;MpKslb5e2588b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKslb5e2588b.sys [x]
R1 MpKslbee40013;MpKslbee40013;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKslbee40013.sys [x]
R1 MpKslbefb3aa4;MpKslbefb3aa4; [x]
R1 MpKslbf5ce967;MpKslbf5ce967; [x]
R1 MpKslc6df51fb;MpKslc6df51fb; [x]
R1 MpKslc836247e;MpKslc836247e; [x]
R1 MpKslc908b192;MpKslc908b192;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKslc908b192.sys [x]
R1 MpKslca81cd22;MpKslca81cd22; [x]
R1 MpKsld182a7f3;MpKsld182a7f3; [x]
R1 MpKsld97010ed;MpKsld97010ed;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07859454-E5F9-4E09-84E1-AD5F4FB028A8}\MpKsld97010ed.sys [x]
R1 MpKslde43c1f4;MpKslde43c1f4; [x]
R1 MpKsldeca8f6c;MpKsldeca8f6c; [x]
R1 MpKsleb391fba;MpKsleb391fba; [x]
R1 MpKsledc46f88;MpKsledc46f88; [x]
R1 MpKslf590d73a;MpKslf590d73a; [x]
R1 MpKslf60cd55d;MpKslf60cd55d; [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 135664]
R2 qprotp;Windows Autenthification Service;c:\windows\system32\qprotp.exe [2011-05-22 18944]
R3 CFcatchme;CFcatchme;c:\users\Sarah\AppData\Local\Temp\CFcatchme.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-21 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 MpKsl83e0912e;MpKsl83e0912e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C7E53A5-5872-4557-A639-01B9F8437C17}\MpKsl83e0912e.sys [2011-05-22 28752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-08-13 376320]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 09:11]
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 09:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://yeppo.net
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,4a,58,38,0d,07,00,4f,a0,27,43,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,4a,58,38,0d,07,00,4f,a0,27,43,\
.
[HKEY_USERS\S-1-5-21-2828275537-3082013931-1688591469-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2828275537-3082013931-1688591469-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\DllHost.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\windows\system32\sppsvc.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-05-22 09:33:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-22 08:33
ComboFix2.txt 2011-05-21 00:18
ComboFix3.txt 2011-05-20 20:22
.
Pre-Run: 92,315,447,296 bytes free
Post-Run: 91,928,092,672 bytes free
.
- - End Of File - - 89131E5FCF1A1FFBF1519192B6C49899
Upload was successful

Anti-Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6639

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

22/05/2011 09:47:20
mbam-log-2011-05-22 (09-47-20).txt

Scan type: Quick scan
Objects scanned: 157543
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qprotp (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\qprotp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

ESET:

C:\Windows\System32\mnixl.exe Win32/Agent.SKO trojan
C:\_OTL\MovedFiles\05192011_195059\C_Windows\System32\iproty.exe a variant of Win32/Agent.SKO trojan

Security Check:

Results of screen317's Security Check version 0.99.11
Windows 7 Service Pack 1 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
AML Free Registry Cleaner 4.21
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Toshiba Toshiba Online Product Information TOPI.exe
``````````End of Log````````````

Hi!

OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
  
• Copy and Paste the following code into the textbox.
  

  :Services
  :OTL
  
  :Reg
  
  :Files
  C:\Windows\System32\mnixl.exe
  ipconfig /flushdns /c
  :Commands
  [purity]
  [resethosts]
  [CreateRestorePoint]
  [emptytemp]
  [EMPTYFLASH]
  

  
  
• Push
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• Click the OK button.
  
• A report will open. Copy and Paste that report in your next reply.
  
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Microsoft: ‘Unprecedented Wave of Java Exploitation’
  
• Drive-by Trojan preying on out-of-date Java installations
  
• Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  
• Look for "Java Platform, Standard Edition".
  
• Click the "Download JRE" button to the right.
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• From the list, select your OS and Platform.
  
  • 32-bit Select: Windows x86 Offline.
    
  • 64-bit Select: Windows x64.
  
  
• If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.

Go to > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
  
• If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  
• When the Java Setup - Welcome window opens, click the Install > button.
  
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  
• The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

• Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  
• Click Ok and reboot your computer.

NEXT



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy

• Go to Start > Control Panel > Add/Remove Programs
  
• Remove ALL instances of Adobe Reader
  
• Re-boot your computer as required.
  
• Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader

Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan

• Please reopen on your desktop.
  
• Copy and Paste the following code into the textbox.
  
  
  
  netsvcs
  drivers32
  hklm\software\clients\startmenuinternet|command /rs
  %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
  
  
• Push the button.
  
• A report will open. Copy and Paste that report in your next reply.

NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

This post has been edited by SweetTech: 22 May 2011 - 03:01 PM

As far as I can see, my computer is fine again. Thank you so much!

OTL logfile created on: 5/22/2011 8:47:16 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Sarah\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 49.04% Memory free
3.74 Gb Paging File | 2.68 Gb Available in Paging File | 71.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 85.52 Gb Free Space | 73.54% Space Free | Partition Type: NTFS
Drive D: | 116.21 Gb Total Space | 97.03 Gb Free Space | 83.50% Space Free | Partition Type: NTFS
Drive E: | 5.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SARAH-TOSH | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/22 20:26:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
PRC - [2011/05/17 20:10:55 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2011/03/29 15:42:22 | 000,280,400 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/20 05:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/08/17 11:48:46 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/08/17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/08/13 13:31:24 | 000,521,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2009/08/12 11:30:42 | 006,203,296 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
PRC - [2009/08/11 12:37:50 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/08/10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/06 15:02:02 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
PRC - [2009/08/05 15:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2009/08/05 15:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2009/08/05 15:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2009/08/03 18:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/03 18:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/07 10:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\RSelect\RSelSvc.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe


========== Modules (SafeList) ==========

MOD - [2011/05/22 20:26:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
MOD - [2010/11/20 04:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/22 20:28:21 | 000,018,944 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\swinr.exe -- (swinr)
SRV - [2011/05/21 19:22:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/03/29 15:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Running] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/08/17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/05 15:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/03 18:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/07 10:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/04/29 12:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - [2011/05/22 20:30:44 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78BD446E-8A3E-436B-A839-3AFA07B0D07A}\MpKsle9a20e04.sys -- (MpKsle9a20e04)
DRV - [2011/05/22 14:54:20 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78BD446E-8A3E-436B-A839-3AFA07B0D07A}\MpKslf8517a43.sys -- (MpKslf8517a43)
DRV - [2010/11/20 03:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/08/13 09:37:00 | 000,376,320 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/07/30 17:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/24 16:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 23:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/07 08:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\FwLnk.sys -- (FwLnk)
DRV - [2009/06/24 18:23:12 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/06/22 18:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/04/29 12:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2006/04/10 06:02:18 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yeppo.net

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2011/05/22 20:28:21 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (TBSB05541 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Veehd Plugin\tbunsxDAD.tmp\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Veehd Plugin) - {32EA9CD0-5187-4FE3-B989-B4D1408D2802} - C:\Program Files\Veehd Plugin\tbunsxDAD.tmp\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Veehd Plugin) - {32EA9CD0-5187-4FE3-B989-B4D1408D2802} - C:\Program Files\Veehd Plugin\tbunsxDAD.tmp\tbcore3.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/22 00:48:37 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 20:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/05/22 20:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/05/22 20:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2011/05/22 20:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/05/22 20:43:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/22 20:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/22 20:26:53 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2011/05/22 11:52:57 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Microsoft Help
[2011/05/22 09:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/22 09:41:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/22 09:28:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/22 09:26:55 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\temp
[2011/05/22 09:16:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/21 22:39:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2011/05/21 14:34:32 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\WinZip
[2011/05/21 14:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011/05/21 14:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011/05/21 14:34:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/05/20 21:05:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/20 21:05:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/20 21:05:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/20 21:04:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/20 21:04:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/19 19:50:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/17 21:42:33 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/05/17 21:37:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/05/17 21:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/05/17 21:24:28 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Windows Live
[2011/05/14 17:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\NoVirusThanks
[2011/05/13 22:01:44 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\DivX
[2011/05/13 22:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/05/13 21:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/05/13 21:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/05/13 21:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Veehd Plugin
[2011/05/08 19:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011/05/07 20:13:29 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\Electronic Arts
[2011/05/07 20:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/05/07 19:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2011/05/07 19:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2011/05/01 20:29:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TorrentEasy
[2011/05/01 15:17:59 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\PackageAware
[2011/04/26 13:10:44 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Synthesia
[2011/04/26 13:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synthesia
[2011/04/26 13:09:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\Synthesia Music
[2011/04/26 13:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Synthesia
[2011/04/25 00:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/25 00:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/25 00:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/25 00:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\Users\Sarah\AppData\Local\*.tmp files -> C:\Users\Sarah\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/22 20:46:26 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/22 20:45:42 | 000,016,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/22 20:45:42 | 000,016,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/22 20:35:08 | 000,630,560 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/22 20:35:08 | 000,111,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/22 20:31:47 | 000,001,378 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/22 20:31:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/22 20:30:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/22 20:30:25 | 1506,795,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/22 20:28:21 | 000,018,944 | ---- | M] () -- C:\Windows\System32\swinr.exe
[2011/05/22 20:28:21 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/22 20:27:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/22 20:26:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2011/05/22 11:58:28 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/22 10:29:40 | 000,879,035 | ---- | M] () -- C:\Users\Sarah\Desktop\SecurityCheck.exe
[2011/05/22 09:15:42 | 004,352,705 | R--- | M] () -- C:\Users\Sarah\Desktop\ComboFix.exe
[2011/05/21 22:40:28 | 000,340,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/21 16:40:27 | 000,560,738 | ---- | M] () -- C:\Users\Sarah\Desktop\Chloe_Neill_-_Dark_Elite_01_-_Firespell.pdf
[2011/05/21 14:34:24 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/05/19 20:01:18 | 219,147,647 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/14 17:22:53 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\defogger_reenable
[2011/05/08 19:31:13 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011/05/07 19:57:25 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2011/04/30 21:33:47 | 000,001,152 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/04/26 13:10:28 | 000,001,864 | ---- | M] () -- C:\Users\Sarah\Desktop\Play Synthesia.lnk
[2011/04/25 00:25:36 | 000,002,503 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/25 00:24:37 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/24 15:47:05 | 000,000,534 | ---- | M] () -- C:\Windows\System32\tmp.xml
[1 C:\Users\Sarah\AppData\Local\*.tmp files -> C:\Users\Sarah\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/22 20:46:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/22 20:46:26 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/22 20:28:21 | 000,018,944 | ---- | C] () -- C:\Windows\System32\swinr.exe
[2011/05/22 11:58:28 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/22 10:29:34 | 000,879,035 | ---- | C] () -- C:\Users\Sarah\Desktop\SecurityCheck.exe
[2011/05/22 09:15:42 | 004,352,705 | R--- | C] () -- C:\Users\Sarah\Desktop\ComboFix.exe
[2011/05/21 16:40:18 | 000,560,738 | ---- | C] () -- C:\Users\Sarah\Desktop\Chloe_Neill_-_Dark_Elite_01_-_Firespell.pdf
[2011/05/21 14:34:24 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/05/20 21:05:01 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/20 21:05:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/20 21:05:01 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/20 21:05:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/20 21:05:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/17 21:35:43 | 000,001,218 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/05/17 21:33:51 | 000,001,287 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/05/17 21:31:41 | 000,001,371 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/05/17 21:30:05 | 000,002,399 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/05/14 17:22:53 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\defogger_reenable
[2011/05/08 19:31:13 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011/05/07 19:57:25 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2011/04/26 13:09:53 | 000,001,864 | ---- | C] () -- C:\Users\Sarah\Desktop\Play Synthesia.lnk
[2011/04/25 00:24:37 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/15 07:57:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/09/04 17:55:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/09/04 17:55:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/04 10:23:47 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/27 08:57:38 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/08/27 08:57:38 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/08/27 08:57:38 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/08/27 08:57:38 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,340,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,630,560 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,111,612 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/04/19 18:53:09 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\.anki
[2011/03/06 13:04:46 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\GetRightToGo
[2011/02/12 20:13:59 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\mplayer
[2011/04/20 22:22:39 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Philipp Winterberg
[2011/04/26 13:10:49 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Synthesia
[2011/03/13 10:51:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\The Path
[2011/03/12 15:26:41 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Toshiba
[2011/05/14 21:55:45 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\uTorrent
[2011/05/07 01:07:14 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/22 11:58:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/22 11:58:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/22 11:58:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/22 11:58:30 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/22 11:58:30 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-22 11:00:18

< >

< End of report >


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Windows\System32\mnixl.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sarah\Desktop\cmd.bat deleted successfully.
C:\Users\Sarah\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sarah
->Temp folder emptied: 5682962 bytes
->Temporary Internet Files folder emptied: 65113410 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1790 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 154584 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 68.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Sarah
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 05222011_202818

Files\Folders moved on Reboot...
File\Folder C:\Users\Sarah\AppData\Local\Temp\~DF3AA71336BF62623C.TMP not found!
File\Folder C:\Users\Sarah\AppData\Local\Temp\~DF657C2B159AA5C712.TMP not found!
File\Folder C:\Users\Sarah\AppData\Local\Temp\~DF94218DC40910FBBA.TMP not found!
File\Folder C:\Users\Sarah\AppData\Local\Temp\~DFC7BEA191FFA252C8.TMP not found!
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZBCBP9AU\Release_My_Darkness_Love[1].htm moved successfully.
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZBCBP9AU\search[1].htm moved successfully.
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZBCBP9AU\search[2].htm moved successfully.
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9T6JI7J\topic397318[2].html moved successfully.
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K9MHX9EV\fanfiction42[1].css moved successfully.
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K9MHX9EV\search[3].htm moved successfully.
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EMPA5ZG4\fanfiction42[1].css moved successfully.
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EMPA5ZG4\google_co_uk[1].htm moved successfully.

Registry entries deleted on Reboot...


OTL logfile created on: 5/22/2011 8:47:16 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Sarah\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 49.04% Memory free
3.74 Gb Paging File | 2.68 Gb Available in Paging File | 71.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 85.52 Gb Free Space | 73.54% Space Free | Partition Type: NTFS
Drive D: | 116.21 Gb Total Space | 97.03 Gb Free Space | 83.50% Space Free | Partition Type: NTFS
Drive E: | 5.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SARAH-TOSH | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/22 20:26:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
PRC - [2011/05/17 20:10:55 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2011/03/29 15:42:22 | 000,280,400 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/20 05:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/08/17 11:48:46 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/08/17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/08/13 13:31:24 | 000,521,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2009/08/12 11:30:42 | 006,203,296 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
PRC - [2009/08/11 12:37:50 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/08/10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/06 15:02:02 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
PRC - [2009/08/05 15:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2009/08/05 15:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2009/08/05 15:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2009/08/03 18:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/03 18:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/07 10:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\RSelect\RSelSvc.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe


========== Modules (SafeList) ==========

MOD - [2011/05/22 20:26:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
MOD - [2010/11/20 04:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/22 20:28:21 | 000,018,944 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\swinr.exe -- (swinr)
SRV - [2011/05/21 19:22:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/03/29 15:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Running] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/08/17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/05 15:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/03 18:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/07 10:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/04/29 12:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - [2011/05/22 20:30:44 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78BD446E-8A3E-436B-A839-3AFA07B0D07A}\MpKsle9a20e04.sys -- (MpKsle9a20e04)
DRV - [2011/05/22 14:54:20 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78BD446E-8A3E-436B-A839-3AFA07B0D07A}\MpKslf8517a43.sys -- (MpKslf8517a43)
DRV - [2010/11/20 03:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/08/13 09:37:00 | 000,376,320 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/07/30 17:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/24 16:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 23:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/07 08:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\FwLnk.sys -- (FwLnk)
DRV - [2009/06/24 18:23:12 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/06/22 18:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/04/29 12:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2006/04/10 06:02:18 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yeppo.net

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2011/05/22 20:28:21 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (TBSB05541 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Veehd Plugin\tbunsxDAD.tmp\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Veehd Plugin) - {32EA9CD0-5187-4FE3-B989-B4D1408D2802} - C:\Program Files\Veehd Plugin\tbunsxDAD.tmp\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Veehd Plugin) - {32EA9CD0-5187-4FE3-B989-B4D1408D2802} - C:\Program Files\Veehd Plugin\tbunsxDAD.tmp\tbcore3.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/22 00:48:37 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 20:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/05/22 20:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/05/22 20:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2011/05/22 20:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/05/22 20:43:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/22 20:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/22 20:26:53 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2011/05/22 11:52:57 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Microsoft Help
[2011/05/22 09:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/22 09:41:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/22 09:28:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/22 09:26:55 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\temp
[2011/05/22 09:16:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/21 22:39:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2011/05/21 14:34:32 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\WinZip
[2011/05/21 14:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011/05/21 14:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011/05/21 14:34:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/05/20 21:05:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/20 21:05:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/20 21:05:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/20 21:04:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/20 21:04:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/19 19:50:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/17 21:42:33 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/05/17 21:37:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/05/17 21:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/05/17 21:24:28 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Windows Live
[2011/05/14 17:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\NoVirusThanks
[2011/05/13 22:01:44 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\DivX
[2011/05/13 22:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/05/13 21:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/05/13 21:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/05/13 21:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Veehd Plugin
[2011/05/08 19:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011/05/07 20:13:29 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\Electronic Arts
[2011/05/07 20:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/05/07 19:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2011/05/07 19:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2011/05/01 20:29:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TorrentEasy
[2011/05/01 15:17:59 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\PackageAware
[2011/04/26 13:10:44 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Synthesia
[2011/04/26 13:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synthesia
[2011/04/26 13:09:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\Synthesia Music
[2011/04/26 13:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Synthesia
[2011/04/25 00:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/25 00:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/25 00:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/25 00:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\Users\Sarah\AppData\Local\*.tmp files -> C:\Users\Sarah\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/22 20:46:26 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/22 20:45:42 | 000,016,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/22 20:45:42 | 000,016,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/22 20:35:08 | 000,630,560 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/22 20:35:08 | 000,111,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/22 20:31:47 | 000,001,378 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/22 20:31:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/22 20:30:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/22 20:30:25 | 1506,795,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/22 20:28:21 | 000,018,944 | ---- | M] () -- C:\Windows\System32\swinr.exe
[2011/05/22 20:28:21 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/22 20:27:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/22 20:26:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2011/05/22 11:58:28 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/22 10:29:40 | 000,879,035 | ---- | M] () -- C:\Users\Sarah\Desktop\SecurityCheck.exe
[2011/05/22 09:15:42 | 004,352,705 | R--- | M] () -- C:\Users\Sarah\Desktop\ComboFix.exe
[2011/05/21 22:40:28 | 000,340,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/21 16:40:27 | 000,560,738 | ---- | M] () -- C:\Users\Sarah\Desktop\Chloe_Neill_-_Dark_Elite_01_-_Firespell.pdf
[2011/05/21 14:34:24 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/05/19 20:01:18 | 219,147,647 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/14 17:22:53 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\defogger_reenable
[2011/05/08 19:31:13 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011/05/07 19:57:25 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2011/04/30 21:33:47 | 000,001,152 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/04/26 13:10:28 | 000,001,864 | ---- | M] () -- C:\Users\Sarah\Desktop\Play Synthesia.lnk
[2011/04/25 00:25:36 | 000,002,503 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/25 00:24:37 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/24 15:47:05 | 000,000,534 | ---- | M] () -- C:\Windows\System32\tmp.xml
[1 C:\Users\Sarah\AppData\Local\*.tmp files -> C:\Users\Sarah\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/22 20:46:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/22 20:46:26 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/22 20:28:21 | 000,018,944 | ---- | C] () -- C:\Windows\System32\swinr.exe
[2011/05/22 11:58:28 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/22 10:29:34 | 000,879,035 | ---- | C] () -- C:\Users\Sarah\Desktop\SecurityCheck.exe
[2011/05/22 09:15:42 | 004,352,705 | R--- | C] () -- C:\Users\Sarah\Desktop\ComboFix.exe
[2011/05/21 16:40:18 | 000,560,738 | ---- | C] () -- C:\Users\Sarah\Desktop\Chloe_Neill_-_Dark_Elite_01_-_Firespell.pdf
[2011/05/21 14:34:24 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/05/20 21:05:01 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/20 21:05:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/20 21:05:01 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/20 21:05:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/20 21:05:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/17 21:35:43 | 000,001,218 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/05/17 21:33:51 | 000,001,287 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/05/17 21:31:41 | 000,001,371 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/05/17 21:30:05 | 000,002,399 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/05/14 17:22:53 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\defogger_reenable
[2011/05/08 19:31:13 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011/05/07 19:57:25 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2011/04/26 13:09:53 | 000,001,864 | ---- | C] () -- C:\Users\Sarah\Desktop\Play Synthesia.lnk
[2011/04/25 00:24:37 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/15 07:57:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/09/04 17:55:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/09/04 17:55:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/04 10:23:47 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/27 08:57:38 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/08/27 08:57:38 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/08/27 08:57:38 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/08/27 08:57:38 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,340,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,630,560 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,111,612 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/04/19 18:53:09 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\.anki
[2011/03/06 13:04:46 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\GetRightToGo
[2011/02/12 20:13:59 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\mplayer
[2011/04/20 22:22:39 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Philipp Winterberg
[2011/04/26 13:10:49 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Synthesia
[2011/03/13 10:51:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\The Path
[2011/03/12 15:26:41 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Toshiba
[2011/05/14 21:55:45 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\uTorrent
[2011/05/07 01:07:14 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/22 11:58:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/22 11:58:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/22 11:58:28 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/22 11:58:30 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/22 11:58:30 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-22 11:00:18

< >

< End of report >

Hi!

Please upload a file to VirusTotal for me, and post back the results.

VirusTotal File Scan
Please go to: VirusTotal

• Click the Browse button and search for the following file: C:\Windows\System32\swinr.exe
  
• Click Open
  
• Then click Send File
  
• Please be patient while the file is scanned.
  
• Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply