1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Malware Or Hardware Issue?

Discussion in 'Malware Removal Help' started by Methodical4u, Feb 14, 2011.

  1. Methodical4u

    Methodical4u Registered Members

    Joined:
    Feb 14, 2011
    Messages:
    61
    Location:
    Md
    Operating System:
    Windows Vista Enterprise
    I posted this in another section and was told to come here and see if it was a malware issue, I originally posted:

    Hey guys, well it's nice to be here and I will just get right to the point... i'd like to sledgehammer this computer, but I have that whole wanting to fix something the more it doesn't work the more I want to fix it. Typically I am able to get things working, but this... no way.

    This is my fiance's computer (a Toshiba satellite) and at some point a "friend" of her Dad's did some work to it, well... I don't know if it was what he did or if it was a virus. I have installed and run antimalwarebytes with nothing showing up, I have AVG that has been run, again finding nothing... I have no idea what the problem is. So as i'm just sort of looking around I realize that the CD drive has an error on in in device manager, so when I went to just try and use a dell resource CD (just to see if it would work) there was nothing.... ok maybe the CD drive is broken right? So I get my external Sony drive... guess what? Nope it won't work either. It says that there are no drivers, so I go and look around and find them, nope it still won't work. The computer is CONSTANTLY running... the fan never shuts off. At one point, there was over 100 processes running at the same time! At the moment there are 81... still WAY to many I know, but the computer will not let me uninstall many of the programs on the computer... it asks for the admin password, I enter it, and it does nothing. Sometimes it seems like a virus, but I know the malwarebytes is a very good program and I thought that it would have at least picked up something... but no, not a thing.

    I can obviously get online, surf the web, do that sort of thing, but not much else. Is there some sort of way that a virus could be hiding that well in the system that neither program would pick it up? Any ideas/suggestions would be appreciated!


    Since then I have tried downloading and running the programs suggested in the malware removal tutorial, but any program there, though I can download it, will NOT let me run it... if I got to it's location and double click it says "Windows cannot find C:\Users\Chris\Downloads\OTR.exe. make sure you typed the name correctly and then try again"

    It's pretty much the same with any program, sometimes they will install, and sometimes not.
     
  2. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Evan,

    Ok, this is a bit disconcerting.
    It could well be a virus, it could also be something he's screwed up.

    Did you type this or copy it?
    It's meant to be OTL.exe.

    I see from your other thread you are running Vista.
    Unfortunately the screenshot isn't clear enough to see the running process's.

    You say that MBAM found nothing:
    Start Malwarebytes AntiMalware.
    Click on the logs tab.
    The logs are date stamped ... double click on the log that showed the infection items.
    It'll open in notepad.

    Please let me see the report. (copy/paste it in your next reply).

    Let's try this:

    Step 1
    Please reboot your computer in Safe Mode with Networking by doing the following :

    * Restart your computer
    * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    * Instead of Windows loading as normal, a menu with options should appear;
    You will need to use the 'keyboard arrow keys' to navigate on this menu.
    * Select the option, to run Windows in Safe Mode with Networking, then press "Enter".
    * Then choose your usual account.

    Step 2
    Please download RKill.com to your desktop from the following link.:
    Rkill download link
    Download page will open in a new tab or browser window.
    When at the download page, click on the Download Now button to download RKill.com and save it on your desktop.
    Once it is downloaded, double-click on the rkill.com icon.
    If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the malware when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself .

    If the malware is persistant, you may have to run RKill a number of times.
    When it has finished, the black window will automatically close and you can continue with the next step.

    If you continue having problems running rkill.com, you can download iExplore or eXplorer.exe from the rkill download page. Both of these files are renamed copies of rkill.com, which you can try instead. Please note that the download page will open in a new browser window or tab.

    Note
    Please do not reboot your system until you have completed the following step, or the Malware will restart itself:


    Step 3
    Try downloading this version of OTl.

    • Download OTL to your desktop.
      right click on the link and select 'Save Link/Target As'.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check
    .
    [*]Click the Run Scan button.

    [​IMG]

    [*]Do not change any settings unless otherwise told to do so. The scan wont take long.
    [*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    [*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.[/list]

    We can get the custom scan done later, let's see if this version will run first.

    In your next reply, please submit:
    MBAM log
    both reports from OTL if run successfully.


    Thanks.
     
  3. Methodical4u

    Methodical4u Registered Members

    Joined:
    Feb 14, 2011
    Messages:
    61
    Location:
    Md
    Operating System:
    Windows Vista Enterprise
    ok, there was no logs from Malwarebytes on the logs tab... I don't know why...

    I did manage to kill 2 processes with the Rkill which showed the following:

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 02/14/2011 at 20:35:48.
    Operating System: Windows Vista (TM) Home Premium


    Processes terminated by Rkill or while it was running:

    C:\Windows\System32\InfDefaultInstall.exe
    C:\Windows\System32\InfDefaultInstall.exe


    Rkill completed on 02/14/2011 at 20:35:52.


    The OTL EXTRAS is as following...

    OTL Extras logfile created on: 2/14/2011 8:41:25 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Chris\Downloads
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.17037)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 110.32 Gb Total Space | 11.47 Gb Free Space | 10.39% Space Free | Partition Type: NTFS

    Computer Name: GENNIE-PC | User Name: Gennie | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
    "C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02486B0B-006F-40F5-9031-B14EA03C9F37}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1D269B86-5787-4C59-B4A8-DCCD58EE3580}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{20522D68-F408-451C-996B-8395DF19B888}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4D44EB57-A3C0-4B1A-A819-667D71B72140}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{65BA47B7-6A54-42D3-BD8D-D454ED3A06EA}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{76F26861-4804-4FFD-AE9F-4228EFFE8575}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{79E1CB24-C3FD-4102-A094-399A8B849E6A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{7D238789-F21C-4153-846B-F1279BCB6CDB}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{A1F9F274-8EBA-48AF-9E90-906E199D7815}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C8BD375B-AEEF-43A7-B6A0-BCDB46A5D9A8}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{C9729061-FD8B-49E2-92F4-D3368EB2C816}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{222FE6E6-3A37-4DA7-AF7B-FBD98B7885DC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{22A045F2-0354-4DD4-86E6-215CDE5FABE2}" = protocol=17 | dir=in | app=c:\windows\system32\lxdpcoms.exe |
    "{243971B5-0DB4-412D-BCFC-D1DEE0CA3288}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{266241A5-0037-4DE3-994E-C59D71563F38}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
    "{27427CB1-8758-4CD5-BC59-CA7F4CB71CFE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{2E5BC5A7-1B19-4C4A-9F45-41B2E52F5EFC}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{31E5EB34-7C7C-4B59-AD71-76D188D4D897}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{40218C9C-94C6-49EA-8E6F-7ADD9D44E0C5}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
    "{4760EA8C-F232-4ADD-A7AE-3693E37F3B42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{4BAE7D10-0263-453F-85A5-7676087E1A09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4C9C30AD-B478-4DFD-A4A8-87496C364DCF}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{5199C633-893C-4842-8337-E7D69DF1A736}" = protocol=6 | dir=out | app=system |
    "{51B101BA-611A-495A-8750-0932DFF1690A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
    "{5E42605A-5A13-482D-A4DA-AE5D37EE3AE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6193023F-A2FE-4C8C-BADD-2DA5B29AA15F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
    "{77550623-983E-4612-96BE-A20CC8363356}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7DDB90EB-2DE8-4A2A-BE53-8C0B733C8E53}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
    "{8388C65B-AADB-42DA-93A5-2392173C2F42}" = protocol=6 | dir=in | app=c:\windows\system32\lxdpcoms.exe |
    "{9630CE29-6F89-4A0D-B5A0-83B4B6F41031}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{981CF596-0470-4C9E-AF43-E3A2BC2BC613}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
    "{9BBD31A0-EEF7-4DA3-A946-11401FFC92B6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A146FF7A-6B6D-4511-9741-6072A7B8ACD5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A6241025-C433-492B-BFCA-3470F261F93A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
    "{A636D18A-4EDB-41E9-9F5B-92E58FD63721}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{AF4819BE-2CB0-4843-BC62-1B6800B59F00}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
    "{B2518376-0FAB-4250-B589-F8D22971C0D1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{B7411EFD-1CD7-4DB3-9225-46931C240A1F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{CECE45F1-A234-438A-AFF2-F24ADD59884A}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
    "{D916D971-9786-4106-8F00-2757C57AC332}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D9F93CD7-2998-42A9-B95C-1D4248D33725}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
    "{F4297D65-79A9-4B4E-B56D-08194C75D5B0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "TCP Query User{6FC95971-3946-4C54-AF3E-51962B5AAF84}C:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe |
    "TCP Query User{C4825712-66B6-45DF-9A9B-8B172661AE03}C:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe |
    "TCP Query User{D16FFDA8-5253-4D8B-8BEB-2CCFC5A5F7E9}C:\program files\motorola\rsd lite\sdl.exe" = protocol=6 | dir=in | app=c:\program files\motorola\rsd lite\sdl.exe |
    "TCP Query User{EB08A09F-77D1-4470-960C-BB5A58B9E971}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{1703C8D9-C2FE-4857-934D-253F46E26CF7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{455AD32F-47E2-4FD9-A948-F2A6EF8851A3}C:\program files\motorola\rsd lite\sdl.exe" = protocol=17 | dir=in | app=c:\program files\motorola\rsd lite\sdl.exe |
    "UDP Query User{C53AA555-AF5D-470D-9B3B-B48535F1D695}C:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe |
    "UDP Query User{E3D27845-CC74-4AB4-AA26-C363CA96DA86}C:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0020FEE2-7CDB-4250-B04B-81D68D3CA18B}" =
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
    "{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
    "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
    "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1C643154-0ADF-4B4C-AF17-E315C946A54B}" = MotoConnect
    "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
    "{2CD0168D-FBBC-4667-8810-105CB6EC6348}" = HP Deskjet D1600 Printer Driver Software 13.0 Rel .6
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
    "{3F470FED-77A1-4545-BF6E-AF687FF0B42D}" = RSDLite
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "{5727583F-3530-45FD-B09E-7E1CB6C135AD}" = DJ_SF_06_D1600_SW_Min
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
    "{9F153AD3-3523-4542-818E-AE2F92249667}" = SAMSUNG USB Driver for Mobile Phones
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{B1C0D829-FE30-059E-E93F-CDC7A48235C0}" = FlipShare
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
    "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EAE8CF06-28CA-4213-839C-A32817A47E00}" = D1600
    "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
    "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
    "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "AVG8Uninstall" = AVG Free 8.5
    "CAL" = Canon Camera Access Library
    "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
    "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
    "CCleaner" = CCleaner
    "ComcastHSI" = Comcast High-Speed Internet Install Wizard
    "CSCLIB" = Canon Camera Support Core Library
    "Desktop Dialer" = Desktop Dialer
    "DPP" = Canon Utilities Digital Photo Professional 2.2
    "DVDFab 8_is1" = DVDFab 8.0.7.3 (29/01/2011)
    "EOS Utility" = Canon Utilities EOS Utility
    "GolfLogix Course Manager_is1" = GolfLogix Course Manager 3.5
    "Google Desktop" = Google Desktop
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Print Projects" = HP Print Projects 1.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
    "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "Internet Offers from Toshiba" = Internet Offers
    "Internet Scrabble Club_is1" = WordBiz version 1.8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Money2007b" = Microsoft Money Essentials
    "PhotoStitch" = Canon Utilities PhotoStitch
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Game Console" = TOSHIBA Game Console
    "TOSHIBA Media Center Game Console" = TOSHIBA Media Center Game Console
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "winpwn" = winpwn 2.0.0.4
    "WinRAR archiver" = WinRAR 4.00 beta 6 (32-bit)
    "WT017700" = Bejeweled 2 Deluxe
    "WT017710" = Blackhawk Striker 2
    "WT017720" = Blasterball 3
    "WT017760" = Chuzzle Deluxe
    "WT017800" = FATE
    "WT017840" = JEOPARDY
    "WT017910" = Penguins!
    "WT017930" = Polar Bowler
    "WT017940" = Polar Golfer
    "WT017980" = SCRABBLE
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Extras" = Yahoo! Browser Services
    "Yahoo! Mail" = Yahoo! Internet Mail
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Music Engine" = Yahoo! Music Jukebox
    "Yahoo! Toolbar" = Yahoo! Toolbar
    "YInstHelper" = Yahoo! Install Manager
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/14/2011 9:35:10 PM | Computer Name = Gennie-PC | Source = profsvc | ID = 1505
    Description = Windows cannot load the user's profile but has logged you on with
    the default profile for the system. DETAIL - Access is denied.

    Error - 2/14/2011 9:35:10 PM | Computer Name = Gennie-PC | Source = profsvc | ID = 1505
    Description = Windows cannot load the user's profile but has logged you on with
    the default profile for the system. DETAIL - Access is denied.

    Error - 2/14/2011 9:35:58 PM | Computer Name = Gennie-PC | Source = EventSystem | ID = 4609
    Description =

    Error - 2/14/2011 9:38:26 PM | Computer Name = Gennie-PC | Source = profsvc | ID = 1505
    Description = Windows cannot load the user's profile but has logged you on with
    the default profile for the system. DETAIL - Access is denied.

    Error - 2/14/2011 9:38:26 PM | Computer Name = Gennie-PC | Source = profsvc | ID = 1505
    Description = Windows cannot load the user's profile but has logged you on with
    the default profile for the system. DETAIL - Access is denied.

    Error - 2/14/2011 9:38:27 PM | Computer Name = Gennie-PC | Source = profsvc | ID = 1505
    Description = Windows cannot load the user's profile but has logged you on with
    the default profile for the system. DETAIL - Access is denied.

    Error - 2/14/2011 9:38:28 PM | Computer Name = Gennie-PC | Source = profsvc | ID = 1505
    Description = Windows cannot load the user's profile but has logged you on with
    the default profile for the system. DETAIL - Access is denied.

    Error - 2/14/2011 9:38:29 PM | Computer Name = Gennie-PC | Source = profsvc | ID = 1505
    Description = Windows cannot load the user's profile but has logged you on with
    the default profile for the system. DETAIL - Access is denied.

    Error - 2/14/2011 9:39:17 PM | Computer Name = Gennie-PC | Source = EventSystem | ID = 4609
    Description =

    Error - 2/14/2011 9:40:05 PM | Computer Name = Gennie-PC | Source = profsvc | ID = 1505
    Description = Windows cannot load the user's profile but has logged you on with
    the default profile for the system. DETAIL - Access is denied.

    [ Media Center Events ]
    Error - 8/28/2008 7:54:40 AM | Computer Name = Gennie-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/7/2009 7:51:13 PM | Computer Name = Gennie-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 2/12/2011 7:06:03 PM | Computer Name = Gennie-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.37 for the Network Card with network
    address 0016D4FC1CEF has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 2/13/2011 7:06:15 PM | Computer Name = Gennie-PC | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.1.38 on
    the Network Card with network address 0016D4FC1CEF.

    Error - 2/13/2011 11:22:24 PM | Computer Name = Gennie-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.38 for the Network Card with network
    address 0016D4FC1CEF has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 2/14/2011 1:56:02 PM | Computer Name = Gennie-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.12 for the Network Card with network
    address 0016D4FC1CEF has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 2/14/2011 9:27:14 PM | Computer Name = Gennie-PC | Source = DCOM | ID = 10005
    Description =

    Error - 2/14/2011 9:27:25 PM | Computer Name = Gennie-PC | Source = DCOM | ID = 10005
    Description =

    Error - 2/14/2011 9:27:31 PM | Computer Name = Gennie-PC | Source = DCOM | ID = 10005
    Description =

    Error - 2/14/2011 9:27:31 PM | Computer Name = Gennie-PC | Source = DCOM | ID = 10005
    Description =

    Error - 2/14/2011 9:28:01 PM | Computer Name = Gennie-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 2/14/2011 9:28:01 PM | Computer Name = Gennie-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >

    OTL LOG FILE:

    OTL logfile created on: 2/14/2011 8:41:25 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Chris\Downloads
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.17037)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 110.32 Gb Total Space | 11.47 Gb Free Space | 10.39% Space Free | Partition Type: NTFS

    Computer Name: GENNIE-PC | User Name: Gennie | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Chris\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Chris\Downloads\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (McSysmon) -- File not found
    SRV - (McShield) -- File not found
    SRV - (GoogleDesktopManager-110309-193829) -- File not found
    SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe ()
    SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
    SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
    SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (lxdp_device) -- C:\Windows\System32\lxdpcoms.exe ( )
    SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
    SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
    SRV - (pinger) -- C:\Toshiba\IVP\ISM\pinger.exe ()
    SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
    SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
    SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
    SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
    SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
    SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
    DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
    DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
    DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
    DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
    DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
    DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
    DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
    DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
    DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
    DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
    DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
    DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
    DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
    DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
    DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
    DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
    DRV - (MRV6X32U) Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x) -- C:\Windows\System32\drivers\MRVW24B.sys (Marvell Semiconductor, Inc)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
    DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
    DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
    DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
    DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
    DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
    DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
    DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
    DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
    DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
    DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
    DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
    DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
    DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
    DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
    DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
    DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
    DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
    DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
    DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
    DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
    DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
    DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
    DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
    DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
    DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
    DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
    DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
    DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
    DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
    DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
    DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
    DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
    DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
    DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
    DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
    DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
    DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
    DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
    DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
    DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
    DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
    DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
    DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
    DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
    DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
    DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
    DRV - (KR3NPXP) -- C:\Windows\system32\drivers\kr3npxp.sys (TOSHIBA CORPORATION)
    DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
    DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
    DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
    DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
    DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/06 21:38:00 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
    O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
    O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NDSTray.exe] File not found
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
    O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\RunOnce: [] C:\Program Files\HP\Print Projects\Common01\Bin\HpqWLPG03.exe (Hewlett-Packard Co.)
    O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - AppInit_DLLs: (AVGRSSTX.DLL) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/12 20:16:23 | 000,000,000 | ---D | C] -- C:\RMVFLTR.TEMP
    [2011/02/12 20:16:23 | 000,000,000 | ---D | C] -- \RMVFLTR.TEMP
    [2011/02/10 17:52:29 | 001,416,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01005.dll
    [2011/02/10 17:52:29 | 001,416,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfCoInstaller01005.dll
    [2011/02/10 17:52:29 | 000,010,216 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwhnt.sys
    [2011/02/10 17:52:29 | 000,010,216 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwh.sys
    [2011/02/10 17:52:28 | 000,121,576 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdm.sys
    [2011/02/10 17:52:28 | 000,096,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadbus.sys
    [2011/02/10 17:52:28 | 000,030,312 | ---- | C] (Google Inc) -- C:\Windows\System32\drivers\ssadadb.sys
    [2011/02/10 17:52:28 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdfl.sys
    [2011/02/10 17:52:28 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcmnt.sys
    [2011/02/10 17:52:28 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcm.sys
    [2011/02/10 17:44:48 | 000,132,424 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdm.sys
    [2011/02/10 17:44:48 | 000,104,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdbus.sys
    [2011/02/10 17:44:48 | 000,014,920 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdfl.sys
    [2011/02/10 17:44:48 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcmnt.sys
    [2011/02/10 17:44:48 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcm.sys
    [2011/02/10 17:44:48 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwhnt.sys
    [2011/02/10 17:44:48 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwh.sys
    [2011/02/10 17:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2011/02/10 17:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2011/02/10 17:17:03 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
    [2011/02/10 17:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
    [2011/02/10 17:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
    [2011/02/06 01:15:26 | 000,000,000 | ---D | C] -- C:\!KillBox
    [2011/02/06 01:15:26 | 000,000,000 | ---D | C] -- \!KillBox
    [2011/02/06 00:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
    [2011/02/05 20:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
    [2011/02/04 20:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011/02/04 20:09:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011/02/04 19:21:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2011/02/04 12:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8
    [2011/02/04 12:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 8
    [2009/10/20 17:59:04 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdpcoin.dll
    [2007/11/19 22:13:22 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdppmui.dll
    [2007/11/19 22:09:44 | 001,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdpserv.dll
    [2007/11/19 22:06:32 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdplmpm.dll
    [2007/11/19 22:06:32 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdpiesc.dll
    [2007/11/19 22:06:18 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdpcomm.dll
    [2007/11/19 22:05:08 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdphbn3.dll
    [2007/11/19 22:04:50 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdpusb1.dll
    [2007/11/19 22:04:28 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdpcomc.dll
    [2007/11/19 22:03:22 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdpprox.dll
    [2007/11/19 22:01:20 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdpinpa.dll
    [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/02/14 20:26:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/02/14 20:24:10 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-903708157-4245715410-21210898-1001Core.job
    [2011/02/14 20:23:10 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/02/14 20:23:10 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/02/14 20:15:32 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/02/14 20:15:32 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/02/14 20:14:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
    [2011/02/14 20:14:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/02/14 19:44:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-903708157-4245715410-21210898-1001UA.job
    [2011/02/14 18:13:59 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/02/14 09:29:43 | 071,156,134 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
    [2011/02/04 20:09:34 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/02/04 12:32:14 | 000,000,827 | ---- | M] () -- C:\Users\Default\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
    [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/02/14 20:35:48 | 000,000,370 | ---- | C] () -- \rkill.log
    [2011/02/14 20:14:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
    [2011/02/04 20:09:34 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/02/04 12:32:14 | 000,000,827 | ---- | C] () -- C:\Users\Default\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
    [2010/07/06 21:26:22 | 000,002,897 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2009/11/22 18:34:39 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
    [2009/11/01 22:30:44 | 000,001,024 | ---- | C] () -- \.rnd
    [2009/07/14 09:02:58 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdpgrd.dll
    [2008/03/31 19:47:44 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdpvs.dll
    [2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
    [2007/11/07 07:12:28 | 000,232,960 | ---- | C] () -- \VC_RED.MSI
    [2007/11/07 07:09:22 | 001,442,522 | ---- | C] () -- \VC_RED.cab
    [2007/11/07 07:03:18 | 000,562,688 | ---- | C] () -- \install.exe
    [2007/11/07 07:03:18 | 000,097,296 | ---- | C] () -- \install.res.1036.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | C] () -- \install.res.3082.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | C] () -- \install.res.1031.dll
    [2007/11/07 07:03:18 | 000,095,248 | ---- | C] () -- \install.res.1040.dll
    [2007/11/07 07:03:18 | 000,091,152 | ---- | C] () -- \install.res.1033.dll
    [2007/11/07 07:03:18 | 000,081,424 | ---- | C] () -- \install.res.1041.dll
    [2007/11/07 07:03:18 | 000,079,888 | ---- | C] () -- \install.res.1042.dll
    [2007/11/07 07:03:18 | 000,076,304 | ---- | C] () -- \install.res.1028.dll
    [2007/11/07 07:03:18 | 000,075,792 | ---- | C] () -- \install.res.2052.dll
    [2007/11/07 07:00:40 | 000,017,734 | ---- | C] () -- \eula.3082.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | C] () -- \eula.2052.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | C] () -- \eula.1042.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | C] () -- \eula.1040.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | C] () -- \eula.1036.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | C] () -- \eula.1031.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | C] () -- \eula.1028.txt
    [2007/11/07 07:00:40 | 000,010,134 | ---- | C] () -- \eula.1033.txt
    [2007/11/07 07:00:40 | 000,005,686 | ---- | C] () -- \vcredist.bmp
    [2007/11/07 07:00:40 | 000,001,110 | ---- | C] () -- \globdata.ini
    [2007/11/07 07:00:40 | 000,000,843 | ---- | C] () -- \install.ini
    [2007/11/07 07:00:40 | 000,000,118 | ---- | C] () -- \eula.1041.txt
    [2007/09/03 17:33:05 | 000,000,158 | ---- | C] () -- \YServer.txt
    [2007/09/01 14:38:19 | 000,000,825 | ---- | C] () -- \net_save.dna
    [2007/08/20 22:52:12 | 000,651,264 | ---- | C] () -- C:\Windows\System32\libeay32.dll
    [2007/08/20 22:52:12 | 000,147,456 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
    [2007/05/11 00:20:53 | 2451,046,400 | -HS- | C] () --
    [2007/03/08 05:38:28 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2007/03/02 01:56:11 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
    [2007/03/02 01:50:05 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
    [2007/03/02 01:50:05 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
    [2007/03/02 01:50:05 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
    [2007/03/02 01:50:05 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
    [2007/03/02 01:50:05 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
    [2007/03/02 01:50:05 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
    [2007/03/02 01:11:48 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
    [2007/03/02 01:11:48 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
    [2007/03/02 01:11:48 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
    [2007/03/02 01:11:48 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
    [2007/03/02 00:27:38 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
    [2007/03/02 00:27:36 | 000,438,840 | RHS- | C] () -- \bootmgr
    [2007/01/31 19:03:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1187.dll
    [2006/12/05 16:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
    [2006/11/24 10:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:25:21 | 000,180,224 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006/11/02 05:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 01:25:08 | 000,000,010 | ---- | C] () -- \config.sys
    [2005/11/23 17:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
    [2005/07/23 00:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

    ========== LOP Check ==========

    [2011/02/14 20:24:40 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
     
  4. Methodical4u

    Methodical4u Registered Members

    Joined:
    Feb 14, 2011
    Messages:
    61
    Location:
    Md
    Operating System:
    Windows Vista Enterprise
    went ahead and did another malwarebytes scan and here is the result... it didn't find anything last time, so this could be just within the last week or so.


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5516

    Windows 6.0.6000 (Safe Mode)
    Internet Explorer 7.0.6000.17037

    2/14/2011 10:49:48 PM
    mbam-log-2011-02-14 (22-49-48).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 269022
    Time elapsed: 52 minute(s), 28 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  5. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Evan

    Unfortunately your MBAM database is about 200 updates behind.
    We'll get to that in a minute.

    Step 1
    Double click on OTL to run it.
    Copy the lines in bold below. (make sure that :Otl is on the first line )

    :eek:tl
    SRV - (McSysmon) -- File not found
    SRV - (McShield) -- File not found
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O4 - HKLM..\Run: [NDSTray.exe] File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)

    :Files
    ipconfig /flushdns /c

    :commands
    [emptytemp]
    [purity]
    [RESETHOSTS]
    [EMPTYFLASH]


    • Return to OTL,
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

      .
    • Click the red Run Fix button.

      [​IMG]
    • OTL will reboot your system once the fix has completed.
    • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

    Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

    if you lose the report, there will be a copy here:
    C:\_OTL\MovedFiles


    Step 2
    Please update MBAM and run another scan:
    Start MBAM
    Click on the Update tab

    .

    Click Check for Updates

    If it says that MBAM needs to close to update it... let it close and then restart.
    Then click the Scan button.

    Don't forget:

    Step 3
    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 23 and save it to your desktop.
    • Scroll down to where it says "Java SE 6 Update 23".
    • Click the "Download JRE" button to the right.
    • select 'Windows' from the Platform down arrow.
    • Read the License Agreement and then check the box that says: "Accept License Agreement".
    • Click Continue.
    • The page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
      .
      Java™ SE Runtime Environment 6
      Java™ 6 Update 18

      .
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u23-windows-i586-p.exe to install the newest version.


    In your next reply, please submit:
    Otl fix report
    new MBAM scan report


    Thanks.
     
    Last edited by a moderator: Feb 4, 2014
  6. Methodical4u

    Methodical4u Registered Members

    Joined:
    Feb 14, 2011
    Messages:
    61
    Location:
    Md
    Operating System:
    Windows Vista Enterprise
     
  7. Methodical4u

    Methodical4u Registered Members

    Joined:
    Feb 14, 2011
    Messages:
    61
    Location:
    Md
    Operating System:
    Windows Vista Enterprise
    ok, I tried to uninstall the other Java versions and I got this message

    "The Windows Installer Service could not be accessed. This can occur if
    the Windows Installer is not correctly installed. Contact your support personnel for assistance."

    OTL Log:

    All processes killed
    ========== OTL ==========
    Service McSysmon stopped successfully!
    Service McSysmon deleted successfully!
    File File not found not found.
    Error: No service named McShield was found to stop!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McShield deleted successfully.
    File File not found not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Chris\Downloads\cmd.bat deleted successfully.
    C:\Users\Chris\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users
    -> No Temporary Internet Files cache folder defined!

    User: Chris
    -> No Temporary Internet Files cache folder defined!

    User: Default
    -> No Temporary Internet Files cache folder defined!

    User: Default User
    -> No Temporary Internet Files cache folder defined!

    User: Gennie
    -> No Temporary Internet Files cache folder defined!

    User: Public
    -> No Temporary Internet Files cache folder defined!

    User: TEMP
    -> No Temporary Internet Files cache folder defined!

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 622667 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYFLASH]

    User: All Users

    User: Chris

    User: Default

    User: Default User

    User: Gennie

    User: Public

    User: TEMP

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.6 log created on 02152011_114306
     
  8. Methodical4u

    Methodical4u Registered Members

    Joined:
    Feb 14, 2011
    Messages:
    61
    Location:
    Md
    Operating System:
    Windows Vista Enterprise
    ok, I went directly to the site and did the update from there, it did manage to install properly and when I started the program it no longer
    gave me the "this is 32 days out of date thing, so I think it's good to go (I hope) I am scanning now and will post the log shortly. Thanks again for
    all of the help guys.
     
  9. Methodical4u

    Methodical4u Registered Members

    Joined:
    Feb 14, 2011
    Messages:
    61
    Location:
    Md
    Operating System:
    Windows Vista Enterprise
    I am GUESSING this is the updated version? Here is the log...


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5750

    Windows 6.0.6000 (Safe Mode)
    Internet Explorer 7.0.6000.17037

    2/15/2011 3:15:39 PM
    mbam-log-2011-02-15 (15-15-39).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 273784
    Time elapsed: 59 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  10. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Evan,

    Do you have the Vista installation disc?

    There seems to be a few problems which we need to sort out.

    Plus i see that not all downloads are going to the 'C' drive .... some aren't even being assigned to a drive.
    We really need to perform a 'Repair Install' to try and sort this out.
     
  11. Methodical4u

    Methodical4u Registered Members

    Joined:
    Feb 14, 2011
    Messages:
    61
    Location:
    Md
    Operating System:
    Windows Vista Enterprise
    unfortunately I do not have the Vista disc... I have a Dell resource CD, but it was for Windows XP (which I would prefer anyway, since i'm more
    familiar with it) but it does have device drivers and diagnostics and utilities. I have looked all over here for the Vista CD but nothing. I MAY have the XP install disc at mmy Mother's house... I looked last week and couldn't find it though, let me know if any of these will work. Thanks!
     
  12. Methodical4u

    Methodical4u Registered Members

    Joined:
    Feb 14, 2011
    Messages:
    61
    Location:
    Md
    Operating System:
    Windows Vista Enterprise
    Well, I just got in from my Mother's house and I could not find the disc to save my life. I have NO idea what happened to it. Why is it that all of the discs that I need are missing all of a sudden? lol That's the law of anything that can go wrong WILL I suppose. Anyway, do you guys have any other ideas?
     
  13. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Evan,

    No, that won't work.

    Let's try this:

    click Start >> All Programs >> Accessories >> right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
    Type the following command, and then press ENTER:

    sfc /scannow
    (note the gap between c and / )

    The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.
    Sometimes it will ask for the installation disc, sometimes it'll take any files it needs from a cache folder. ( fingers crossed)
     
  14. Methodical4u

    Methodical4u Registered Members

    Joined:
    Feb 14, 2011
    Messages:
    61
    Location:
    Md
    Operating System:
    Windows Vista Enterprise
    ok I got this message "Windows Resource Protection found corrupt files, but was unable to fix some of them. Details are included in the CBS.log"
    It says a few other things, but basically just tells you where the log is located, but when I try to double click the log it says "Access is denied"... i'm soooooo surprised lol. When I try to attach it, it says "CBS You don't have permission to open this file, contact the owner or an administrator to obtain permission"
     
  15. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Evan,

    No huge surprise there then.
    There is a program that can sometimes replace/correct files altered by malware.
    We have nothing to lose in trying it.

    Download Dr.Web CureIt to the desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
    • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
    • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, select Complete scan.
    • Click the green arrow [​IMG] at the right, and the scan will start.
    • Click Yes to all if it asks if you want to cure/move the file.
    • When the scan has finished, in the menu, click File and choose Save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

    NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.


    I'll be away for most of the day, so won't be able to reply until late this evening.
     
  16. Methodical4u

    Methodical4u Registered Members

    Joined:
    Feb 14, 2011
    Messages:
    61
    Location:
    Md
    Operating System:
    Windows Vista Enterprise
    here it is... took like 10 hours to scan!

    setup.exe\PPCInstall.dll;C:\Program Files\Internet Offers\FSCOMMAND\setup.exe;Probably STPAGE.Trojan;;
    setup.exe;C:\Program Files\Internet Offers\FSCOMMAND;Container contains infected objects;;
    penguins-WT.exe;C:\Program Files\TOSHIBA Games\Penguins!;Trojan.DownLoader1.15090;;
    f_0001c2\gziped.gz;C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001c2;Probably SCRIPT.Virus;;
    f_0001c2;C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Cache;Archive contains infected objects;Moved.;
    f_00078d\gziped.gz;C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00078d;Probably SCRIPT.Virus;;
    f_00078d;C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Cache;Archive contains infected objects;Moved.;
     
  17. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Evan

    Yes, sometimes it is a very lengthy scan.

    There's still some malware in there.
    Let's see what this tells us.

    Btw:
    You may get a message saying you have to uninstall AVG.
    Combofix won't run correctly if AVG is on the system.
    So best to remove it before installing Combofix.


    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2

    [​IMG]


    [​IMG]

    This is an example, you may rename ComboFix to anything you want.

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
      For more information read:
      How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

      Then:

      Double click on Combo-Fix.exe & follow the prompts.

      Vista/Win7 users should right click on the icon and select Run as Administrator.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

      If running Vista/Win7, you may not see this screen
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Thanks
     
  18. Methodical4u

    Methodical4u Registered Members

    Joined:
    Feb 14, 2011
    Messages:
    61
    Location:
    Md
    Operating System:
    Windows Vista Enterprise
    ok i've tried EVERYTHING to get AVG either uninstalled, disabled, anything and I cannot get combofix to run until it's gone... when I try to delete or uninstall AVG this POS won't let me... I don't know what else to do... went to task manager to try to turn off the process... read the thing on how to disable... can't find anything on what it's talking about... getting irritated with this thing now.
     
  19. Methodical4u

    Methodical4u Registered Members

    Joined:
    Feb 14, 2011
    Messages:
    61
    Location:
    Md
    Operating System:
    Windows Vista Enterprise
    got it disabled, but combofix says it has to be uninstalled.. AVG will not uninstall... pretty well stuck.
     
  20. Methodical4u

    Methodical4u Registered Members

    Joined:
    Feb 14, 2011
    Messages:
    61
    Location:
    Md
    Operating System:
    Windows Vista Enterprise
    ComboFix Log:


    ComboFix 11-02-17.02 - SYSTEM 02/18/2011 13:57:18.1.2 - x86 NETWORK
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1502 [GMT -5:00]
    Running from: c:\users\Chris\Downloads\Combo-Fix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Install.exe
    c:\programdata\Desktop
    c:\programdata\xp
    c:\programdata\xp\EBLib.dll
    c:\programdata\xp\TPwSav.sys
    c:\windows\system32\Thumbs.db

    .
    ((((((((((((((((((((((((( Files Created from 2011-01-18 to 2011-02-18 )))))))))))))))))))))))))))))))
    .

    2011-02-18 19:05 . 2011-02-18 19:05 -------- d-----w- c:\users\TEMP\AppData\Local\temp
    2011-02-18 19:05 . 2011-02-18 19:05 -------- d-----w- c:\users\Gennie\AppData\Local\temp
    2011-02-18 18:53 . 2011-02-18 18:53 -------- d-----w- C:\32788R22FWJFW
    2011-02-18 18:48 . 2011-02-18 18:48 -------- d-----w- c:\program files\Perfect Uninstaller
    2011-02-18 16:18 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{635A8AE5-A11E-46C4-9CF0-3179AE9E0428}\mpengine.dll
    2011-02-17 15:58 . 2011-02-17 18:34 -------- d-----w- c:\users\Chris\DoctorWeb
    2011-02-15 16:43 . 2011-02-15 16:43 -------- d-----w- C:\_OTL
    2011-02-15 01:57 . 2011-02-15 01:57 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
    2011-02-13 01:16 . 2011-02-13 01:16 -------- d-----w- C:\RMVFLTR.TEMP
    2011-02-10 22:52 . 2010-05-25 07:59 1416680 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
    2011-02-10 22:52 . 2010-05-25 07:59 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
    2011-02-10 22:52 . 2010-05-25 07:59 10216 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
    2011-02-10 22:52 . 2010-05-25 07:59 10216 ----a-w- c:\windows\system32\drivers\ssadwh.sys
    2011-02-10 22:52 . 2010-05-25 07:59 96488 ----a-w- c:\windows\system32\drivers\ssadbus.sys
    2011-02-10 22:52 . 2010-05-25 07:59 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
    2011-02-10 22:52 . 2010-05-25 07:59 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
    2011-02-10 22:52 . 2010-05-25 07:59 121576 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
    2011-02-10 22:52 . 2010-05-25 07:59 10344 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
    2011-02-10 22:52 . 2010-05-25 07:59 10344 ----a-w- c:\windows\system32\drivers\ssadcm.sys
    2011-02-10 22:44 . 2010-04-27 02:25 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
    2011-02-10 22:44 . 2010-04-27 02:25 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
    2011-02-10 22:44 . 2010-04-27 02:25 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
    2011-02-10 22:44 . 2010-04-27 02:25 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys
    2011-02-10 22:44 . 2010-04-27 02:25 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
    2011-02-10 22:44 . 2010-04-27 02:25 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys
    2011-02-10 22:44 . 2010-04-27 02:25 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys
    2011-02-10 22:43 . 2011-02-10 22:43 58704 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{9F153AD3-3523-4542-818E-AE2F92249667}\ARPPRODUCTICON.exe
    2011-02-10 22:16 . 2011-02-10 22:16 -------- d-----w- c:\program files\SAMSUNG
    2011-02-10 22:16 . 2011-02-10 22:16 -------- d-----w- c:\programdata\Samsung
    2011-02-06 06:17 . 2011-02-06 06:17 -------- d-----w- c:\users\TEMP\AppData\Local\Google
    2011-02-06 06:17 . 2011-02-06 06:17 -------- d-----w- c:\users\TEMP\AppData\Roaming\Yahoo!
    2011-02-06 06:15 . 2011-02-06 06:41 -------- d-----w- C:\!KillBox
    2011-02-06 05:40 . 2011-02-06 05:40 388096 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2011-02-06 05:40 . 2011-02-06 05:40 -------- d-----w- c:\program files\TrendMicro
    2011-02-06 01:18 . 2011-02-06 01:18 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2011-02-05 01:09 . 2011-02-05 01:09 -------- d-----w- c:\program files\CCleaner
    2011-02-04 17:32 . 2011-02-04 17:32 -------- d-----w- c:\program files\DVDFab 8

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-20 23:09 . 2011-01-14 03:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2011-01-14 03:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-09 08:20 . 2010-12-09 08:20 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-31 131072]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-31 151552]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-31 126976]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
    "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
    "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 835584]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-23 116040]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=AVGRSSTX.DLL c:\progra~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
    2007-02-13 16:30 405504 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
    2006-11-07 01:14 34352 ----a-w- c:\program files\Toshiba\Utilities\KeNotify.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 135664]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
    R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe [2007-11-20 589824]
    R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-05-25 30312]
    R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
    R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\DRIVERS\MRVW24B.sys [2007-01-19 312320]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-05-25 96488]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-05-25 12776]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-05-25 121576]
    R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
    R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys [x]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 04:22]

    2011-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 04:22]

    2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-903708157-4245715410-21210898-1001Core.job
    - c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-26 16:15]

    2011-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-903708157-4245715410-21210898-1001UA.job
    - c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-26 16:15]
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-RunOnce-<NO NAME> - (no file)
    MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
    AddRemove-HP Imaging Device Functions - c:\program files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe
    AddRemove-HP Print Projects - c:\program files\HP\Digital Imaging\HPPrintProjects\hpzscr01.exe
    AddRemove-HP Smart Web Printing - c:\program files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe
    AddRemove-HP Solution Center & Imaging Support Tools - c:\program files\HP\Digital Imaging\eSupport\hpzscr01.exe
    AddRemove-HPExtendedCapabilities - c:\program files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe
    AddRemove-Shop for HP Supplies - c:\program files\HP\Digital Imaging\HPSSupply\hpzscr01.exe
    AddRemove-{2CD0168D-FBBC-4667-8810-105CB6EC6348} - c:\program files\HP\Digital Imaging\{2CD0168D-FBBC-4667-8810-105CB6EC6348}\setup\hpzscr01.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-02-18 14:05
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-02-18 14:07:59
    ComboFix-quarantined-files.txt 2011-02-18 19:07

    Pre-Run: 12,653,211,648 bytes free
    Post-Run: 23,643,803,648 bytes free

    - - End Of File - - 96355FF8ECE7726E19C1591325E58B8F
     

Share This Page