Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Antivirus scan issue

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Sat Mar 31, 2012 6:54 pm    Post subject: Antivirus scan issue Reply with quote

Hi,

I have been having an issue the past few weeks whenever I run my Norton Antivirus software. Each week it seems that I have more and more files that need to be scanned despite the fact that I am not downloading or saving anything to my computer. It is taking anywhere from 4-6 hours for the scans to complete. I delete mt temp files each day prior to logging off my computer, but I notice that when the antivirus scan gets to the following folder, it is the one that is taking the most time to scan. The folder is -

C:\Users\mrc1966\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5

I tried to locate the folder to see if there was anything I could delete from it but I couldn't find it. But since the number of files keeps going up I thought I might have another issue so that is why I am posting this. I appreciate any help you can provide.

Here are the DDS logs that you request -

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by mrc1966 at 22:45:20 on 2012-03-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1437 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\system32\lxczcoms.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\ccSvcHst.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Users\mrc1966\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\ytbb.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://headlines.verizon.com/headlines/portals/headlines.portal
uDefault_Page_URL = hxxp://start.toshiba.com/g/
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: {01a9f101-65b6-43c4-aad2-a43dbfa918b0} - C:\windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [SansaDispatch] C:\Users\mrc1966\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [conhost] C:\Users\mrc1966\AppData\Roaming\Microsoft\conhost.exe
uRun: [1523339324] C:\Users\mrc1966\AppData\Local\Temp\tmph8447336620813263641.tmp
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{15601A1F-E3D7-48B7-B872-6CD9CC4A8572} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{15601A1F-E3D7-48B7-B872-6CD9CC4A8572}\2716D616461673 : DhcpNameServer = 172.20.100.1
TCP: Interfaces\{AB16B5DE-A512-4CBB-8C63-28385540EC29} : DhcpNameServer = 10.0.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
C:\windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NAVx64\1207000.00D\SYMDS64.SYS --> C:\windows\system32\drivers\NAVx64\1207000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NAVx64\1207000.00D\SYMEFA64.SYS --> C:\windows\system32\drivers\NAVx64\1207000.00D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-20 1157240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120330.002\IDSviA64.sys [2012-3-31 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NAVx64\1207000.00D\Ironx64.SYS --> C:\windows\system32\drivers\NAVx64\1207000.00D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NAVx64\1207000.00D\SYMNETS.SYS --> C:\windows\system32\Drivers\NAVx64\1207000.00D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\ccsvchst.exe [2012-1-31 130008]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-1-16 2320920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-4 138360]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-1-16 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 253600]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\windows\system32\drivers\BVRPMPR5a64.SYS --> C:\windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-31 08:52:17 -------- d--h--w- C:\windows\AxInstSV
2012-03-29 11:46:10 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-03-14 07:11:12 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-14 07:11:10 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:11:10 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-14 01:20:07 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-03-14 01:20:05 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-03-14 01:20:05 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-03-13 17:35:26 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-13 17:35:26 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-13 17:35:26 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-13 17:35:25 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-03-13 17:35:24 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-13 17:35:24 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-13 17:35:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-03-31 09:03:00 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-08 10:01:11 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-01-04 10:44:20 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
.
============= FINISH: 22:45:40.92 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/11/2011 10:25:00 PM
System Uptime: 3/31/2012 1:47:25 PM (9 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz | CPU | 2133/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 389.86 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP133: 3/8/2012 5:00:03 AM - Installed Java(TM) 6 Update 31
RP134: 3/14/2012 3:00:34 AM - Windows Update
RP135: 3/29/2012 9:57:16 AM - Installed TurboTax 2011 wrapper
RP136: 3/29/2012 12:19:01 PM - Installed TurboTax 2011 wpaiper
RP137: 3/29/2012 5:49:33 PM - Windows Update
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
AIM 7
Apple Application Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
EA SPORTS online 2008
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
Label@Once 1.0
Mesh Runtime
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
Norton AntiVirus
PlayReady PC Runtime x86
QuickTime
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Rhapsody
Sansa Updater
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Skype™ 5.5
Spybot - Search & Destroy
swMSM
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wpaiper
TurboTax 2011 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/31/2012 1:49:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NAV service.
3/31/2012 1:47:57 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
3/30/2012 12:12:17 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer SEAN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AB16B5DE-A512-4CBB-8C63-28385540EC29}. The master browser is stopping or an election is being forced.
3/29/2012 12:25:55 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user mrc1966-PC\mrc1966 SID (S-1-5-21-2452566077-2999053393-3465942402-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/25/2012 9:22:25 AM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
.
==== End Of File ===========================
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Sat Mar 31, 2012 11:35 pm    Post subject: Antivirus scan issue Reply with quote

Hi,

I need to add that I am also having issues with my Internet Explorer browser. It is either loading very slowly or freezing up and saying that there is an error and that the browser needs to be closed. The only thing I did recently was to download an updated version of Adobe Flash Player. I tried to install Internet Explorer 9 last night but it came up and said that the download had been stopped because I already have a newer version of that browser installed.

Can you take a look at this issue as well. Thanks.
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Sun Apr 01, 2012 7:53 am    Post subject: Reply with quote

Looking over your log, back soon.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Sun Apr 01, 2012 8:00 am    Post subject: Reply with quote

Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi JediPirate

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.


  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...

    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.



Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

  • As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator


Quote:
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There are signs of infection on your computer, but before we start to remove them I need to run some more scans to see what else might be hiding on your computer.

First


  • Download aswMBR.exe to your desktop.
  • Double click aswMBR.exe to run it



  • Click the SCAN button to start the scan.



  • On completion of the scan click SAVE LOG and save it to your desktop.
  • Post the log contents in your next reply please.


DO NOT ATTEMPT TO REMOVE ANYTHING THAT MAY BE FOUND BY ASWMBR

Next

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.


  • Double click OTL.exe to launch the programme.
  • Check the following.

    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.

  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.

    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)

  • Please post me both logs.


Summary of the logs I need from you in your next post:

  • aswMBR log
  • OTL.txt
  • Extras.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Sun Apr 01, 2012 9:49 am    Post subject: Antivirus Scan issue Reply with quote

Hi Gary,

I completed the scans you requested and here is the aswMBR.txt report -

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-01 13:20:34
-----------------------------
13:20:34.634 OS Version: Windows x64 6.1.7601 Service Pack 1
13:20:34.634 Number of processors: 2 586 0x2505
13:20:34.634 ComputerName: MRC1966-PC UserName: mrc1966
13:20:36.833 Initialize success
13:20:58.786 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:20:58.786 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
13:20:58.802 Disk 0 MBR read successfully
13:20:58.802 Disk 0 MBR scan
13:20:58.817 Disk 0 Windows VISTA default MBR code
13:20:58.833 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
13:20:58.833 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463437 MB offset 3074048
13:20:58.880 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 12002 MB offset 952193024
13:20:58.911 Disk 0 scanning C:\windows\system32\drivers
13:21:05.666 Service scanning
13:21:26.523 Modules scanning
13:21:26.523 Disk 0 trace - called modules:
13:21:26.539
13:21:26.539 Scan finished successfully
13:21:56.615 Disk 0 MBR has been saved successfully to "C:\Users\mrc1966\Desktop\MBR.dat"
13:21:56.615 The log file has been saved successfully to "C:\Users\mrc1966\Desktop\aswMBR.txt"
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Sun Apr 01, 2012 9:52 am    Post subject: Reply with quote

Here is the OTL logfile -

OTL logfile created on: 4/1/2012 1:41:01 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\mrc1966\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 60.45% Memory free
7.60 Gb Paging File | 6.02 Gb Available in Paging File | 79.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.58 Gb Total Space | 389.44 Gb Free Space | 86.05% Space Free | Partition Type: NTFS

Computer Name: MRC1966-PC | User Name: mrc1966 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/01 13:22:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\mrc1966\Desktop\OTL.exe
PRC - [2012/02/29 16:29:41 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2012/01/12 00:44:56 | 000,210,744 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\ytbb.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/05/02 22:19:36 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\mrc1966\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2011/04/22 08:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\ccsvchst.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/03/18 16:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 16:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/02/24 05:54:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/04/27 15:20:02 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
PRC - [2009/04/27 15:19:38 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/29 16:24:17 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/28 16:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/25 23:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 21:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/04/19 15:43:56 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device)
SRV - [2012/03/31 05:03:00 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\ccSvcHst.exe -- (NAV)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 16:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/18 16:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/04/19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxczcoms.exe -- (lxcz_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/05/10 03:16:17 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 01:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/29 09:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/31 03:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/24 17:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 22:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/27 11:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/22 22:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/12 19:49:16 | 000,877,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
DRV:64bit: - [2010/02/09 01:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 17:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 21:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 16:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/27 18:12:36 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV - [2012/03/06 17:04:10 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120330.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012/03/02 14:58:01 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/02/04 05:22:36 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/04 05:22:36 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/03 23:31:15 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120331.009\EX64.SYS -- (NAVEX15)
DRV - [2011/08/03 23:31:15 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120331.009\ENG64.SYS -- (NAVENG)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B8DFDB0F-0342-4222-AA62-8292808C018B}
IE:64bit: - HKLM\..\SearchScopes\{B8DFDB0F-0342-4222-AA62-8292808C018B}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {922C7724-7F10-4262-8BA6-F7BE8B1CFB0F}
IE - HKLM\..\SearchScopes\{922C7724-7F10-4262-8BA6-F7BE8B1CFB0F}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 01 F1 A9 01 B6 65 C4 43 AA D2 A4 3D BF A9 18 B0 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 01 F1 A9 01 B6 65 C4 43 AA D2 A4 3D BF A9 18 B0 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://headlines.verizon.com/headlines/portals/headlines.portal
IE - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 01 F1 A9 01 B6 65 C4 43 AA D2 A4 3D BF A9 18 B0 [binary data]
IE - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000\..\SearchScopes,DefaultScope = {24C9EF3D-1417-40C9-A6C4-3F03CC7AB756}
IE - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000\..\SearchScopes\{24C9EF3D-1417-40C9-A6C4-3F03CC7AB756}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
IE - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000\..\SearchScopes\{922C7724-7F10-4262-8BA6-F7BE8B1CFB0F}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPlgn\ [2012/02/01 03:46:53 | 000,000,000 | ---D | M]

[2011/05/02 22:44:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mrc1966\AppData\Roaming\Mozilla\Extensions
[2011/05/02 22:44:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mrc1966\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/06/27 16:05:56 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Reg Error: Value error.) - {01A9F101-65B6-43C4-AAD2-A43DBFA918B0} - C:\windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000..\Run: [1523339324] C:\Users\mrc1966\AppData\Local\Temp\tmph8447336620813263641.tmp File not found
O4 - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000..\Run: [conhost] C:\Users\mrc1966\AppData\Roaming\Microsoft\conhost.exe File not found
O4 - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000..\Run: [SansaDispatch] C:\Users\mrc1966\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15601A1F-E3D7-48B7-B872-6CD9CC4A8572}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB16B5DE-A512-4CBB-8C63-28385540EC29}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000 Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{931de54c-215d-11e0-8226-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{931de54c-215d-11e0-8226-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/01 13:22:48 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\mrc1966\Desktop\OTL.exe
[2012/03/31 04:52:17 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV
[2012/03/29 17:51:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/29 09:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2011
[2012/03/29 07:46:10 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/03/14 03:11:12 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/03/14 03:11:10 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/03/14 03:11:10 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/03/13 21:20:05 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/03/13 13:35:26 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012/03/13 13:35:26 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012/03/13 13:35:26 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012/03/13 13:35:25 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2012/03/13 13:35:24 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll
[2012/03/08 06:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/08 06:01:22 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012/03/08 06:01:22 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012/03/08 06:01:22 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012/03/07 12:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/01 13:44:01 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/01 13:39:28 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/01 13:39:28 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/01 13:35:59 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/01 13:31:36 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/01 13:31:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/04/01 13:31:21 | 641,613,051 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/04/01 13:31:17 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/01 13:22:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\mrc1966\Desktop\OTL.exe
[2012/04/01 13:21:56 | 000,000,512 | ---- | M] () -- C:\Users\mrc1966\Desktop\MBR.dat
[2012/04/01 13:06:48 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/04/01 13:06:48 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/04/01 13:06:48 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/03/31 05:03:00 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/03/31 05:03:00 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/29 12:18:52 | 000,000,469 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/29 09:58:23 | 000,002,513 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2011.lnk
[2012/03/26 15:22:40 | 000,870,128 | ---- | M] () -- C:\Users\mrc1966\AppData\Roaming\mcs.rma
[2012/03/26 15:22:40 | 000,000,004 | ---- | M] () -- C:\Users\mrc1966\AppData\Roaming\43FD4A
[2012/03/25 16:22:24 | 001,108,748 | ---- | M] () -- C:\Users\mrc1966\Documents\Theresa3.pdf
[2012/03/25 16:21:12 | 001,108,748 | ---- | M] () -- C:\Users\mrc1966\Documents\Theresa2.pdf
[2012/03/25 16:19:42 | 001,108,748 | ---- | M] () -- C:\Users\mrc1966\Documents\Theresa1.pdf
[2012/03/22 20:53:53 | 000,066,577 | ---- | M] () -- C:\Users\mrc1966\Documents\Resume2.pdf
[2012/03/22 20:52:50 | 000,127,564 | ---- | M] () -- C:\Users\mrc1966\Documents\Cover Letter.pdf
[2012/03/14 03:24:21 | 000,321,584 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/03/08 06:01:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2012/03/08 06:01:11 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012/03/08 06:01:11 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012/03/08 06:01:11 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012/03/07 12:53:35 | 000,000,746 | -H-- | M] () -- C:\IPH.PH
[2012/03/07 12:53:26 | 000,001,950 | ---- | M] () -- C:\Users\mrc1966\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2012/03/07 12:53:26 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/01 13:21:56 | 000,000,512 | ---- | C] () -- C:\Users\mrc1966\Desktop\MBR.dat
[2012/03/31 05:03:01 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/03/29 09:58:40 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/29 09:58:23 | 000,002,513 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2011.lnk
[2012/03/25 16:22:10 | 001,108,748 | ---- | C] () -- C:\Users\mrc1966\Documents\Theresa3.pdf
[2012/03/25 16:20:58 | 001,108,748 | ---- | C] () -- C:\Users\mrc1966\Documents\Theresa2.pdf
[2012/03/25 16:19:27 | 001,108,748 | ---- | C] () -- C:\Users\mrc1966\Documents\Theresa1.pdf
[2012/03/22 20:53:52 | 000,066,577 | ---- | C] () -- C:\Users\mrc1966\Documents\Resume2.pdf
[2012/03/22 20:52:49 | 000,127,564 | ---- | C] () -- C:\Users\mrc1966\Documents\Cover Letter.pdf
[2011/07/05 03:36:31 | 000,010,884 | ---- | C] () -- C:\Users\mrc1966\AppData\Roaming\E044.93C
[2011/05/02 21:55:41 | 000,870,128 | ---- | C] () -- C:\Users\mrc1966\AppData\Roaming\mcs.rma
[2011/05/02 21:55:41 | 000,000,004 | ---- | C] () -- C:\Users\mrc1966\AppData\Roaming\43FD4A
[2011/04/28 14:24:14 | 000,000,281 | ---- | C] () -- C:\windows\Lexstat.ini
[2011/04/28 14:23:41 | 000,413,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxczinpa.dll
[2011/04/28 14:23:41 | 000,397,312 | ---- | C] ( ) -- C:\windows\SysWow64\lxcziesc.dll
[2011/04/28 14:23:41 | 000,274,432 | ---- | C] () -- C:\windows\SysWow64\LXCZinst.dll
[2011/04/28 14:23:40 | 001,224,704 | ---- | C] ( ) -- C:\windows\SysWow64\lxczserv.dll
[2011/04/28 14:23:40 | 000,991,232 | ---- | C] ( ) -- C:\windows\SysWow64\lxczusb1.dll
[2011/04/28 14:23:40 | 000,696,320 | ---- | C] ( ) -- C:\windows\SysWow64\lxczhbn3.dll
[2011/04/28 14:23:40 | 000,684,032 | ---- | C] ( ) -- C:\windows\SysWow64\lxczcomc.dll
[2011/04/28 14:23:40 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxczpmui.dll
[2011/04/28 14:23:40 | 000,585,728 | ---- | C] ( ) -- C:\windows\SysWow64\lxczlmpm.dll
[2011/04/28 14:23:40 | 000,537,520 | ---- | C] ( ) -- C:\windows\SysWow64\lxczcoms.exe
[2011/04/28 14:23:40 | 000,421,888 | ---- | C] ( ) -- C:\windows\SysWow64\lxczcomm.dll
[2011/04/28 14:23:40 | 000,413,696 | ---- | C] () -- C:\windows\SysWow64\lxczutil.dll
[2011/04/28 14:23:40 | 000,385,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxczih.exe
[2011/04/28 14:23:40 | 000,381,872 | ---- | C] ( ) -- C:\windows\SysWow64\lxczcfg.exe
[2011/04/28 14:23:40 | 000,181,168 | ---- | C] ( ) -- C:\windows\SysWow64\lxczppls.exe
[2011/04/28 14:23:40 | 000,163,840 | ---- | C] ( ) -- C:\windows\SysWow64\lxczprox.dll
[2011/04/28 14:23:40 | 000,094,208 | ---- | C] ( ) -- C:\windows\SysWow64\lxczpplc.dll
[2010/07/29 09:08:46 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/07/29 09:08:44 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/07/29 09:08:42 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/07/29 08:14:38 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/07/29 08:14:38 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll

========== LOP Check ==========

[2011/04/27 02:32:16 | 000,000,000 | ---D | M] -- C:\Users\mrc1966\AppData\Roaming\acccore
[2011/05/02 22:19:16 | 000,000,000 | ---D | M] -- C:\Users\mrc1966\AppData\Roaming\SanDisk
[2011/05/02 22:44:18 | 000,000,000 | ---D | M] -- C:\Users\mrc1966\AppData\Roaming\TomTom
[2011/03/12 22:43:04 | 000,000,000 | ---D | M] -- C:\Users\mrc1966\AppData\Roaming\Toshiba
[2011/03/11 23:25:49 | 000,000,000 | ---D | M] -- C:\Users\mrc1966\AppData\Roaming\WinBatch
[2012/03/25 01:54:38 | 000,032,622 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Sun Apr 01, 2012 9:54 am    Post subject: Reply with quote

Here is the OTL Extras report -

OTL Extras logfile created on: 4/1/2012 1:41:01 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\mrc1966\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 60.45% Memory free
7.60 Gb Paging File | 6.02 Gb Available in Paging File | 79.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.58 Gb Total Space | 389.44 Gb Free Space | 86.05% Space Free | Partition Type: NTFS

Computer Name: MRC1966-PC | User Name: mrc1966 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Lexmark 1200 Series" = Lexmark 1200 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{39187A4B-7538-4BE7-8BAD-9E83303793AA}" = Toshiba Book Place
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C528316-05A0-4594-A949-94B792EC396C}" = TurboTax 2011 wpaiper
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIM_7" = AIM 7
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"NAV" = Norton AntiVirus
"Rhapsody" = Rhapsody
"TomTom HOME" = TomTom HOME 2.8.2.2264
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2452566077-2999053393-3465942402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/9/2011 4:11:36 PM | Computer Name = mrc1966-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 10/9/2011 4:11:36 PM | Computer Name = mrc1966-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 10/9/2011 7:41:47 PM | Computer Name = mrc1966-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 10/9/2011 9:28:41 PM | Computer Name = mrc1966-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 10/10/2011 2:47:49 AM | Computer Name = mrc1966-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 10/10/2011 9:32:37 AM | Computer Name = mrc1966-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 10/10/2011 11:18:13 AM | Computer Name = mrc1966-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 10/10/2011 3:59:23 PM | Computer Name = mrc1966-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 10/11/2011 2:37:57 AM | Computer Name = mrc1966-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 10/11/2011 9:33:41 AM | Computer Name = mrc1966-PC | Source = Toshiba App Place | ID = 0
Description =

[ System Events ]
Error - 4/1/2012 2:51:02 AM | Computer Name = mrc1966-PC | Source = bowser | ID = 8003
Description =

Error - 4/1/2012 3:27:07 AM | Computer Name = mrc1966-PC | Source = bowser | ID = 8003
Description =

Error - 4/1/2012 8:40:05 AM | Computer Name = mrc1966-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 4/1/2012 8:46:19 AM | Computer Name = mrc1966-PC | Source = DCOM | ID = 10010
Description =

Error - 4/1/2012 9:04:30 AM | Computer Name = mrc1966-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 4/1/2012 9:08:27 AM | Computer Name = mrc1966-PC | Source = DCOM | ID = 10010
Description =

Error - 4/1/2012 12:50:22 PM | Computer Name = mrc1966-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 4/1/2012 1:31:28 PM | Computer Name = mrc1966-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:29:08 PM on ?4/?1/?2012 was unexpected.

Error - 4/1/2012 1:31:37 PM | Computer Name = mrc1966-PC | Source = BugCheck | ID = 1001
Description =

Error - 4/1/2012 1:31:38 PM | Computer Name = mrc1966-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2


< End of report >
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Sun Apr 01, 2012 10:03 am    Post subject: Reply with quote

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-01 13:20:34
-----------------------------
13:20:34.634 OS Version: Windows x64 6.1.7601 Service Pack 1
13:20:34.634 Number of processors: 2 586 0x2505
13:20:34.634 ComputerName: MRC1966-PC UserName: mrc1966
13:20:36.833 Initialize success
13:20:58.786 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:20:58.786 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
13:20:58.802 Disk 0 MBR read successfully
13:20:58.802 Disk 0 MBR scan
13:20:58.817 Disk 0 Windows VISTA default MBR code
13:20:58.833 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
13:20:58.833 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463437 MB offset 3074048
13:20:58.880 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 12002 MB offset 952193024
13:20:58.911 Disk 0 scanning C:\windows\system32\drivers
13:21:05.666 Service scanning
13:21:26.523 Modules scanning
13:21:26.523 Disk 0 trace - called modules:
13:21:26.539
13:21:26.539 Scan finished successfully
13:21:56.615 Disk 0 MBR has been saved successfully to "C:\Users\mrc1966\Desktop\MBR.dat"
13:21:56.615 The log file has been saved successfully to "C:\Users\mrc1966\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-01 13:55:28
-----------------------------
13:55:28.329 OS Version: Windows x64 6.1.7601 Service Pack 1
13:55:28.329 Number of processors: 2 586 0x2505
13:55:28.329 ComputerName: MRC1966-PC UserName: mrc1966
13:55:30.092 Initialize success
13:56:06.654 AVAST engine defs: 12040100
13:56:20.647 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:56:20.647 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
13:56:20.694 Disk 0 MBR read successfully
13:56:20.694 Disk 0 MBR scan
13:56:20.710 Disk 0 Windows VISTA default MBR code
13:56:20.741 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
13:56:20.772 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463437 MB offset 3074048
13:56:20.819 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 12002 MB offset 952193024
13:56:20.881 Disk 0 scanning C:\windows\system32\drivers
13:56:51.225 Service scanning
13:57:23.486 Modules scanning
13:57:23.502 Disk 0 trace - called modules:
13:57:23.533 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:57:24.048 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b63060]
13:57:24.048 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049d1050]
13:57:25.935 AVAST engine scan C:\windows
13:57:28.322 AVAST engine scan C:\windows\system32
14:01:15.089 AVAST engine scan C:\windows\system32\drivers
14:01:35.979 AVAST engine scan C:\Users\mrc1966
14:02:34.338 Disk 0 MBR has been saved successfully to "C:\Users\mrc1966\Desktop\MBR.dat"
14:02:34.338 The log file has been saved successfully to "C:\Users\mrc1966\Desktop\aswMBR.txt"
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Sun Apr 01, 2012 10:14 am    Post subject: Reply with quote

I'm going to be out for the rest of the evening, so it will be tomorrow morning my time (GMT) before I get chance to look through your logs fully.

I'll get back to you with the next set of instructions then.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Sun Apr 01, 2012 9:36 pm    Post subject: Reply with quote

OK, nothing of much concern in the logs you've posted, just what looks like a few remnants from an old infection. We'll take care of them, and empty out your temp files, and then run a general purpose scan to see if that picks up something I might have missed.

First


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:OTL
O2 - BHO: (Reg Error: Value error.) - {01A9F101-65B6-43C4-AAD2-A43DBFA918B0} - C:\windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000..\Run: [1523339324] C:\Users\mrc1966\AppData\Local\Temp\tmph8447336620813263641.tmp File not found
O4 - HKU\S-1-5-21-2452566077-2999053393-3465942402-1000..\Run: [conhost] C:\Users\mrc1966\AppData\Roaming\Microsoft\conhost.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O33 - MountPoints2\{931de54c-215d-11e0-8226-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{931de54c-215d-11e0-8226-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

:Commands
[emptytemp]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go HERE then click on:

Quote:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:



    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: (Selecting Uninstall application on close if you so wish)


Summary of the logs I need from you in your next post:

  • OTL fix log
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Mon Apr 02, 2012 6:05 pm    Post subject: Reply with quote

Hey Gary,

Just wanted to check with you......I have been running the OTL scan for over 2 hrs. now. Is it supposed to take this long to do the repairs and empty the temp file like you listed?
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Mon Apr 02, 2012 9:45 pm    Post subject: Reply with quote

No, it usually takes a very short time to accomplish what it needs to do.

Shut down your computer then re-start it.

When your computer finishes booting look to see if there is a file in .... C:\_OTL\MovedFiles ..... it will be of the form .... mmddyyyy_hhmmss.log (where mdyhms are replaced by numbers representing the date and time the fix was run).

If there is such a file, please open it in Notepad, and post the contents back here please.

Whether there is a log or not, please run the E-Set scan and post me the log from that please.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Mon Apr 02, 2012 9:54 pm    Post subject: Reply with quote

Hey Gary,

I'll check these things tomorrow and get back to you. I let the scan run for 4 1/2 hrs before shutting it down. I have to get going and get some sleep so when I get home from work this evening I'll check and rerun the scan then post the info for you.
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Tue Apr 03, 2012 12:56 am    Post subject: Reply with quote

No problem, talk to you later. Smile
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Tue Apr 03, 2012 5:33 pm    Post subject: Reply with quote

Files\Folders moved on Reboot...
File\Folder C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found!
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found!
File\Folder C:\Users\mrc1966\AppData\Local\Temp\Low\~DF03A889DED0056670.TMP not found!
File move failed. C:\Users\mrc1966\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Tue Apr 03, 2012 7:09 pm    Post subject: Reply with quote

Gary,

I tried to run the OTL scan again (even deleted the program from and reinstalled it to my desktop) and it's still not working. I let it run for over an hour and it just keeps scanning. I am going to run the other scan an post that log now.
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Tue Apr 03, 2012 9:01 pm    Post subject: Reply with quote

OK, thanks for letting me know. Let's see what E-Set turns up.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Wed Apr 04, 2012 4:08 am    Post subject: Reply with quote

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Wed Apr 04, 2012 4:09 am    Post subject: Reply with quote

C:\Users\mrc1966\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DNA0V789\script[6].js JS/TrojanDownloader.HackLoad.AF trojan
C:\Users\mrc1966\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7d358f61-1e5ba442 a variant of Java/TrojanDownloader.OpenStream.NCM trojan
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Wed Apr 04, 2012 4:11 am    Post subject: Reply with quote

Hey Gary,

Not sure if the Eset scanner worked correctly because the only log.txt file it created was the brief one that I posted as the 1st message. The 2nd message was a list of threats that the scan found. Did I do something incorrectly cause I followed the instructions you listed and this is what the scan produced. Let me know if I need to run it again or did something wrong.
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Wed Apr 04, 2012 5:43 am    Post subject: Reply with quote

OK, since OTL is having trouble, let's try using another tool .... we need to run a scan with it first, then when I get the return log from you I'll write a script for it to target the stuff that e-set found.

Download ComboFix from one of these locations and save it to your Desktop: (if you already have a copy of Combofix, delete it and use this version)

Link 1
Link 2

IMPORTANT !!! ComboFix.exe must be run from your Desktop


  • Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. There are details for disabling many programmes here.

  • Double click on ComboFix.exe and follow the prompts.

  • As part of it's process, ComboFix will check to see if Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install Microsoft Windows Recovery Console.


**Please note: If Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you.

Please include this log in your next reply. ......... (it can also be found at C:\ComboFix.txt)

IMPORTANT

  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.

If you have any problems with these instructions, a detailed Tutorial for how to use Combofix is available here.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Thu Apr 05, 2012 9:21 pm    Post subject: Reply with quote

Hey Gary,

Just wanted to let you know that I attempted to run the ComboFix Scan on Wed. night and despite saying that it would take about 20 min. to scan, it actually ran for 2 hrs and wasn't completed at that point. I had to shut the scan down since it was getting late. Because of my work schedule I just wanted to let you know that I will run the scan when I get home this evening that way I can let it run as long as necessary without shutting it down.

It seems as when these scans reach that temp file it is taking forever for the program to complete the scan on it before moving on. I just wanted to keep you updated so you didn't think I had given up on correcting this problem.
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Thu Apr 05, 2012 10:18 pm    Post subject: Reply with quote

Combofix shouldn't take so long to scan, it can sometimes take longer than 20 mins, but 2 hours doesn't sound right.

Don't attempt to run Combofix again.

See if there's a log at C:\Combofix.txt if there is then please post it, if not let me know.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Fri Apr 06, 2012 3:38 pm    Post subject: Reply with quote

There was no log at ComboFix.txt
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Fri Apr 06, 2012 9:29 pm    Post subject: Reply with quote

In that case, please do the following ....


  • Download FRST64 to a USB flash drive.
  • Plug the USB drive into the infected machine.


Boot your computer into Recovery Environment


  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...





  • Select the Command Prompt option.
  • A command window will open.

    • Type notepad then hit Enter.
    • Notepad will open.

      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.


  • Back in the command window ....

    • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.

      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.


  • Close the command window.
  • Boot back into normal mode and post me the FRST.txt log please.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Fri Apr 06, 2012 11:49 pm    Post subject: Reply with quote

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 07-04-2012 03:41:39
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [161304 2010-08-10] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [386584 2010-08-10] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [415256 2010-08-10] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2010-04-28] ()
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1483776 2010-02-25] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [lxczbmgr.exe] "C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [74408 2009-04-27] (Lexmark International, Inc.)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\mrc1966\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-10-14] (Google Inc.)
HKU\mrc1966\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [4321112 2012-02-29] (AOL Inc.)
HKU\mrc1966\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6276408 2011-08-21] (Yahoo! Inc.)
HKU\mrc1966\...\Run: [SansaDispatch] C:\Users\mrc1966\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2011-05-02] (SanDisk Corporation)
HKU\mrc1966\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2011-04-22] (TomTom)
HKU\mrc1966\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [19550344 2011-10-13] (Skype Technologies S.A.)
HKU\mrc1966\...\Policies\system: [DisableRegistryTools] 0
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-03-31] (Adobe Systems Incorporated)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
2 IntuitUpdateService; "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)
2 IntuitUpdateServiceV4; "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [13672 2011-08-25] (Intuit Inc.)
2 lxcz_device; C:\windows\system32\lxczcoms.exe -service [566192 2007-04-19] ( )
2 lxcz_device; C:\windows\SysWow64\lxczcoms.exe -service [537520 2007-04-19] ( )
2 NAV; "C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92592 2011-04-22] (TomTom)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2010-03-18] (Intel Corporation)

========================== Drivers (Whitelisted) =============

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [1157240 2012-03-02] (Symantec Corporation)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 BVRPMPR5a64; C:\Windows\System32\Drivers\BVRPMPR5a64.sys [35840 2009-02-27] (Avanquest Software)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-04] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-04] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120406.002\IDSvia64.sys [488568 2012-03-06] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120406.034\ENG64.SYS [117880 2011-08-03] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120406.034\EX64.SYS [2048632 2011-08-03] (Symantec Corporation)
3 rtl8192Ce; C:\Windows\System32\Drivers\rtl8192Ce.sys [877088 2010-02-12] (Realtek Semiconductor Corporation )
3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1207010.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NAVx64\1207010.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NAVx64\1207010.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NAVx64\1207010.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-09] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\NAVx64\1207010.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
2 MCSTRM; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-06 23:36 - 2012-04-07 03:42 - 0000000 ____D C:\FRST
2012-04-06 15:47 - 2012-04-06 15:47 - 0000000 ___HD C:\Windows\AxInstSV
2012-04-06 15:47 - 2012-04-06 15:47 - 0000000 ____D C:\Program Files (x86)\ESET
2012-04-04 20:00 - 2012-04-04 20:52 - 0000000 ___SD C:\ComboFix
2012-04-04 17:52 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-04-04 17:52 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-04-04 17:52 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-04 17:52 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-04 17:52 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-04 17:52 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-04-04 17:52 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-04-04 17:52 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-04-04 17:51 - 2012-04-04 20:00 - 0000000 ___SD C:\32788R22FWJFW
2012-04-04 17:51 - 2012-04-04 17:51 - 0000000 ____D C:\Windows\ERDNT
2012-04-04 17:51 - 2012-04-04 17:51 - 0000000 ____D C:\Qoobox
2012-04-04 17:49 - 2012-04-04 17:49 - 4456875 ____A (Swearware) C:\Users\mrc1966\Downloads\ComboFix.exe
2012-04-03 17:56 - 2012-04-03 17:56 - 0593920 ____A (OldTimer Tools) C:\Users\mrc1966\Desktop\OTL.exe
2012-04-03 17:20 - 2012-04-03 17:20 - 0072455 ____A C:\Users\mrc1966\Downloads\Standings (5).htm
2012-04-02 15:41 - 2012-04-02 15:41 - 0071157 ____A C:\Users\mrc1966\Downloads\Standings (4).htm
2012-04-01 09:55 - 2012-04-01 09:55 - 4731392 ____A (AVAST Software) C:\Users\mrc1966\Desktop\aswMBR.exe
2012-04-01 09:46 - 2012-04-01 09:46 - 0044078 ____A C:\Users\mrc1966\Desktop\Extras.Txt
2012-04-01 09:31 - 2012-04-01 09:31 - 0279064 ____A C:\Windows\Minidump\040112-31637-01.dmp
2012-04-01 09:28 - 2012-04-01 09:45 - 0088102 ____A C:\Users\mrc1966\Desktop\OTL.Txt
2012-04-01 09:21 - 2012-04-01 10:02 - 0003186 ____A C:\Users\mrc1966\Desktop\aswMBR.txt
2012-04-01 09:21 - 2012-04-01 10:02 - 0000512 ____A C:\Users\mrc1966\Desktop\MBR.dat
2012-03-31 18:44 - 2012-03-31 18:44 - 0607260 ____A (Swearware) C:\Users\mrc1966\Downloads\dds.scr
2012-03-31 01:03 - 2012-04-06 23:02 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-29 05:58 - 2012-03-29 08:18 - 0000469 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.400.32.bc
2012-03-29 05:58 - 2012-03-29 08:18 - 0000469 ____A C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-03-29 05:58 - 2012-03-29 05:58 - 0002513 ____A C:\Users\Public\Desktop\TurboTax 2011.lnk
2012-03-29 03:46 - 2012-03-31 01:03 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-26 10:48 - 2012-03-26 10:48 - 0069906 ____A C:\Users\mrc1966\Downloads\Standings (3).htm
2012-03-26 08:56 - 2012-03-26 08:56 - 0069906 ____A C:\Users\mrc1966\Downloads\Standings (2).htm
2012-03-25 12:22 - 2012-03-25 12:22 - 1108748 ____A C:\Users\mrc1966\Documents\Theresa3.pdf
2012-03-25 12:20 - 2012-03-25 12:21 - 1108748 ____A C:\Users\mrc1966\Documents\Theresa2.pdf
2012-03-25 12:19 - 2012-03-25 12:19 - 1108748 ____A C:\Users\mrc1966\Documents\Theresa1.pdf
2012-03-25 05:31 - 2012-03-25 05:31 - 0010795 ____A C:\Users\mrc1966\Documents\senatorsroster.docx
2012-03-24 11:15 - 2012-03-24 11:15 - 0066284 ____A C:\Users\mrc1966\Downloads\Standings (1).htm
2012-03-22 16:53 - 2012-03-22 16:53 - 0066577 ____A C:\Users\mrc1966\Documents\Resume2.pdf
2012-03-22 16:52 - 2012-03-22 16:52 - 0127564 ____A C:\Users\mrc1966\Documents\Cover Letter.pdf
2012-03-17 23:31 - 2012-03-17 23:31 - 0063825 ____A C:\Users\mrc1966\Downloads\Standings.htm
2012-03-13 23:11 - 2011-11-19 07:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-13 23:11 - 2011-11-19 06:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-13 23:11 - 2011-11-19 06:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-13 17:20 - 2012-02-09 22:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 17:20 - 2012-02-09 21:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 17:20 - 2012-02-02 20:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 09:35 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 09:35 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 09:35 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 09:35 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 09:35 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 09:35 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 09:35 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-12 21:15 - 2012-03-12 21:39 - 0013441 ____A C:\Users\mrc1966\Documents\paulscase.docx
2012-03-08 02:01 - 2012-03-08 02:01 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-03-08 02:01 - 2012-03-08 02:01 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-03-08 02:01 - 2012-03-08 02:01 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

============ 3 Months Modified Files and Folders =============

2012-04-06 23:37 - 2011-01-16 02:40 - 1824441 ____A C:\Windows\WindowsUpdate.log
2012-04-06 23:36 - 2009-07-13 21:13 - 0726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-06 23:02 - 2012-03-31 01:03 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-06 22:49 - 2011-10-29 11:41 - 0000000 ____D C:\Users\mrc1966\AppData\Roaming\Skype
2012-04-06 22:44 - 2010-10-14 20:04 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-06 15:47 - 2012-04-06 15:47 - 0000000 ___HD C:\Windows\AxInstSV
2012-04-06 15:47 - 2012-04-06 15:47 - 0000000 ____D C:\Program Files (x86)\ESET
2012-04-06 15:47 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-06 15:07 - 2009-07-13 20:45 - 0015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-06 15:07 - 2009-07-13 20:45 - 0015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-06 14:58 - 2010-10-14 20:04 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-06 14:58 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-06 14:58 - 2009-07-13 20:51 - 0098724 ____A C:\Windows\setupact.log
2012-04-06 14:57 - 2011-01-16 02:35 - 3062255616 __ASH C:\hiberfil.sys
2012-04-05 20:55 - 2011-04-29 21:15 - 0024200 ____A C:\Users\mrc1966\Documents\Film Release Dates.docx
2012-04-05 19:32 - 2010-10-14 20:32 - 0283332 ____A C:\Windows\PFRO.log
2012-04-04 20:52 - 2012-04-04 20:00 - 0000000 ___SD C:\ComboFix
2012-04-04 20:00 - 2012-04-04 17:51 - 0000000 ___SD C:\32788R22FWJFW
2012-04-04 17:51 - 2012-04-04 17:51 - 0000000 ____D C:\Windows\ERDNT
2012-04-04 17:51 - 2012-04-04 17:51 - 0000000 ____D C:\Qoobox
2012-04-04 17:49 - 2012-04-04 17:49 - 4456875 ____A (Swearware) C:\Users\mrc1966\Downloads\ComboFix.exe
2012-04-04 12:57 - 2011-03-12 15:26 - 0002306 ____A C:\Users\Public\Desktop\Norton AntiVirus.lnk
2012-04-04 12:57 - 2011-03-12 15:25 - 0000000 ____D C:\Windows\System32\Drivers\NAVx64
2012-04-03 17:56 - 2012-04-03 17:56 - 0593920 ____A (OldTimer Tools) C:\Users\mrc1966\Desktop\OTL.exe
2012-04-03 17:20 - 2012-04-03 17:20 - 0072455 ____A C:\Users\mrc1966\Downloads\Standings (5).htm
2012-04-02 15:51 - 2011-01-16 03:04 - 0000000 ____D C:\Users\All Users\Best Buy pc app
2012-04-02 15:51 - 2011-01-16 03:04 - 0000000 ____D C:\ProgramData\Best Buy pc app
2012-04-02 15:41 - 2012-04-02 15:41 - 0071157 ____A C:\Users\mrc1966\Downloads\Standings (4).htm
2012-04-01 10:02 - 2012-04-01 09:21 - 0003186 ____A C:\Users\mrc1966\Desktop\aswMBR.txt
2012-04-01 10:02 - 2012-04-01 09:21 - 0000512 ____A C:\Users\mrc1966\Desktop\MBR.dat
2012-04-01 09:55 - 2012-04-01 09:55 - 4731392 ____A (AVAST Software) C:\Users\mrc1966\Desktop\aswMBR.exe
2012-04-01 09:46 - 2012-04-01 09:46 - 0044078 ____A C:\Users\mrc1966\Desktop\Extras.Txt
2012-04-01 09:45 - 2012-04-01 09:28 - 0088102 ____A C:\Users\mrc1966\Desktop\OTL.Txt
2012-04-01 09:31 - 2012-04-01 09:31 - 0279064 ____A C:\Windows\Minidump\040112-31637-01.dmp
2012-04-01 09:31 - 2011-05-01 12:51 - 641613051 ____A C:\Windows\MEMORY.DMP
2012-04-01 09:31 - 2011-05-01 12:51 - 0000000 ____D C:\Windows\Minidump
2012-03-31 22:25 - 2011-06-20 17:34 - 0007361 ____A C:\Windows\IE9_main.log
2012-03-31 18:44 - 2012-03-31 18:44 - 0607260 ____A (Swearware) C:\Users\mrc1966\Downloads\dds.scr
2012-03-31 18:24 - 2011-12-12 20:06 - 0000000 ____D C:\Program Files (x86)\EA SPORTS
2012-03-31 18:21 - 2011-03-11 19:28 - 0000000 ____D C:\Users\mrc1966\AppData\Local\Google
2012-03-31 18:21 - 2010-10-14 20:04 - 0000000 ____D C:\Program Files (x86)\Google
2012-03-31 12:47 - 2011-10-30 16:12 - 0013280 ____A C:\Users\mrc1966\Documents\Cover Letter.docx
2012-03-31 01:03 - 2012-03-29 03:46 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-31 01:03 - 2011-05-16 10:55 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-29 14:02 - 2011-03-12 18:53 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-29 14:02 - 2011-03-12 18:53 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-29 09:27 - 2011-04-29 18:03 - 0000000 ____D C:\Users\mrc1966\Documents\TurboTax
2012-03-29 08:18 - 2012-03-29 05:58 - 0000469 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.400.32.bc
2012-03-29 08:18 - 2012-03-29 05:58 - 0000469 ____A C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-03-29 05:58 - 2012-03-29 05:58 - 0002513 ____A C:\Users\Public\Desktop\TurboTax 2011.lnk
2012-03-29 05:57 - 2011-04-28 11:47 - 0000000 ____D C:\Program Files (x86)\TurboTax
2012-03-26 11:22 - 2011-05-02 17:55 - 0870128 ____A C:\Users\mrc1966\AppData\Roaming\mcs.rma
2012-03-26 11:22 - 2011-05-02 17:55 - 0000004 ____A C:\Users\mrc1966\AppData\Roaming\43FD4A
2012-03-26 10:48 - 2012-03-26 10:48 - 0069906 ____A C:\Users\mrc1966\Downloads\Standings (3).htm
2012-03-26 08:56 - 2012-03-26 08:56 - 0069906 ____A C:\Users\mrc1966\Downloads\Standings (2).htm
2012-03-25 12:42 - 2011-12-20 14:26 - 0016312 ____A C:\Users\mrc1966\Documents\Resume2.docx
2012-03-25 12:22 - 2012-03-25 12:22 - 1108748 ____A C:\Users\mrc1966\Documents\Theresa3.pdf
2012-03-25 12:21 - 2012-03-25 12:20 - 1108748 ____A C:\Users\mrc1966\Documents\Theresa2.pdf
2012-03-25 12:19 - 2012-03-25 12:19 - 1108748 ____A C:\Users\mrc1966\Documents\Theresa1.pdf
2012-03-25 05:31 - 2012-03-25 05:31 - 0010795 ____A C:\Users\mrc1966\Documents\senatorsroster.docx
2012-03-24 21:54 - 2009-07-13 21:08 - 0032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-24 11:15 - 2012-03-24 11:15 - 0066284 ____A C:\Users\mrc1966\Downloads\Standings (1).htm
2012-03-22 16:53 - 2012-03-22 16:53 - 0066577 ____A C:\Users\mrc1966\Documents\Resume2.pdf
2012-03-22 16:52 - 2012-03-22 16:52 - 0127564 ____A C:\Users\mrc1966\Documents\Cover Letter.pdf
2012-03-17 23:31 - 2012-03-17 23:31 - 0063825 ____A C:\Users\mrc1966\Downloads\Standings.htm
2012-03-14 07:58 - 2011-04-26 22:41 - 0000000 ____D C:\Users\All Users\Yahoo! Companion
2012-03-14 07:58 - 2011-04-26 22:41 - 0000000 ____D C:\ProgramData\Yahoo! Companion
2012-03-13 23:24 - 2009-07-13 20:45 - 0321584 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-13 23:05 - 2011-03-12 19:27 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-12 21:39 - 2012-03-12 21:15 - 0013441 ____A C:\Users\mrc1966\Documents\paulscase.docx
2012-03-08 02:01 - 2012-03-08 02:01 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-03-08 02:01 - 2012-03-08 02:01 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-03-08 02:01 - 2012-03-08 02:01 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-03-08 02:01 - 2011-08-01 00:33 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-03-07 08:53 - 2011-04-26 22:31 - 0001926 ____A C:\Users\Public\Desktop\AIM.lnk
2012-03-07 08:53 - 2011-04-26 22:31 - 0000000 ____D C:\Users\mrc1966\AppData\Local\AIM
2012-03-07 08:53 - 2011-04-26 22:31 - 0000000 ____D C:\Program Files (x86)\AIM
2012-03-07 08:53 - 2011-04-26 22:30 - 0000746 ___AH C:\IPH.PH
2012-02-28 17:07 - 2011-03-17 18:22 - 0000000 ____D C:\Users\mrc1966\AppData\Local\Microsoft Games
2012-02-22 13:47 - 2012-02-22 13:47 - 0042277 ____A C:\Users\mrc1966\Downloads\2009-019LiquorStoreClerks.htm
2012-02-22 13:46 - 2012-02-22 13:46 - 0037289 ____A C:\Users\mrc1966\Downloads\2006-820EntryLevelClericalPositions(LocalGovernment).htm
2012-02-22 13:40 - 2012-02-22 13:40 - 0036572 ____A C:\Users\mrc1966\Downloads\2011-036_Food_Service_Supervisor (1).htm
2012-02-22 13:36 - 2012-02-22 13:36 - 0046145 ____A C:\Users\mrc1966\Downloads\2008-164DriverLicenseCenterPositions(TemporaryandPermanentPositions) (1).htm
2012-02-22 13:29 - 2012-02-22 13:29 - 0037479 ____A C:\Users\mrc1966\Downloads\2010-006_Radio_Telecommunications_Specialists.htm
2012-02-22 13:28 - 2012-02-22 13:28 - 0055764 ____A C:\Users\mrc1966\Downloads\2009-025_Information_Technology_Generalists_and_Administrators.htm
2012-02-20 00:12 - 2012-02-11 01:37 - 0011538 ____A C:\Users\mrc1966\Documents\WWE Monday Night Raw attendees.docx
2012-02-16 22:38 - 2012-03-13 09:35 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 09:35 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 09:35 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 09:35 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 10:43 - 2010-10-14 20:05 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 01:27 - 2011-03-11 19:26 - 0000174 ___SH C:\Users\mrc1966\Start Menu\Programs\Startup\desktop.ini
2012-02-15 01:27 - 2011-03-11 19:26 - 0000174 ___SH C:\Users\mrc1966\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-09 22:36 - 2012-03-13 17:20 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 17:20 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-02 20:34 - 2012-03-13 17:20 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-25 18:53 - 2011-04-28 10:24 - 0000281 ____A C:\Windows\Lexstat.ini
2012-01-24 22:38 - 2012-03-13 09:35 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-13 09:35 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-13 09:35 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-23 17:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-01-22 12:55 - 2011-09-07 19:59 - 0011141 ____A C:\Users\mrc1966\Documents\Fantasy Football Fees.xlsx


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3893.86 MB
Available physical RAM: 3347.08 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3327.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI106033W0C) (Fixed) (Total:452.58 GB) (Free:406.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:7.45 GB) (Free:7.4 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7633 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 452 GB 1501 MB
Partition 3 Primary 11 GB 454 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI106033W0C NTFS Partition 452 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 7633 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2011-11-13 20:35

======================= End Of Log ==========================
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Sat Apr 07, 2012 12:45 pm    Post subject: Reply with quote

OK, the scan looks clean, now lets see if we can use FRST to remove the obstinate temp files.


  • Click Start
  • Type notepad.exe in the search programs and files box and clcik Enter.
  • A blank Notepad page should open.

    • Copy/Paste the contents of the code box below into Notepad.


Code:
Unlock: C:\Users\mrc1966\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DNA0V789
C:\Users\mrc1966\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DNA0V789
Unlock: C:\Users\mrc1966\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7d358f61-1e5ba442
C:\Users\mrc1966\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7d358f61-1e5ba442
C:\Users\All Users\Best Buy pc app
C:\ProgramData\Best Buy pc app



    • Save it to your USB flashdrive as fixlist.txt



NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Boot into Recovery Environment


  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt on your USB flashdrive.

  • Exit out of Recovery Environment and post me the log please.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Sat Apr 07, 2012 5:02 pm    Post subject: Reply with quote

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-07 20:53:46 R:1
Running from F:\

==============================================

permissions for C:\Users\mrc1966\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DNA0V789 restored successfully
C:\Users\mrc1966\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DNA0V789 moved successfully.
permissions for C:\Users\mrc1966\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7d358f61-1e5ba442 restored successfully
C:\Users\mrc1966\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7d358f61-1e5ba442 moved successfully.
C:\Users\All Users\Best Buy pc app moved successfully.
C:\ProgramData\Best Buy pc app not found.

==== End of Fixlog ====
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Sat Apr 07, 2012 9:25 pm    Post subject: Reply with quote

OK, looks good so far.

Now try running a scan with your Norton AV, and see if it's still taking as long to run as it was.

Let me know how things went.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Sun Apr 08, 2012 12:15 am    Post subject: Reply with quote

Hey Gary,

I was out for awhile this evening and won't be able to run the Norton scan until later today. While I have noticed that the speed of my computer has picked up after you had me do the FRST fix, I am still having an issue with my Internet Explorer browser not working properly. It is still freezing up while trying to load a site. It seems to be a particular problem when the site has alot of pictures or ads on it. Is this problem part of the issue that we have been working on? If not is there something that I can do to resolve this? I have tried to install another version of Internet Explorer but during the download it said that I already had a newer version on my computer than the one I was trying to download.

Thanks.
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Sun Apr 08, 2012 1:22 am    Post subject: Reply with quote

Try running these basic Internet Explorer troubleshooting tips ... http://www.malwareremoval.com/forum/viewtopic.php?p=588793#p588793

If that doesn't improve things, then Uninstall your current version of Internet Explorer, reboot your computer, then download and install a new copy.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Sun Apr 08, 2012 2:42 pm    Post subject: Reply with quote

I tried disabling a few of the add-ons but it still seems to be hanging up on certain websites. I'm gonna try to play around with it a little more though. However if I have to delete Internet Explorer and download a new verison, how do I go about doing that if I delete the browser 1st?
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Sun Apr 08, 2012 6:00 pm    Post subject: Reply with quote

Hey Gary,

I ran the Norton Antivirus scan and it took alot less time to run and there were far fewer files for it to scan.
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Sun Apr 08, 2012 10:14 pm    Post subject: Reply with quote

There's a couple of ways to get round the problem of not having a browser if you uninstall IE.

1. Download and install a copy of Firefox first ... http://www.mozilla.org/en-US/ .... and use that to download your new copy of Internet Explorer when you've uninstalled your old copy of Internet Explorer.

2. Download a new copy of IE to a USB drive (or a folder on your Desktop) before you uninstall the old one, you can then run the installer from there.

Personally I'd do both, so that come what may you still have Internet access if something goes amiss.

At the moment I can't give you a set of step by step instructions, because for some reason I can't access the Download server for Internet Explorer.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
JediPirate
Warrior


Joined: 09 Mar 2005
Last Visit: 01 Jan 2014
Posts: 83

PostPosted: Mon Apr 09, 2012 4:10 pm    Post subject: Reply with quote

I managed to re-download Internet Explorer. It seems to be running fine right now.
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Tue Apr 10, 2012 1:07 am    Post subject: Reply with quote

Excellent. In that case I think it's about time we did a little housekeeping, to remove the programs we've been using to clean your computer.

First

Let's clear out Combofix and the files/folders it created

  • Click Start > Run
  • Copy/Paste ComboFix /Uninstall into the Run box.
  • Click OK
  • Combofix will now delete its files and folders and also perform the following function.

    • Clears System Restore cache and creates a new Restore point. This will remove any "malicious" System Restore files, which may have been created whilst your computer was infected.


IMPORTANT

  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


Next

Let's clear out OTL and the files and folders it created.

  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).


Next

Please delete the following .....

aswMBR.exe and any log files it created
FRST64.exe and FRST.txt
fixlist.txt and fixlog.txt


As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?

  • If you are let me know about them.
  • If not it's time to make your computer more secure.


Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.


If your computer is running slowly after your clean up, please read.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Fri Apr 13, 2012 5:28 am    Post subject: Reply with quote

Quote:
This topic is now closed.

If you are the originator of this topic, and you need it re-opened please pm a moderator, including a link to this topic.


If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

Gary R

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group