Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help required with PreInstalled items


  • This topic is locked This topic is locked
42 replies to this topic

#1 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:38 AM

Posted 11 March 2011 - 07:05 PM

Hi - A brief outline of my reason for this post -
Some problems have appeared in the last week that may require an expert to review my system -
These have included, Internet connection dropouts (ISP connection is OK, as my XP has had no problems) and failure to enable Microsoft updates to Win7 SP1 -
An antivirus scan by Avira AntiVir takes about 35 mins although I have 453GB total space and I have 419GB of free space -
This "may or may not" contain Malware, but I think I need expert help with removal of Bulk amounts of pre-installed software -
I have posted here as I thought an expert may help to review the installed items that may not be required, as well as checking for infections -
Chkdsk /r was run last week along with ESET online scans, but the problems with Internet occured after those were run -

Thank You -

Logs as requested DDS and GMER -
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by John at 10:22:34.31 on 12/03/11
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3062.1618 [GMT 11:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\conhost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\windows\System32\alg.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\DllHost.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\John\Desktop\dds.scr
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\Partner.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [<NO NAME>]
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {03C603A8-B176-453F-901C-00B9203A063B} = 198.142.0.51 61.88.88.88
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-2-12 172032]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-5 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-5 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-5 61960]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-10-28 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-2-12 13336]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-8 62832]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-9-29 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-2-12 2314240]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-8-18 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-2-12 230912]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-2-12 862208]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-2-12 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-11-6 111960]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-10-31 677232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-19 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-8-20 180736]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-4 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-13 206072]
S3 Partner Service;Partner Service;c:\programdata\partner\Partner.exe [2010-2-12 332272]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-2-12 174592]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-21 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-03-10 09:07:19 -------- d-----w- c:\progra~2\abelhadigital.com
2011-03-10 09:07:04 -------- d-----w- c:\users\john\appdata\roaming\abelhadigital.com
2011-03-08 05:49:42 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{78daf75b-6ab7-45aa-9c35-763932524a60}\mpengine.dll
2011-02-24 02:10:48 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-24 00:25:09 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-24 00:25:09 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-18 10:36:49 -------- d-----w- c:\program files\ESET
.
==================== Find3M ====================
.
2011-02-02 06:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 10:22:56.09 ===============


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-12 10:22:00
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GC00
Running: gmer.exe; Driver: C:\Users\John\AppData\Local\Temp\pwlyiaow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 83086589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830AB092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8BB48000, 0x3C849, 0xE8000020]
.dsrt C:\windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8BB8D000, 0x3DC, 0x48000040]
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91C16000, 0x2DED1E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!CreateDialogParamW 77319BFF 5 Bytes JMP 6B4BC570 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!EnableWindow 7731A72E 5 Bytes JMP 6B4BC4EB C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!GetAsyncKeyState 7731C09A 5 Bytes JMP 6B47D6E9 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!UnhookWindowsHookEx 7731CC7B 5 Bytes JMP 6B5783A2 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!CallNextHookEx 7731CC8F 5 Bytes JMP 6B559D8C C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!CreateWindowExW 77320E51 5 Bytes JMP 6B56818F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!SetWindowsHookExW 7732210A 5 Bytes JMP 6B514643 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!GetKeyState 77324FDA 5 Bytes JMP 6B4BD762 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!IsDialogMessageW 77326F06 5 Bytes JMP 6B484284 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!CreateDialogParamA 77333E79 5 Bytes JMP 6B690A5E C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!IsDialogMessage 7733407A 5 Bytes JMP 6B6902FF C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!CreateDialogIndirectParamA 77339110 5 Bytes JMP 6B690A95 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!CreateDialogIndirectParamW 773408AD 5 Bytes JMP 6B690ACC C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!DialogBoxIndirectParamW 77344AA7 5 Bytes JMP 6B68FE68 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!EndDialog 7734555C 5 Bytes JMP 6B485AE9 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!DialogBoxParamW 7734564A 5 Bytes JMP 6B484BA7 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!SetKeyboardState 77346B52 5 Bytes JMP 6B690664 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!SendInput 77347055 5 Bytes JMP 6B691228 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!SetCursorPos 7735C1D8 5 Bytes JMP 6B691280 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!DialogBoxParamA 7735CF6A 5 Bytes JMP 6B68FE05 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!DialogBoxIndirectParamA 7735D29C 5 Bytes JMP 6B68FECB C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!MessageBoxIndirectA 7736E8C9 5 Bytes JMP 6B68FD9A C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!MessageBoxIndirectW 7736E9C3 5 Bytes JMP 6B68FD2F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!MessageBoxExA 7736EA29 5 Bytes JMP 6B68FCCD C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!MessageBoxExW 7736EA4D 5 Bytes JMP 6B68FC6B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] USER32.dll!keybd_event 7736EC9B 5 Bytes JMP 6B6915B3 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] SHELL32.dll!SHChangeNotification_Lock + 45BA 7675B440 4 Bytes [11, 36, 11, 6A]
.text C:\Program Files\Internet Explorer\iexplore.exe[968] SHELL32.dll!SHChangeNotification_Lock + 45C2 7675B448 8 Bytes [5F, 35, 11, 6A, D0, 73, 10, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[968] ole32.dll!OleLoadFromStream 75D75BF6 5 Bytes JMP 6B6901BB C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[968] ole32.dll!CoCreateInstance 75DC590C 5 Bytes JMP 6B568C7D C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!CreateWindowExW 77320E51 5 Bytes JMP 6B56818F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!DialogBoxIndirectParamW 77344AA7 5 Bytes JMP 6B68FE68 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!DialogBoxParamW 7734564A 5 Bytes JMP 6B484BA7 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!DialogBoxParamA 7735CF6A 5 Bytes JMP 6B68FE05 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!DialogBoxIndirectParamA 7735D29C 5 Bytes JMP 6B68FECB C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!MessageBoxIndirectA 7736E8C9 5 Bytes JMP 6B68FD9A C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!MessageBoxIndirectW 7736E9C3 5 Bytes JMP 6B68FD2F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!MessageBoxExA 7736EA29 5 Bytes JMP 6B68FCCD C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!MessageBoxExW 7736EA4D 5 Bytes JMP 6B68FC6B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb 524288 bytes

---- EOF - GMER 1.0.15 ----




BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:38 PM

Posted 17 March 2011 - 06:59 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:38 AM

Posted 17 March 2011 - 08:56 AM

As requested , running Windows7 on a Toshiba Satellite Laptop -
No Install CDs were supplied with the computer as it was preinstalled and purchased from a large dealer -
To 'fix' the internet problems I was having , I needed to do a system restore - So I do not know if the problem was solved -
I still cannot update to Windows7 SP1 ? ? for unknown reasons - There have been many attempts -

Thank You -

Updated DDS and GMER logs -
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by John at 23:09:19.36 on 17/03/11
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3062.2161 [GMT 11:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\System32\alg.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\taskeng.exe
C:\windows\system32\DllHost.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\John\Desktop\dds.scr
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\Partner.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [<NO NAME>]
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {03C603A8-B176-453F-901C-00B9203A063B} = 198.142.0.51 61.88.88.88
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-2-12 172032]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-5 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-5 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-5 61960]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-2-12 13336]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-9-29 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-8-18 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-2-12 230912]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-2-12 862208]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-2-12 51512]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-10-28 185712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-19 136176]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-8 62832]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-2-12 2314240]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-8-20 180736]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-4 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-13 206072]
S3 Partner Service;Partner Service;c:\programdata\partner\Partner.exe [2010-2-12 332272]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-2-12 174592]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-11-6 111960]
S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-10-31 677232]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-21 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-03-10 09:07:19 -------- d-----w- c:\progra~2\abelhadigital.com
2011-03-10 09:07:04 -------- d-----w- c:\users\john\appdata\roaming\abelhadigital.com
2011-03-08 05:49:42 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{78daf75b-6ab7-45aa-9c35-763932524a60}\mpengine.dll
2011-02-24 02:10:48 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-24 00:25:09 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-24 00:25:09 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-18 10:36:49 -------- d-----w- c:\program files\ESET
.
==================== Find3M ====================
.
2011-02-02 06:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 23:10:27.69 ===============


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-18 00:28:08
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GC00
Running: gmer.exe; Driver: C:\Users\John\AppData\Local\Temp\pwlyiaow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 83094589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B9092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8BB46000, 0x3C849, 0xE8000020]
.dsrt C:\windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8BB8B000, 0x3DC, 0x48000040]
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91C40000, 0x2DED1E, 0xE8000020]
? C:\Users\John\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#4 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:38 AM

Posted 17 March 2011 - 05:52 PM

http://speccy.piriform.com/results/yx7rrMDnUwffAJljQ9nCpBa
Snapshot from Speccy for details of computer
It appears that Windows7 SP1 may have at last installed -

Edited by noknojon, 18 March 2011 - 04:40 AM.


#5 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:38 AM

Posted 18 March 2011 - 04:37 AM

DDS and Attach latest


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by John at 20:24:50.28 on 18/03/11
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3062.1828 [GMT 11:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\conhost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\windows\System32\alg.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\DllHost.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\John\Desktop\dds.scr
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\Partner.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [<NO NAME>]
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {03C603A8-B176-453F-901C-00B9203A063B} = 198.142.0.51 61.88.88.88
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-2-12 172032]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-5 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-5 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-5 61960]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-10-28 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-2-12 13336]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-8 62832]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-9-29 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-2-12 2314240]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-8-18 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-2-12 230912]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-2-12 862208]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-2-12 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-11-6 111960]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-10-31 677232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-19 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-8-20 180736]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-4 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-13 206072]
S3 Partner Service;Partner Service;c:\programdata\partner\Partner.exe [2010-2-12 332272]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-2-12 174592]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-21 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-03-18 07:09:52 -------- d-----w- c:\users\john\appdata\roaming\ieSpell
2011-03-18 06:50:10 -------- d-----w- c:\program files\ieSpell
2011-03-10 09:07:19 -------- d-----w- c:\progra~2\abelhadigital.com
2011-03-10 09:07:04 -------- d-----w- c:\users\john\appdata\roaming\abelhadigital.com
2011-03-08 05:49:42 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{78daf75b-6ab7-45aa-9c35-763932524a60}\mpengine.dll
2011-02-24 02:10:48 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-24 00:25:09 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-24 00:25:09 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-18 10:36:49 -------- d-----w- c:\program files\ESET
.
==================== Find3M ====================
.
2011-02-02 06:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
.
============= FINISH: 20:25:10.25 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 18/08/10 11:59:45 AM
System Uptime: 18/03/11 5:23:53 PM (3 hours ago)
.
Motherboard: TOSHIBA | | NSWAA
Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz | CPU | 2133/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 418.444 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP106: 20/02/11 9:13:08 AM - Windows Update
RP107: 22/02/11 7:25:18 PM - Windows Update
RP108: 24/02/11 1:10:34 PM - Windows Update
RP109: 27/02/11 9:43:22 AM - Windows Update
RP110: 01/03/11 8:48:25 PM - Windows Update
RP111: 05/03/11 10:53:33 AM - Windows Update
RP112: 08/03/11 4:49:27 PM - Windows Update
RP113: 10/03/11 7:24:24 AM - Installed Java™ 6 Update 24
RP114: 12/03/11 12:07:38 AM - Restore Operation
RP115: 12/03/11 9:39:32 AM - Removed Java™ 6 Update 23
RP116: 12/03/11 9:43:29 AM - Removed Skype Toolbars
.
==== Installed Programs ======================
.
2007 Microsoft Office system
500 From Special K
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
ATI Catalyst Install Manager
Avira AntiVir Personal - Free Antivirus
Bejeweled 2 Deluxe 1.0
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDBurnerXP
CueClub
D3DX10
Direct DiscRecorder
DVD MovieFactory for TOSHIBA
ESET Online Scanner v3
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
HostsMan 3.2.73
ieSpell
ImgBurn
Intel® Control Center
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java™ SE Development Kit 6 Update 21
Junk Mail filter update
Malwarebytes' Anti-Malware
Masque Casino Game Pak II
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
OGA Notifier 2.0.0048.0
Optus Wireless Broadband
Orca Browser
PlayReady PC Runtime x86
PokerTH
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Reel Deal Slots - Nickels and More
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 4.2
Speccy
SpeedFan (remove only)
SUPERAntiSpyware
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
TOSHIBA PC Health Monitor
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2492475)
Update Installer for WildTangent Games App
Utility Common Driver
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
18/03/11 5:24:26 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
18/03/11 5:24:26 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.3, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
17/03/11 11:17:46 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume S3A8422D005.
12/03/11 8:17:15 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
12/03/11 12:10:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UNS service.
12/03/11 12:09:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.
12/03/11 12:09:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
12/03/11 12:08:33 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
12/03/11 12:01:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
12/03/11 12:01:29 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 169.254.152.161, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
11/03/11 9:23:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wecsvc service.
11/03/11 9:23:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TapiSrv service.
11/03/11 9:22:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
11/03/11 8:12:43 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
11/03/11 11:26:22 PM, Error: Service Control Manager [7022] - The Avira AntiVir Guard service hung on starting.
11/03/11 1:29:05 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
11/03/11 1:10:46 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================




#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 PM

Posted 22 March 2011 - 05:39 PM

Hello, noknojon.

My name is etavares and I will be helping you with this log. I'm really sorry for the delay, but you have me dedicated to your thread now. You can expect a reply a day at a minimum.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!






Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578



Step 1

We'll look for TDSS. Your GMER log doesn't show it, but you have had a few hard drive errors, including one with a file that can be related to TDSS infections, so we'll take a look.

  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply



Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:38 AM

Posted 22 March 2011 - 10:20 PM

Hi etavares -
Please find TDSS log and MBAM logs as requested -
Note : MBAM is always on my computers (and updated), as I also have over 5,000 posts at the MBAM forum over several years -
Thanking you for any insight into my computer -

2011/03/23 14:08:48.0894 0724 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/23 14:08:49.0399 0724 ================================================================================
2011/03/23 14:08:49.0399 0724 SystemInfo:
2011/03/23 14:08:49.0399 0724
2011/03/23 14:08:49.0399 0724 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/23 14:08:49.0399 0724 Product type: Workstation
2011/03/23 14:08:49.0399 0724 ComputerName: OCEANGROVE
2011/03/23 14:08:49.0400 0724 UserName: John
2011/03/23 14:08:49.0400 0724 Windows directory: C:\windows
2011/03/23 14:08:49.0400 0724 System windows directory: C:\windows
2011/03/23 14:08:49.0400 0724 Processor architecture: Intel x86
2011/03/23 14:08:49.0400 0724 Number of processors: 4
2011/03/23 14:08:49.0400 0724 Page size: 0x1000
2011/03/23 14:08:49.0400 0724 Boot type: Normal boot
2011/03/23 14:08:49.0400 0724 ================================================================================
2011/03/23 14:08:49.0681 0724 Initialize success
2011/03/23 14:09:04.0967 4312 ================================================================================
2011/03/23 14:09:04.0967 4312 Scan started
2011/03/23 14:09:04.0967 4312 Mode: Manual;
2011/03/23 14:09:04.0967 4312 ================================================================================
2011/03/23 14:09:05.0577 4312 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/03/23 14:09:05.0716 4312 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/03/23 14:09:05.0846 4312 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/03/23 14:09:05.0992 4312 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/03/23 14:09:06.0150 4312 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/03/23 14:09:06.0284 4312 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/03/23 14:09:06.0437 4312 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2011/03/23 14:09:06.0615 4312 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\windows\system32\DRIVERS\AGRSM.sys
2011/03/23 14:09:06.0723 4312 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/03/23 14:09:06.0865 4312 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/03/23 14:09:07.0065 4312 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/03/23 14:09:07.0212 4312 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/03/23 14:09:07.0322 4312 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/03/23 14:09:07.0442 4312 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/03/23 14:09:07.0554 4312 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/03/23 14:09:07.0670 4312 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
2011/03/23 14:09:07.0792 4312 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/03/23 14:09:07.0896 4312 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
2011/03/23 14:09:08.0082 4312 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/03/23 14:09:08.0219 4312 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/03/23 14:09:08.0320 4312 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/03/23 14:09:08.0439 4312 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/03/23 14:09:08.0558 4312 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/03/23 14:09:08.0863 4312 atikmdag (a12b4aa7f1294f065a03fba79de29e5a) C:\windows\system32\DRIVERS\atikmdag.sys
2011/03/23 14:09:09.0022 4312 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\windows\system32\DRIVERS\avgntflt.sys
2011/03/23 14:09:09.0166 4312 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\windows\system32\DRIVERS\avipbb.sys
2011/03/23 14:09:09.0310 4312 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/03/23 14:09:09.0432 4312 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/03/23 14:09:09.0549 4312 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/03/23 14:09:09.0678 4312 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/03/23 14:09:09.0794 4312 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
2011/03/23 14:09:09.0896 4312 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/03/23 14:09:09.0996 4312 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/03/23 14:09:10.0114 4312 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/03/23 14:09:10.0222 4312 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/03/23 14:09:10.0343 4312 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/03/23 14:09:10.0442 4312 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/03/23 14:09:10.0536 4312 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/03/23 14:09:10.0666 4312 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/03/23 14:09:10.0793 4312 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/03/23 14:09:10.0914 4312 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/03/23 14:09:11.0016 4312 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/03/23 14:09:11.0154 4312 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/03/23 14:09:11.0255 4312 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/03/23 14:09:11.0379 4312 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/03/23 14:09:11.0497 4312 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/03/23 14:09:11.0606 4312 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/03/23 14:09:11.0717 4312 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/03/23 14:09:11.0861 4312 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2011/03/23 14:09:11.0977 4312 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/03/23 14:09:12.0091 4312 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/03/23 14:09:12.0233 4312 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/03/23 14:09:12.0345 4312 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
2011/03/23 14:09:12.0573 4312 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/03/23 14:09:12.0723 4312 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/03/23 14:09:12.0837 4312 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/03/23 14:09:13.0001 4312 ewusbnet (01fd440c181c2e2f993ccf7b677701e8) C:\windows\system32\DRIVERS\ewusbnet.sys
2011/03/23 14:09:13.0124 4312 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/03/23 14:09:13.0238 4312 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/03/23 14:09:13.0355 4312 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/03/23 14:09:13.0477 4312 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/03/23 14:09:13.0572 4312 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/03/23 14:09:13.0685 4312 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/03/23 14:09:13.0795 4312 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/03/23 14:09:13.0926 4312 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/03/23 14:09:14.0048 4312 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
2011/03/23 14:09:14.0159 4312 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/03/23 14:09:14.0285 4312 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/03/23 14:09:14.0395 4312 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/03/23 14:09:14.0551 4312 giveio (77ebf3e9386daa51551af429052d88d0) C:\windows\system32\giveio.sys
2011/03/23 14:09:14.0726 4312 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/03/23 14:09:14.0847 4312 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/03/23 14:09:14.0961 4312 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/03/23 14:09:15.0079 4312 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
2011/03/23 14:09:15.0186 4312 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/03/23 14:09:15.0283 4312 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/03/23 14:09:15.0411 4312 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/03/23 14:09:15.0544 4312 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/03/23 14:09:15.0682 4312 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/03/23 14:09:15.0808 4312 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/03/23 14:09:15.0953 4312 hwdatacard (988c0a49f09d75d3341cb419141793c1) C:\windows\system32\DRIVERS\ewusbmdm.sys
2011/03/23 14:09:16.0053 4312 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/03/23 14:09:16.0191 4312 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/03/23 14:09:16.0298 4312 iaStor (d5edb998656e6ecf1a17c78dab019a3c) C:\windows\system32\DRIVERS\iaStor.sys
2011/03/23 14:09:16.0440 4312 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
2011/03/23 14:09:16.0581 4312 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/03/23 14:09:16.0771 4312 IntcAzAudAddService (810ad686e0c342817b24a631f734850c) C:\windows\system32\drivers\RTKVHDA.sys
2011/03/23 14:09:16.0894 4312 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/03/23 14:09:17.0002 4312 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/03/23 14:09:17.0125 4312 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/03/23 14:09:17.0246 4312 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/03/23 14:09:17.0356 4312 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/03/23 14:09:17.0476 4312 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/03/23 14:09:17.0591 4312 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/03/23 14:09:17.0689 4312 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/03/23 14:09:17.0805 4312 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/03/23 14:09:17.0924 4312 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/03/23 14:09:18.0038 4312 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/03/23 14:09:18.0155 4312 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/03/23 14:09:18.0311 4312 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/03/23 14:09:18.0476 4312 LPCFilter (6adab14d7ad12b35bdc665b35278099b) C:\windows\system32\DRIVERS\LPCFilter.sys
2011/03/23 14:09:18.0612 4312 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/03/23 14:09:18.0731 4312 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/03/23 14:09:18.0850 4312 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/03/23 14:09:18.0973 4312 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/03/23 14:09:19.0085 4312 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/03/23 14:09:19.0212 4312 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/03/23 14:09:19.0331 4312 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/03/23 14:09:19.0444 4312 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/03/23 14:09:19.0561 4312 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/03/23 14:09:19.0676 4312 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/03/23 14:09:19.0801 4312 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/03/23 14:09:19.0912 4312 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/03/23 14:09:20.0009 4312 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/03/23 14:09:20.0108 4312 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/03/23 14:09:20.0218 4312 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/03/23 14:09:20.0331 4312 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/03/23 14:09:20.0441 4312 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/03/23 14:09:20.0537 4312 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/03/23 14:09:20.0647 4312 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/03/23 14:09:20.0768 4312 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/03/23 14:09:20.0897 4312 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/03/23 14:09:20.0998 4312 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/03/23 14:09:21.0095 4312 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/03/23 14:09:21.0232 4312 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/03/23 14:09:21.0356 4312 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/03/23 14:09:21.0470 4312 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/03/23 14:09:21.0579 4312 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/03/23 14:09:21.0686 4312 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/03/23 14:09:21.0812 4312 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/03/23 14:09:21.0908 4312 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/03/23 14:09:22.0014 4312 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/03/23 14:09:22.0142 4312 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/03/23 14:09:22.0262 4312 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/03/23 14:09:22.0383 4312 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/03/23 14:09:22.0496 4312 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/03/23 14:09:22.0621 4312 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/03/23 14:09:22.0747 4312 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/03/23 14:09:22.0865 4312 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/03/23 14:09:22.0997 4312 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/03/23 14:09:23.0104 4312 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/03/23 14:09:23.0241 4312 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/03/23 14:09:23.0379 4312 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/03/23 14:09:23.0484 4312 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/03/23 14:09:23.0628 4312 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
2011/03/23 14:09:23.0741 4312 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/03/23 14:09:23.0866 4312 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
2011/03/23 14:09:23.0973 4312 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
2011/03/23 14:09:24.0091 4312 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/03/23 14:09:24.0222 4312 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/03/23 14:09:24.0361 4312 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/03/23 14:09:24.0466 4312 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/03/23 14:09:24.0581 4312 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/03/23 14:09:24.0714 4312 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/03/23 14:09:24.0829 4312 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/03/23 14:09:24.0951 4312 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/03/23 14:09:25.0055 4312 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/03/23 14:09:25.0166 4312 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/03/23 14:09:25.0305 4312 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
2011/03/23 14:09:25.0464 4312 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/03/23 14:09:25.0566 4312 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/03/23 14:09:25.0711 4312 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/03/23 14:09:25.0853 4312 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/03/23 14:09:25.0968 4312 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/03/23 14:09:26.0072 4312 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/03/23 14:09:26.0184 4312 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/03/23 14:09:26.0297 4312 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/03/23 14:09:26.0417 4312 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/03/23 14:09:26.0558 4312 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/03/23 14:09:26.0688 4312 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/03/23 14:09:26.0809 4312 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/03/23 14:09:26.0920 4312 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/03/23 14:09:27.0016 4312 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/03/23 14:09:27.0126 4312 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/03/23 14:09:27.0244 4312 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/03/23 14:09:27.0353 4312 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/03/23 14:09:27.0473 4312 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/03/23 14:09:27.0637 4312 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/03/23 14:09:27.0758 4312 RSUSBSTOR (83f7a29b659771e60cd71999ef57aa0c) C:\windows\system32\Drivers\RtsUStor.sys
2011/03/23 14:09:27.0889 4312 RTHDMIAzAudService (72a5515a2031d458dd38e9336594184b) C:\windows\system32\drivers\RtHDMIV.sys
2011/03/23 14:09:28.0005 4312 RTL8167 (bcebd5d1aabce4efb7597635e347c44b) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/03/23 14:09:28.0144 4312 rtl8192se (44b7739f2d623ad6fb46755bb60351a4) C:\windows\system32\DRIVERS\rtl8192se.sys
2011/03/23 14:09:28.0266 4312 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/23 14:09:28.0378 4312 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/03/23 14:09:28.0505 4312 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/03/23 14:09:28.0638 4312 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/03/23 14:09:28.0764 4312 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/03/23 14:09:28.0989 4312 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/03/23 14:09:29.0102 4312 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/03/23 14:09:29.0206 4312 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/03/23 14:09:29.0341 4312 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/03/23 14:09:29.0441 4312 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/03/23 14:09:29.0547 4312 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/03/23 14:09:29.0653 4312 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/03/23 14:09:29.0787 4312 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/03/23 14:09:29.0902 4312 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/03/23 14:09:30.0007 4312 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/03/23 14:09:30.0127 4312 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/03/23 14:09:30.0268 4312 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\windows\system32\speedfan.sys
2011/03/23 14:09:30.0374 4312 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/03/23 14:09:30.0523 4312 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\windows\system32\DRIVERS\srv.sys
2011/03/23 14:09:30.0641 4312 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\windows\system32\DRIVERS\srv2.sys
2011/03/23 14:09:30.0760 4312 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\windows\system32\DRIVERS\srvnet.sys
2011/03/23 14:09:30.0907 4312 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
2011/03/23 14:09:31.0005 4312 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/03/23 14:09:31.0121 4312 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/03/23 14:09:31.0252 4312 SynTP (6da97d6b6de6326eba8ab8291ab41a09) C:\windows\system32\DRIVERS\SynTP.sys
2011/03/23 14:09:31.0425 4312 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
2011/03/23 14:09:31.0580 4312 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
2011/03/23 14:09:31.0676 4312 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/03/23 14:09:31.0777 4312 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/03/23 14:09:31.0869 4312 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/03/23 14:09:31.0970 4312 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/03/23 14:09:32.0062 4312 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/03/23 14:09:32.0156 4312 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/03/23 14:09:32.0313 4312 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
2011/03/23 14:09:32.0434 4312 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/03/23 14:09:32.0544 4312 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/03/23 14:09:32.0667 4312 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/03/23 14:09:32.0785 4312 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
2011/03/23 14:09:32.0874 4312 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/03/23 14:09:32.0969 4312 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
2011/03/23 14:09:33.0099 4312 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/03/23 14:09:33.0198 4312 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/03/23 14:09:33.0284 4312 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/03/23 14:09:33.0389 4312 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/03/23 14:09:33.0481 4312 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/03/23 14:09:33.0576 4312 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/03/23 14:09:33.0678 4312 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
2011/03/23 14:09:33.0775 4312 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/03/23 14:09:33.0878 4312 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/03/23 14:09:33.0980 4312 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
2011/03/23 14:09:34.0085 4312 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/03/23 14:09:34.0190 4312 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/03/23 14:09:34.0301 4312 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
2011/03/23 14:09:34.0427 4312 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/03/23 14:09:34.0554 4312 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/03/23 14:09:34.0653 4312 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/03/23 14:09:34.0751 4312 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/03/23 14:09:34.0859 4312 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/03/23 14:09:34.0949 4312 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/03/23 14:09:35.0041 4312 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/03/23 14:09:35.0136 4312 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/03/23 14:09:35.0229 4312 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/03/23 14:09:35.0328 4312 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/03/23 14:09:35.0446 4312 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/03/23 14:09:35.0570 4312 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/03/23 14:09:35.0671 4312 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/03/23 14:09:35.0776 4312 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
2011/03/23 14:09:35.0833 4312 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/03/23 14:09:35.0933 4312 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/03/23 14:09:35.0953 4312 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/03/23 14:09:36.0093 4312 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/03/23 14:09:36.0214 4312 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/03/23 14:09:36.0370 4312 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/03/23 14:09:36.0469 4312 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/03/23 14:09:36.0633 4312 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/03/23 14:09:36.0769 4312 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/03/23 14:09:36.0894 4312 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/03/23 14:09:37.0004 4312 ================================================================================
2011/03/23 14:09:37.0004 4312 Scan finished
2011/03/23 14:09:37.0004 4312 ================================================================================


Updated MBAM logs

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6137

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23/03/11 2:07:08 PM
mbam-log-2011-03-23 (14-07-08).txt

Scan type: Quick scan
Objects scanned: 149609
Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thank You -

EDIT -
Note that CCleaner is not set to work on any regestry items - That area is fully unticked -
It is only used cleaning for Temp files -

Edited by noknojon, 23 March 2011 - 03:11 PM.


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 PM

Posted 23 March 2011 - 05:27 PM

Hello, noknojon.

OK, that's good to know. I don't think you have active malware.

You mentioned you had no issues with "your XP". Do you mean another computer? Or is this one a dual boot with multiple operating systems on it?

Let's do some maintenance items and find out a bit more information.



Step 1


You currently have two active anti-spyware programs. I recommend only one, otherwise they could conflict causing false positives, errors and general slowdowns.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}


I would recommend to turn off Windows Defender and keep AntiVir as AntiVir also is an antivirus.





Step 2


This Java development kit is outdated. The current version is 24. I do recommend to uninstall this and update to version 24.

Java™ SE Development Kit 6 Update 21




Step 3


You mentioned you ran chkdsk. Was it because of this error?

17/03/11 11:17:46 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume S3A8422D005


What did you find when you ran chkdsk? Have you had any errors like this since?



Step 4


You also mentioned being unable to install SP1 on this machine. Do you get any specific error? To find out if you can't remember, go to The Windows Orb button --> type Windows Update, select it from the list that pops up, click VIew Update History on the left, find Windows 7 Service Pack 1 in the list, right-click on it and select Copy Details and paste the details in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:38 AM

Posted 24 March 2011 - 04:11 AM

Hi again -
The Xp I refer to is my desktop about 4 years old - My Win 7 is a laptop about 6 months old -

2011-03-10 09:07:19 -------- d-----w- c:\progra~2\abelhadigital.com
2011-03-10 09:07:04 -------- d-----w- c:\users\john\appdata\roaming\abelhadigital.com
This was about the time that I had the internet problems I mentioned -

Re Failures on SP1 updates -
Details on Win7 SP1 update -
05/03/11: Windows 7 Service Pack 1 (KB976932)05/03/11: Windows 7 Service Pack 1 (KB976932)05/03/11: Windows 7 Service Pack 1 (KB976932)05/03/11:
Windows 7 Service Pack 1 (KB976932)05/03/11: Windows 7 Service Pack 1 (KB976932)04/03/11: Definition Update for Windows Defender - KB915597
(Definition 02/03/11: Windows 7 Service Pack 1 (KB976932)02/03/11: Windows 7 Service Pack 1 (KB976932)
Windows 7 Service Pack 1 (KB976932)

Installation date: ‎05/‎03/‎11 10:09 PM

Installation status: Failed

Error details: Code 8024402C

Update type: Important

Windows 7 Service Pack 1 is a recommended collection of updates and improvements to Windows that are combined into a single installable update.
The service pack can help make your computer safer and more reliable.
A typical installation will take about 30 minutes to complete, and you will have to restart your computer about halfway through the process.

More information:
http://go.microsoft.com/fwlink/?LinkId=206783

Help and Support:
http://go.microsoft.com/fwlink/?LinkId=206784


SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
This should now be disabled -



17/03/11 11:17:46 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume S3A8422D005
Yes - This message is why I ran chkdsk /r - No errors reported but the scan was slow -


RP113: 10/03/11 7:24:24 AM - Installed Java™ 6 Update 24
RP114: 12/03/11 12:07:38 AM - Restore Operation
RP115: 12/03/11 9:39:32 AM - Removed Java™ 6 Update 23

I Thought Java was updated (see above) but I will re check and reinstall Java -

Thank you -

Edited by noknojon, 24 March 2011 - 04:55 AM.


#10 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:38 AM

Posted 24 March 2011 - 04:46 AM

Hi -
New DDS log -
Should show that the basics have been attended to , plus a few items Highlighted (RED) as unknown / unwanted ? ?
.

DDS (Ver_11-03-05.01) - NTFSx86
Run by John at 20:32:13.54 on 24/03/11
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3062.1833 [GMT 11:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Now disabled -
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\conhost.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\windows\System32\alg.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\msiexec.exe
C:\windows\System32\svchost.exe -k swprv
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\John\Desktop\dds.scr
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File ? ? Unknown
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\Partner.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File ? ? Unknown
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [<NO NAME>] ? ? Unknown
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {03C603A8-B176-453F-901C-00B9203A063B} = 211.29.132.12 61.88.88.88
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-2-12 172032]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-5 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-5 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-5 61960]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-10-28 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-2-12 13336]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-8 62832]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-9-29 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-2-12 2314240]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-8-18 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-2-12 230912]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-2-12 862208]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-2-12 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-11-6 111960]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-10-31 677232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-19 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-8-20 180736]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-4 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-13 206072]
S3 Partner Service;Partner Service;c:\programdata\partner\Partner.exe [2010-2-12 332272]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-2-12 174592]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-21 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-03-18 07:09:52 -------- d-----w- c:\users\john\appdata\roaming\ieSpell
2011-03-18 06:50:10 -------- d-----w- c:\program files\ieSpell
2011-03-10 09:07:19 -------- d-----w- c:\progra~2\abelhadigital.com
2011-03-10 09:07:04 -------- d-----w- c:\users\john\appdata\roaming\abelhadigital.com
2011-03-08 05:49:42 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{78daf75b-6ab7-45aa-9c35-763932524a60}\mpengine.dll
2011-02-24 02:10:48 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-24 00:25:09 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-24 00:25:09 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
.
==================== Find3M ====================
.
2011-03-24 09:24:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 06:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:32:30.23 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 18/08/10 11:59:45 AM
System Uptime: 24/03/11 5:12:38 PM (3 hours ago)
.
Motherboard: TOSHIBA | | NSWAA
Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz | CPU | 2133/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 419.344 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP108: 24/02/11 1:10:34 PM - Windows Update
RP109: 27/02/11 9:43:22 AM - Windows Update
RP110: 01/03/11 8:48:25 PM - Windows Update
RP111: 05/03/11 10:53:33 AM - Windows Update
RP112: 08/03/11 4:49:27 PM - Windows Update
RP113: 10/03/11 7:24:24 AM - Installed Java™ 6 Update 24
RP114: 12/03/11 12:07:38 AM - Restore Operation - - This was how I fixed the internet problems -
RP115: 12/03/11 9:39:32 AM - Removed Java™ 6 Update 23
RP116: 12/03/11 9:43:29 AM - Removed Skype Toolbars
RP117: 19/03/11 11:14:07 AM - Scheduled Checkpoint
RP118: 24/03/11 8:17:56 PM - Removed Java™ SE Development Kit 6 Update 21
RP119: 24/03/11 8:19:02 PM - Removed Java™ SE Development Kit 6 Update 21
RP120: 24/03/11 8:19:27 PM - Removed Java™ SE Development Kit 6 Update 21
RP121: 24/03/11 8:24:44 PM - Installed Java™ 6 Update 24 Now Updated ! !
.
==== Installed Programs ======================
.
2007 Microsoft Office system
500 From Special K
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
ATI Catalyst Install Manager
Avira AntiVir Personal - Free Antivirus
Bejeweled 2 Deluxe 1.0
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDBurnerXP
CueClub
D3DX10
Direct DiscRecorder
DVD MovieFactory for TOSHIBA
ESET Online Scanner v3
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
HostsMan 3.2.73
ieSpell
ImgBurn
Intel® Control Center
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 24 - Now updated
Junk Mail filter update
Malwarebytes' Anti-Malware
Masque Casino Game Pak II
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
OGA Notifier 2.0.0048.0
Optus Wireless Broadband
Orca Browser
PlayReady PC Runtime x86
PokerTH
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Reel Deal Slots - Nickels and More
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 4.2
Speccy
SpeedFan (remove only)
SUPERAntiSpyware
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
TOSHIBA PC Health Monitor
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2492475)
Update Installer for WildTangent Games App
Utility Common Driver
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
24/03/11 5:13:07 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
24/03/11 5:13:07 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.3, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
23/03/11 6:20:30 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
17/03/11 11:17:46 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume S3A8422D005.
.
==== End Of File ===========================

The error messages seem to keep being there -
Also there just seems to be too many programs ("preinstalled") ? ? installed for a near new unit that gets little use -
This was also part of the reason I posted this thread -

Thank You -

Edited by noknojon, 24 March 2011 - 05:07 AM.


#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 PM

Posted 24 March 2011 - 06:55 PM

Hello, noknojon.
Java runtime was updated, but you have the development kit. You only need that if you're coding in Java. The runtime was already up to date, but it was the development kit that was outdated.

The lines you highlighted in DDS with "no file" are orphaned entries. We'll take care of them later, but they aren't the source of this issue.



Step 1

2011-03-10 09:07:19 -------- d-----w- c:\progra~2\abelhadigital.com
2011-03-10 09:07:04 -------- d-----w- c:\users\john\appdata\roaming\abelhadigital.com


This is legitimate. It is HostsMan which is showed as installed on this computer. You may want to uninstall HostsMan if your issues started when you installed it. We can then reset your HOSTS file. That could cause internet issues if it was corrupted as the HOSTS file is like a custom phonebook for the internet. However, DDS doesn't show any edits to the HOSTS file in your log. Let's go ahead and uninstall it now. We can always add it in later.







Step 2


That error means it can't establish a connection to the update server. So, either it's due to spotty internet connection, or malware has blocked the update server. Let's try to unstick it.

Please follow the instructions in this link. Then try to update. Did it work?



Step 3

We'll do a deeper scan that definitely will look at the HOSTS file for a second check. It will also give us a bit more info as well.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Select "Use Safelist" under "Extra Registry"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:38 AM

Posted 24 March 2011 - 10:18 PM

2011-03-10 09:07:19 -------- d-----w- c:\progra~2\abelhadigital.com
2011-03-10 09:07:04 -------- d-----w- c:\users\john\appdata\roaming\abelhadigital.com

I do know these are Hostsman updates - This was done as part of usual maintaining the system -
RP113: 10/03/11 7:24:24 AM - Installed Java™ 6 Update 24
RP114: 12/03/11 12:07:38 AM - Restore Operation
RP115: 12/03/11 9:39:32 AM - Removed Java™ 6 Update 23
This system restore was to reinstate the internet , and it most likely upset my regular Java update


>> Please follow the instructions in this link. Then try to update. Did it work? <<
As far as I can tell - No -
LAN is set as it should be (only top box is checked) -
The net reset items were run as per M/soft instructions -
OTL log to follow -

Edited by noknojon, 25 March 2011 - 04:36 AM.


#13 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:38 AM

Posted 25 March 2011 - 04:51 AM

OTL (by OldTimer) Log and extra log -

OTL logfile created on: 3/25/2011 8:41:02 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\John\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: dd/MM/yy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.40 Gb Total Space | 419.22 Gb Free Space | 92.46% Space Free | Partition Type: NTFS

Computer Name: OCEANGROVE | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/25 14:05:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2011/03/17 23:10:09 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/26 05:03:02 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/06/01 10:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/06 04:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/11/06 04:15:02 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/10/31 16:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/31 07:48:42 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2009/10/31 07:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2009/10/30 09:09:00 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/10/30 09:08:34 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/10/29 15:02:38 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2009/10/29 14:13:44 | 000,467,304 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
PRC - [2009/10/29 06:15:10 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/10/28 15:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/10/27 05:15:40 | 000,742,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/10/07 04:23:12 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/10/07 04:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/10/03 08:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/03 08:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/01 14:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 14:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/29 09:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/09/29 09:30:32 | 001,328,480 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\Teco.exe
PRC - [2009/09/09 18:56:26 | 000,360,448 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/09/09 18:56:00 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/29 15:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/29 10:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/29 09:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/14 12:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 12:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/08 04:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
PRC - [2009/03/28 13:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/03/11 13:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/14 16:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2008/11/10 07:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2011/03/25 14:05:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
MOD - [2010/08/21 16:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/17 23:10:09 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/13 04:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/21 11:10:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/12 04:42:43 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/11/06 04:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/10/31 07:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/10/30 09:09:00 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/10/28 15:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/10/07 04:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/10/03 08:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/10/01 14:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/10/01 14:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/09/29 09:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/09/09 18:56:00 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/29 10:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/14 12:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 12:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/08 04:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
SRV - [2009/03/28 13:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/11 13:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/10 07:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/03/17 23:10:11 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/11 05:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 05:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/03 08:33:24 | 000,862,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/09/23 12:40:48 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/09/18 07:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/09/10 16:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/09/09 19:31:10 | 005,174,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/09/04 16:12:40 | 000,180,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/07/31 16:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2009/07/31 12:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/25 10:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/22 09:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/15 10:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 10:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/22 18:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/20 14:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009/05/21 13:04:40 | 000,157,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2006/09/25 00:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\windows\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/04 06:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2490640985-2758950417-1742238345-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
IE - HKU\S-1-5-21-2490640985-2758950417-1742238345-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://netspace.net.au/ [binary data]
IE - HKU\S-1-5-21-2490640985-2758950417-1742238345-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-2490640985-2758950417-1742238345-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========




O1 HOSTS File: ([2009/06/11 08:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2490640985-2758950417-1742238345-1004\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-21-2490640985-2758950417-1742238345-1004..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2490640985-2758950417-1742238345-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 08:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{12fd2f69-dbe0-11df-8a3d-705ab6744970}\Shell - "" = AutoRun
O33 - MountPoints2\{12fd2f69-dbe0-11df-8a3d-705ab6744970}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{64d92f59-abd9-11df-aa1b-705ab6744970}\Shell - "" = AutoRun
O33 - MountPoints2\{64d92f59-abd9-11df-aa1b-705ab6744970}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{64d92f5d-abd9-11df-aa1b-705ab6744970}\Shell - "" = AutoRun
O33 - MountPoints2\{64d92f5d-abd9-11df-aa1b-705ab6744970}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/25 14:05:53 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2011/03/24 20:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/24 20:25:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2011/03/24 20:25:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2011/03/24 20:25:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2011/03/24 20:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/03/23 13:54:01 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\John\Desktop\tdsskiller.exe
[2011/03/18 18:09:52 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\ieSpell
[2011/03/18 17:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\ieSpell
[2011/03/18 09:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2011/03/10 20:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\abelhadigital.com
[2011/03/10 20:07:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\HostsMan Backups
[2011/03/10 20:07:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\abelhadigital.com
[2011/02/24 11:25:09 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2011/02/24 11:25:09 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll

========== Files - Modified Within 30 Days ==========

[2011/03/25 20:31:35 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/25 20:31:35 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/25 19:57:08 | 000,000,878 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/25 19:56:55 | 000,000,435 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.ics
[2011/03/25 19:56:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/03/25 19:56:32 | 2407,743,488 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/25 14:05:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2011/03/25 13:55:01 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/25 13:39:59 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/24 20:24:56 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2011/03/24 20:24:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2011/03/24 20:24:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2011/03/24 20:24:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2011/03/23 13:54:14 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\John\Desktop\tdsskiller.exe
[2011/03/18 21:14:05 | 000,000,392 | ---- | M] () -- C:\Users\John\Desktop\Spider Solitaire.lnk
[2011/03/18 21:14:01 | 000,000,368 | ---- | M] () -- C:\Users\John\Desktop\Solitaire.lnk
[2011/03/18 21:13:53 | 000,000,360 | ---- | M] () -- C:\Users\John\Desktop\Mahjong.lnk
[2011/03/18 21:13:27 | 000,000,356 | ---- | M] () -- C:\Users\John\Desktop\Hearts.lnk
[2011/03/18 21:13:20 | 000,000,364 | ---- | M] () -- C:\Users\John\Desktop\FreeCell.lnk
[2011/03/18 17:49:44 | 002,091,426 | ---- | M] () -- C:\Users\John\Documents\ieSpellSetup264573.exe
[2011/03/18 09:47:11 | 000,177,377 | ---- | M] () -- C:\Users\John\Documents\spsetup109.zip
[2011/03/18 09:39:52 | 000,011,368 | ---- | M] () -- C:\Users\John\Documents\OCEANGROVE.speccy
[2011/03/18 09:37:30 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2011/03/17 23:10:11 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2011/03/12 09:53:00 | 000,000,000 | ---- | M] () -- C:\Users\John\defogger_reenable
[2011/03/08 19:56:44 | 000,678,072 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/03/08 19:56:44 | 000,129,098 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/03/05 22:56:06 | 000,625,664 | ---- | M] () -- C:\Users\John\Desktop\dds.scr

========== Files Created - No Company Name ==========

[2011/03/18 21:14:05 | 000,000,392 | ---- | C] () -- C:\Users\John\Desktop\Spider Solitaire.lnk
[2011/03/18 21:14:01 | 000,000,368 | ---- | C] () -- C:\Users\John\Desktop\Solitaire.lnk
[2011/03/18 21:13:53 | 000,000,360 | ---- | C] () -- C:\Users\John\Desktop\Mahjong.lnk
[2011/03/18 21:13:27 | 000,000,356 | ---- | C] () -- C:\Users\John\Desktop\Hearts.lnk
[2011/03/18 21:13:20 | 000,000,364 | ---- | C] () -- C:\Users\John\Desktop\FreeCell.lnk
[2011/03/18 17:49:30 | 002,091,426 | ---- | C] () -- C:\Users\John\Documents\ieSpellSetup264573.exe
[2011/03/18 09:43:32 | 000,177,377 | ---- | C] () -- C:\Users\John\Documents\spsetup109.zip
[2011/03/18 09:39:52 | 000,011,368 | ---- | C] () -- C:\Users\John\Documents\OCEANGROVE.speccy
[2011/03/18 09:37:29 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2011/03/12 09:53:00 | 000,000,000 | ---- | C] () -- C:\Users\John\defogger_reenable
[2011/03/05 22:55:55 | 000,625,664 | ---- | C] () -- C:\Users\John\Desktop\dds.scr
[2011/03/05 14:24:59 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/25 14:06:18 | 000,000,007 | ---- | C] () -- C:\windows\System32\mkghj.dll
[2010/08/28 18:13:57 | 000,000,016 | ---- | C] () -- C:\windows\popcinfo.dat
[2010/08/26 20:49:54 | 000,007,599 | ---- | C] () -- C:\Users\John\AppData\Local\resmon.resmoncfg
[2010/08/19 08:44:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/12 04:28:27 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/02/12 04:11:35 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010/02/12 04:07:31 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2010/02/12 04:02:36 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe
[2010/02/12 04:02:36 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2010/02/12 04:02:36 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe
[2010/02/12 03:55:01 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/14 15:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 15:33:53 | 000,439,568 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 13:05:48 | 000,678,072 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 13:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 13:05:48 | 000,129,098 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 13:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 13:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 13:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 10:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 10:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/11 08:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/04/28 23:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll
[1996/04/04 06:33:26 | 000,005,248 | ---- | C] () -- C:\windows\System32\giveio.sys

< End of report >
OTL Extras logfile created on: 3/25/2011 8:41:02 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\John\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: dd/MM/yy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.40 Gb Total Space | 419.22 Gb Free Space | 92.46% Space Free | Partition Type: NTFS

Computer Name: OCEANGROVE | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2490640985-2758950417-1742238345-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00763F56-1FE5-DA9F-A43E-53F5D46D6E7E}" = CCC Help Dutch
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02F2BA99-3AFA-F0E6-969B-E6443A469967}" = Catalyst Control Center InstallProxy
"{084144E0-8719-9E07-49F9-D728A7533B32}" = CCC Help Russian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB58D13-A9CB-7599-DE28-D17205A3D381}" = Catalyst Control Center Graphics Previews Common
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1901B979-96F2-3330-D875-4803F233CF47}" = CCC Help Finnish
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2404C7F8-65CC-9408-F08E-73996B998A7D}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{290CD70B-6E45-7381-CDC4-45E582F49C60}" = Catalyst Control Center Graphics Previews Vista
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FFDADDF-5107-5CB7-1E9C-66E881680F25}" = CCC Help Turkish
"{320F5494-8DB9-10CD-6122-05299B9A4DAD}" = Catalyst Control Center Graphics Full New
"{327302DA-42B3-CF80-A242-E7E16FB6BB91}" = ATI Catalyst Install Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39987616-5DF2-CDFA-761C-75E66743CE80}" = CCC Help Portuguese
"{39D7BD4A-5BE7-11D4-9D68-0020781864F1}" = CueClub
"{3BCF8458-04BA-EBB7-3EDD-BFD188230DBE}" = CCC Help Czech
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D6FC55-A7CA-1EEA-C038-70998C3D190A}" = CCC Help Spanish
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46D0CFB0-D3F7-6D32-8FBF-2F848F7ECA79}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D76C6A4-A8AC-B6FF-C334-E6CBB7471C44}" = Catalyst Control Center Core Implementation
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{53173451-0DDE-97E9-B6FE-1D068DBF2AF8}" = CCC Help Chinese Standard
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{67753C59-3BB3-7CBB-7B10-F47CE982082F}" = CCC Help German
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ABF4A27-C269-88EB-1CA8-5A1D78A2FF08}" = ccc-core-static
"{6B81F4D9-A640-4081-A01D-7CB37F5DF4A4}" = TOSHIBA Bulletin Board
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6ED53E0C-EAC0-4F0F-947D-6BA817E4C8C3}" = HostsMan 3.2.73
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{767F1CF5-6140-BCF3-549E-69B273099EC9}" = CCC Help Polish
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C4F9145-AEDA-55D4-3F5F-BCA89EA300E2}" = CCC Help Swedish
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D3D00A7-F448-D3A3-BC79-CD603AEBC2F5}" = CCC Help Danish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{921F22A4-290B-4B6C-9E8E-B50B58F18ED0}" = TOSHIBA ReelTime
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9817543D-592D-CDA9-B8E5-E7BB8DA63F45}" = CCC Help Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA30596-3A38-06B3-5EA2-8AF4B4FE27F2}" = CCC Help Hungarian
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0A61E1A-47BA-DD0F-8B31-2BA14B059258}" = CCC Help Japanese
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A236B4D3-BA07-4864-991E-D58B77A44A08}" = Reel Deal Slots - Nickels and More
"{A2690E7C-D909-4AE6-7C84-F1AC267A9020}" = Catalyst Control Center Graphics Full Existing
"{A35391E7-4D75-FD08-CBE4-0A9DFB944294}" = CCC Help Korean
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5ACFC20-FA4B-3448-431E-D0107C55E435}" = CCC Help English
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D05CD952-F58E-D2AC-D6EA-4178331A356C}" = CCC Help Thai
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D408ADFE-DC5B-CA9A-4131-E4D870B07354}" = CCC Help Norwegian
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E8B28B89-FF29-9092-19BC-B2B6779FFA9F}" = Catalyst Control Center Localization All
"{EB46ED09-96A4-3768-D924-B0A105B91D0A}" = ccc-utility
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F7776077-24D8-A51B-1580-46BB742EE0BC}" = CCC Help Greek
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F92DCCC1-0371-916E-78A3-BF9788D39152}" = CCC Help French
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ESET Online Scanner" = ESET Online Scanner v3
"ieSpell" = ieSpell
"ImgBurn" = ImgBurn
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{6B81F4D9-A640-4081-A01D-7CB37F5DF4A4}" = TOSHIBA Bulletin Board
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{921F22A4-290B-4B6C-9E8E-B50B58F18ED0}" = TOSHIBA ReelTime
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Masque Casino Game Pak II" = Masque Casino Game Pak II
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Optus Wireless Broadband" = Optus Wireless Broadband
"OrcaBrowser" = Orca Browser
"PokerTH 0.6.4" = PokerTH
"PROHYBRIDR" = 2007 Microsoft Office system
"Speccy" = Speccy
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2490640985-2758950417-1742238345-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"500 From Special K" = 500 From Special K

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/23/2011 5:58:33 AM | Computer Name = OceanGrove | Source = Application Error | ID = 1000
Description = Faulting application name: NDSTray.exe, version: 8.0.0.36, time stamp:
0x4ae7a8a8 Faulting module name: MSVCR80.dll, version: 8.0.50727.4927, time stamp:
0x4a2752ff Exception code: 0xc000000d Fault offset: 0x00014584 Faulting process id:
0x1014 Faulting application start time: 0x01cbbad73de2ab3b Faulting application path:
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe Faulting module path: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Report
Id: 562c1cc5-26d7-11e0-b528-001e101f4e71

Error - 2/1/2011 2:23:09 AM | Computer Name = OceanGrove | Source = Application Error | ID = 1000
Description = Faulting application name: NDSTray.exe, version: 8.0.0.36, time stamp:
0x4ae7a8a8 Faulting module name: MSVCR80.dll, version: 8.0.50727.4927, time stamp:
0x4a2752ff Exception code: 0xc000000d Fault offset: 0x00014584 Faulting process id:
0xf80 Faulting application start time: 0x01cbc1d6ddbe13a2 Faulting application path:
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe Faulting module path: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Report
Id: bc9a3ffe-2dcb-11e0-9220-001e101fb45e

Error - 2/1/2011 7:48:39 PM | Computer Name = OceanGrove | Source = Application Error | ID = 1000
Description = Faulting application name: NDSTray.exe, version: 8.0.0.36, time stamp:
0x4ae7a8a8 Faulting module name: MSVCR80.dll, version: 8.0.50727.4927, time stamp:
0x4a2752ff Exception code: 0xc000000d Fault offset: 0x00014584 Faulting process id:
0x107c Faulting application start time: 0x01cbc26a804cf787 Faulting application path:
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe Faulting module path: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Report
Id: cac02520-2e5d-11e0-a35e-001e101f82a7

Error - 2/1/2011 8:53:45 PM | Computer Name = OceanGrove | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16700,
time stamp: 0x4cd23213 Faulting module name: mshtml.dll, version: 8.0.7600.16700,
time stamp: 0x4cd24781 Exception code: 0xc0000005 Fault offset: 0x001b6557 Faulting
process id: 0x1478 Faulting application start time: 0x01cbc26a933907d5 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: e2d1075b-2e66-11e0-a35e-001e101f82a7

Error - 2/2/2011 4:26:16 AM | Computer Name = OceanGrove | Source = Application Error | ID = 1000
Description = Faulting application name: NDSTray.exe, version: 8.0.0.36, time stamp:
0x4ae7a8a8 Faulting module name: MSVCR80.dll, version: 8.0.50727.4927, time stamp:
0x4a2752ff Exception code: 0xc000000d Fault offset: 0x00014584 Faulting process id:
0x11c0 Faulting application start time: 0x01cbc2b2d589dfba Faulting application path:
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe Faulting module path: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Report
Id: 19c9577c-2ea6-11e0-a392-001e101f1ed9

Error - 2/2/2011 8:34:56 PM | Computer Name = OceanGrove | Source = Application Error | ID = 1000
Description = Faulting application name: NDSTray.exe, version: 8.0.0.36, time stamp:
0x4ae7a8a8 Faulting module name: MSVCR80.dll, version: 8.0.50727.4927, time stamp:
0x4a2752ff Exception code: 0xc000000d Fault offset: 0x00014584 Faulting process id:
0x1264 Faulting application start time: 0x01cbc33a2da2ddd1 Faulting application path:
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe Faulting module path: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Report
Id: 6c5a02d0-2f2d-11e0-a291-001e101f36d9

Error - 2/3/2011 1:20:04 AM | Computer Name = OceanGrove | Source = Application Error | ID = 1000
Description = Faulting application name: NDSTray.exe, version: 8.0.0.36, time stamp:
0x4ae7a8a8 Faulting module name: MSVCR80.dll, version: 8.0.50727.4927, time stamp:
0x4a2752ff Exception code: 0xc000000d Fault offset: 0x00014584 Faulting process id:
0x107c Faulting application start time: 0x01cbc361f6cb982d Faulting application path:
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe Faulting module path: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Report
Id: 4177e6cd-2f55-11e0-8a93-001e101f79c9

Error - 2/3/2011 1:49:16 AM | Computer Name = OceanGrove | Source = Application Error | ID = 1000
Description = Faulting application name: NDSTray.exe, version: 8.0.0.36, time stamp:
0x4ae7a8a8 Faulting module name: MSVCR80.dll, version: 8.0.50727.4927, time stamp:
0x4a2752ff Exception code: 0xc000000d Fault offset: 0x00014584 Faulting process id:
0x46c Faulting application start time: 0x01cbc36612fe7acb Faulting application path:
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe Faulting module path: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Report
Id: 55d8e423-2f59-11e0-9d18-001e101f1838

Error - 2/3/2011 9:42:44 PM | Computer Name = OceanGrove | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16700,
time stamp: 0x4cd23213 Faulting module name: mshtml.dll, version: 8.0.7600.16700,
time stamp: 0x4cd24781 Exception code: 0xc0000005 Fault offset: 0x001b6557 Faulting
process id: 0x159c Faulting application start time: 0x01cbc405a661c412 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 0f028e81-3000-11e0-b03e-705ab6744970

Error - 2/5/2011 2:36:55 AM | Computer Name = OceanGrove | Source = Application Error | ID = 1000
Description = Faulting application name: NDSTray.exe, version: 8.0.0.36, time stamp:
0x4ae7a8a8 Faulting module name: MSVCR80.dll, version: 8.0.50727.4927, time stamp:
0x4a2752ff Exception code: 0xc000000d Fault offset: 0x00014584 Faulting process id:
0xb80 Faulting application start time: 0x01cbc4fc4d0a5a79 Faulting application path:
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe Faulting module path: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Report
Id: 529a2cbd-30f2-11e0-84df-001e101f36d9

[ Media Center Events ]
Error - 10/12/2010 9:56:30 PM | Computer Name = OceanGrove | Source = MCUpdate | ID = 0
Description = 12:56:30 PM - Error connecting to the internet. 12:56:30 PM - Unable
to contact server..

Error - 10/12/2010 9:56:38 PM | Computer Name = OceanGrove | Source = MCUpdate | ID = 0
Description = 12:56:35 PM - Error connecting to the internet. 12:56:35 PM - Unable
to contact server..

Error - 10/16/2010 1:46:27 AM | Computer Name = OceanGrove | Source = MCUpdate | ID = 0
Description = 4:46:27 PM - Error connecting to the internet. 4:46:27 PM - Unable
to contact server..

Error - 10/16/2010 1:46:37 AM | Computer Name = OceanGrove | Source = MCUpdate | ID = 0
Description = 4:46:32 PM - Error connecting to the internet. 4:46:32 PM - Unable
to contact server..

Error - 10/16/2010 2:46:42 AM | Computer Name = OceanGrove | Source = MCUpdate | ID = 0
Description = 5:46:42 PM - Error connecting to the internet. 5:46:42 PM - Unable
to contact server..

Error - 10/16/2010 2:46:48 AM | Computer Name = OceanGrove | Source = MCUpdate | ID = 0
Description = 5:46:47 PM - Error connecting to the internet. 5:46:47 PM - Unable
to contact server..

Error - 10/16/2010 3:46:53 AM | Computer Name = OceanGrove | Source = MCUpdate | ID = 0
Description = 6:46:53 PM - Error connecting to the internet. 6:46:53 PM - Unable
to contact server..

Error - 10/16/2010 3:46:58 AM | Computer Name = OceanGrove | Source = MCUpdate | ID = 0
Description = 6:46:58 PM - Error connecting to the internet. 6:46:58 PM - Unable
to contact server..

Error - 10/16/2010 6:37:29 AM | Computer Name = OceanGrove | Source = MCUpdate | ID = 0
Description = 9:37:29 PM - Error connecting to the internet. 9:37:29 PM - Unable
to contact server..

Error - 10/16/2010 6:37:37 AM | Computer Name = OceanGrove | Source = MCUpdate | ID = 0
Description = 9:37:34 PM - Error connecting to the internet. 9:37:34 PM - Unable
to contact server..

[ System Events ]
Error - 12/19/2010 5:20:02 PM | Computer Name = OceanGrove | Source = ipnathlp | ID = 34001
Description =

Error - 12/19/2010 5:20:02 PM | Computer Name = OceanGrove | Source = ipnathlp | ID = 30013
Description =

Error - 12/20/2010 3:06:14 AM | Computer Name = OceanGrove | Source = ipnathlp | ID = 34001
Description =

Error - 12/20/2010 3:06:14 AM | Computer Name = OceanGrove | Source = ipnathlp | ID = 30013
Description =

Error - 12/20/2010 4:18:52 AM | Computer Name = OceanGrove | Source = Service Control Manager | ID = 7034
Description = The AMD External Events Utility service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/20/2010 4:20:04 AM | Computer Name = OceanGrove | Source = ipnathlp | ID = 34001
Description =

Error - 12/20/2010 4:20:04 AM | Computer Name = OceanGrove | Source = ipnathlp | ID = 30013
Description =

Error - 12/20/2010 7:11:00 AM | Computer Name = OceanGrove | Source = Service Control Manager | ID = 7034
Description = The AMD External Events Utility service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/20/2010 7:12:19 AM | Computer Name = OceanGrove | Source = ipnathlp | ID = 34001
Description =

Error - 12/20/2010 7:12:19 AM | Computer Name = OceanGrove | Source = ipnathlp | ID = 30013
Description =


< End of report >




#14 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:38 AM

Posted 25 March 2011 - 08:25 AM

I have just thrown an Avira scan result in also for you - The time taken seems a bit too long with all the free space and lack of used space -
Unless Avira is noted for slow scans ? ?
Highlighted below -

Avira AntiVir Personal
Report file date: Friday, 25 March 2011 23:42

Scanning for 2521420 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : OCEANGROVE

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 7/03/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 10/01/2011 03:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 1/04/2010 01:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 10/01/2011 03:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 12:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 22:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 03:23:50
VBASE002.VDF : 7.11.3.0 1950720 Bytes 9/02/2011 08:44:50
VBASE003.VDF : 7.11.3.1 2048 Bytes 9/02/2011 08:44:50
VBASE004.VDF : 7.11.3.2 2048 Bytes 9/02/2011 08:44:51
VBASE005.VDF : 7.11.3.3 2048 Bytes 9/02/2011 08:44:51
VBASE006.VDF : 7.11.3.4 2048 Bytes 9/02/2011 08:44:52
VBASE007.VDF : 7.11.3.5 2048 Bytes 9/02/2011 08:44:52
VBASE008.VDF : 7.11.3.6 2048 Bytes 9/02/2011 08:44:53
VBASE009.VDF : 7.11.3.7 2048 Bytes 9/02/2011 08:44:54
VBASE010.VDF : 7.11.3.8 2048 Bytes 9/02/2011 08:44:54
VBASE011.VDF : 7.11.3.9 2048 Bytes 9/02/2011 08:44:55
VBASE012.VDF : 7.11.3.10 2048 Bytes 9/02/2011 08:44:55
VBASE013.VDF : 7.11.3.59 157184 Bytes 14/02/2011 04:01:35
VBASE014.VDF : 7.11.3.97 120320 Bytes 16/02/2011 04:01:39
VBASE015.VDF : 7.11.3.148 128000 Bytes 19/02/2011 08:24:19
VBASE016.VDF : 7.11.3.183 140288 Bytes 22/02/2011 04:30:01
VBASE017.VDF : 7.11.3.216 124416 Bytes 24/02/2011 22:42:15
VBASE018.VDF : 7.11.3.251 159232 Bytes 28/02/2011 09:44:20
VBASE019.VDF : 7.11.4.33 148992 Bytes 2/03/2011 03:22:12
VBASE020.VDF : 7.11.4.73 150016 Bytes 6/03/2011 09:01:59
VBASE021.VDF : 7.11.4.108 122880 Bytes 8/03/2011 07:47:24
VBASE022.VDF : 7.11.4.150 133120 Bytes 10/03/2011 13:21:51
VBASE023.VDF : 7.11.4.183 122368 Bytes 14/03/2011 12:09:45
VBASE024.VDF : 7.11.4.228 123392 Bytes 16/03/2011 12:09:47
VBASE025.VDF : 7.11.5.8 246272 Bytes 21/03/2011 02:52:53
VBASE026.VDF : 7.11.5.9 2048 Bytes 21/03/2011 02:52:53
VBASE027.VDF : 7.11.5.10 2048 Bytes 21/03/2011 02:52:54
VBASE028.VDF : 7.11.5.11 2048 Bytes 21/03/2011 02:52:55
VBASE029.VDF : 7.11.5.12 2048 Bytes 21/03/2011 02:52:56
VBASE030.VDF : 7.11.5.13 2048 Bytes 21/03/2011 02:52:56
VBASE031.VDF : 7.11.5.30 96256 Bytes 22/03/2011 02:52:59
Engineversion : 8.2.4.188
AEVDF.DLL : 8.1.2.1 106868 Bytes 10/01/2011 03:23:26
AESCRIPT.DLL : 8.1.3.57 1261947 Bytes 18/03/2011 00:58:13
AESCN.DLL : 8.1.7.2 127349 Bytes 10/01/2011 03:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 10/01/2011 03:23:26
AERDL.DLL : 8.1.9.8 639346 Bytes 17/03/2011 12:10:07
AEPACK.DLL : 8.2.4.12 520567 Bytes 17/03/2011 12:10:05
AEOFFICE.DLL : 8.1.1.17 205177 Bytes 9/03/2011 07:47:56
AEHEUR.DLL : 8.1.2.87 3371383 Bytes 18/03/2011 00:58:10
AEHELP.DLL : 8.1.16.1 246134 Bytes 5/02/2011 10:10:24
AEGEN.DLL : 8.1.5.3 397684 Bytes 18/03/2011 00:58:01
AEEMU.DLL : 8.1.3.0 393589 Bytes 10/01/2011 03:23:18
AECORE.DLL : 8.1.19.2 196983 Bytes 5/02/2011 10:10:16
AEBB.DLL : 8.1.1.0 53618 Bytes 10/01/2011 03:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10/01/2011 03:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 10/01/2011 03:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 03:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 10/01/2011 03:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10/01/2011 03:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 10/01/2011 03:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10/01/2011 03:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 03:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10/01/2011 03:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 03:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 02:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 10/01/2011 03:23:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Friday, 25 March 2011 23:42

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '75' Module(s) have been scanned
Scan process 'avscan.exe' - '28' Module(s) have been scanned
Scan process 'avcenter.exe' - '74' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '32' Module(s) have been scanned
Scan process 'TPCHWMsg.exe' - '24' Module(s) have been scanned
Scan process 'TosSENotify.exe' - '44' Module(s) have been scanned
Scan process 'TPCHSrv.exe' - '44' Module(s) have been scanned
Scan process 'TosSmartSrv.exe' - '40' Module(s) have been scanned
Scan process 'UNS.exe' - '54' Module(s) have been scanned
Scan process 'RSelSvc.exe' - '14' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '51' Module(s) have been scanned
Scan process 'CFIWmxSvcs.exe' - '18' Module(s) have been scanned
Scan process 'YahooMessenger.exe' - '173' Module(s) have been scanned
Scan process 'TMachInfo.exe' - '49' Module(s) have been scanned
Scan process 'CFSwMgr.exe' - '57' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '49' Module(s) have been scanned
Scan process 'NDSTray.exe' - '78' Module(s) have been scanned
Scan process 'DllHost.exe' - '40' Module(s) have been scanned
Scan process 'taskeng.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '111' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '63' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '83' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '68' Module(s) have been scanned
Scan process 'jusched.exe' - '26' Module(s) have been scanned
Scan process 'avgnt.exe' - '55' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '17' Module(s) have been scanned
Scan process 'TosReelTimeMonitor.exe' - '75' Module(s) have been scanned
Scan process 'TosNcCore.exe' - '29' Module(s) have been scanned
Scan process 'Teco.exe' - '32' Module(s) have been scanned
Scan process 'ToshibaServiceStation.exe' - '89' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '45' Module(s) have been scanned
Scan process 'TCrdMain.exe' - '75' Module(s) have been scanned
Scan process 'SmoothView.exe' - '16' Module(s) have been scanned
Scan process 'TPwrMain.exe' - '37' Module(s) have been scanned
Scan process 'KeNotify.exe' - '22' Module(s) have been scanned
Scan process 'CCC.exe' - '156' Module(s) have been scanned
Scan process 'MOM.exe' - '64' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '46' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '45' Module(s) have been scanned
Scan process 'Explorer.EXE' - '163' Module(s) have been scanned
Scan process 'Dwm.exe' - '31' Module(s) have been scanned
Scan process 'taskhost.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '73' Module(s) have been scanned
Scan process 'alg.exe' - '34' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '43' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '63' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '77' Module(s) have been scanned
Scan process 'TecoService.exe' - '24' Module(s) have been scanned
Scan process 'TosCoSrv.exe' - '26' Module(s) have been scanned
Scan process 'TODDSrv.exe' - '23' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'avshadow.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '33' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '22' Module(s) have been scanned
Scan process 'sqlservr.exe' - '58' Module(s) have been scanned
Scan process 'LMS.exe' - '28' Module(s) have been scanned
Scan process 'avguard.exe' - '66' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '15' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned
Scan process 'spoolsv.exe' - '83' Module(s) have been scanned
Scan process 'svchost.exe' - '73' Module(s) have been scanned
Scan process 'svchost.exe' - '92' Module(s) have been scanned
Scan process 'atieclxx.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '82' Module(s) have been scanned
Scan process 'svchost.exe' - '161' Module(s) have been scanned
Scan process 'svchost.exe' - '111' Module(s) have been scanned
Scan process 'svchost.exe' - '96' Module(s) have been scanned
Scan process 'atiesrxx.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'lsass.exe' - '72' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '399' files ).


Starting the file scan:

Begin scan in 'C:\' <S3A8422D005>


End of the scan: Saturday, 26 March 2011 00:15

Used time: 33:16 Minute(s) -

The scan has been done completely.

16607 Scanned directories
240784 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
240784 Files not concerned
1535 Archives were scanned
0 Warnings
0 Notes
531147 Objects were scanned with rootkit scan
0 Hidden objects were found





#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 PM

Posted 25 March 2011 - 05:24 PM

Hello, noknojon.

Sorry about the mispost.

Let's run Combofix...this error can be related to malware if the above steps didn't work.



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares

Edited by etavares, 25 March 2011 - 05:38 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users