Possible Infection

**Dev** · 01-03-2011

This morning I was attempting to make an online purchase and was searching for a coupon code for that particular store when a security window popped up warning me of a threat. My anti-virus program Avira supposedly quarantined it:

The file 'C:\Users\Devorah\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0002bb'
contained a virus or unwanted program 'HTML/FakeAlert.clj' [virus]
Action(s) taken:
The file was moved to the quarantine directory under the name '4e73bd55.qua'.

I then scanned with Malewarebytes and selected to remove the infections. Below is the Malewarebytes log. Is this all I need to do or does my computer still need to be cleaned, if so, how should I clean it?

Thanks in advance for your help.

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 5916

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/1/2011 10:34:46 AM
mbam-log-2011-03-01 (10-34-46).txt

Scan type: Quick scan
Objects scanned: 178307
Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\WhiteSmoke (PUP.Whitesmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke (PUP.Whitesmoke) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**broni** · 02-03-2011

Please, complete all steps listed here: HERE

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== =========================

It must be something wrong with your computing habits.
We just cleaned your computer 3 weeks ago.

**Dev** · 02-03-2011

I don't think there is anything wrong with my computing habits, it's just these type of attacks are getting more prevalent. I was just searching in Google for a coupon code to use for an online purchase. I have WOT installed for my browser (that you recommended to install last time). It indicated that the Google link was safe but when I went to the page for the coupon code is when I got the warning/virus.

Btw, thank you so much for taking the time to help me again, you are a blessing.

**Dev** · 02-03-2011

Completed steps, logs below except for GMER log, which was empty, it didn't find anything to log.

=======================

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 5929

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/2/2011 7:11:09 AM
mbam-log-2011-03-02 (07-11-09).txt

Scan type: Quick scan
Objects scanned: 178453
Time elapsed: 5 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

==================

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite P305
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 164):
0x0200C000 \SystemRoot\system32\ntoskrnl.exe
0x02524000 \SystemRoot\system32\hal.dll
0x00602000 \SystemRoot\system32\kdcom.dll
0x0060C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00647000 \SystemRoot\system32\PSHED.dll
0x0065B000 \SystemRoot\system32\CLFS.SYS
0x006B8000 \SystemRoot\system32\CI.dll
0x00803000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EB000 \SystemRoot\system32\drivers\fltmgr.sys
0x00932000 \SystemRoot\system32\drivers\acpi.sys
0x00988000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00991000 \SystemRoot\system32\drivers\msisadrv.sys
0x0099B000 \SystemRoot\system32\drivers\pci.sys
0x009CB000 \SystemRoot\System32\drivers\partmgr.sys
0x009E0000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x009E4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x0076A000 \SystemRoot\system32\drivers\volmgr.sys
0x0077E000 \SystemRoot\System32\drivers\volmgrx.sys
0x009F0000 \SystemRoot\system32\drivers\intelide.sys
0x007E4000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00A05000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A18000 \SystemRoot\system32\drivers\pavboot64.sys
0x00A23000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00B27000 \SystemRoot\system32\drivers\atapi.sys
0x00B2F000 \SystemRoot\system32\drivers\ataport.SYS
0x00B53000 \SystemRoot\system32\drivers\msahci.sys
0x00B5D000 \SystemRoot\system32\drivers\fileinfo.sys
0x00B71000 \SystemRoot\system32\drivers\PCTCore64.sys
0x00C06000 \SystemRoot\system32\drivers\pctDS64.sys
0x00C77000 \SystemRoot\system32\drivers\pctEFA64.sys
0x00D43000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E06000 \SystemRoot\system32\drivers\ndis.sys
0x0100B000 \SystemRoot\system32\drivers\msrpc.sys
0x0105B000 \SystemRoot\system32\drivers\NETIO.SYS
0x01201000 \SystemRoot\System32\drivers\tcpip.sys
0x01377000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01407000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01587000 \SystemRoot\system32\drivers\volsnap.sys
0x015CB000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x010B4000 \SystemRoot\system32\DRIVERS\tos_sps64.sys
0x015D0000 \SystemRoot\System32\Drivers\spldr.sys
0x015D8000 \SystemRoot\System32\Drivers\mup.sys
0x013A3000 \SystemRoot\System32\drivers\ecache.sys
0x015EA000 \SystemRoot\system32\drivers\disk.sys
0x013CF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x0113B000 \SystemRoot\system32\drivers\crcdisk.sys
0x01153000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01160000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x01169000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x01400000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0117C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x02603000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x02C00000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02CE3000 \SystemRoot\System32\drivers\watchdog.sys
0x02CF3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02DE0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02B4F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02DEC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E08000 \SystemRoot\system32\DRIVERS\NETw4v64.sys
0x0311F000 \SystemRoot\system32\DRIVERS\yk60x64.sys
0x03184000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x03196000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x031A6000 \SystemRoot\system32\DRIVERS\o2sdx64.sys
0x031B2000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x031E0000 \SystemRoot\system32\DRIVERS\o2mdx64.sys
0x02B95000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x031ED000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02BAB000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x031FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x01185000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x01191000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x0119B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x011B7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x011C4000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x0240A000 \SystemRoot\system32\DRIVERS\storport.sys
0x02467000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02474000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02497000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x024A3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x024D4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x024E4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02502000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0251A000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0252D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0252F000 \SystemRoot\system32\DRIVERS\ks.sys
0x02563000 \SystemRoot\system32\DRIVERS\QIOMem.sys
0x0256D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02578000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02588000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x025D0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x00BB4000 \SystemRoot\system32\drivers\HdAudio.sys
0x06208000 \SystemRoot\system32\drivers\portcls.sys
0x06243000 \SystemRoot\system32\drivers\drmk.sys
0x06266000 \SystemRoot\system32\drivers\ksthunk.sys
0x0626C000 \SystemRoot\system32\drivers\CHDART64.sys
0x062A8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x062B2000 \SystemRoot\System32\Drivers\Null.SYS
0x062BB000 \SystemRoot\System32\drivers\vga.sys
0x062C9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x062EE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0630A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x06313000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x06323000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0632C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x06337000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x06342000 \SystemRoot\System32\Drivers\Npfs.SYS
0x06353000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x0635C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x06379000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x06389000 \SystemRoot\system32\DRIVERS\smb.sys
0x063A4000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x06405000 \SystemRoot\System32\DRIVERS\netbt.sys
0x06449000 \SystemRoot\system32\drivers\afd.sys
0x064B4000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x064BF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x064DD000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x064E7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x064F6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x06511000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0651A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0652C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06534000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0653F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0658C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x06598000 \SystemRoot\System32\Drivers\dfsc.sys
0x065B5000 \SystemRoot\system32\DRIVERS\PTDUBus.sys
0x065C5000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x063CC000 \SystemRoot\system32\DRIVERS\PTDUMdm.sys
0x065E7000 \SystemRoot\system32\drivers\modem.sys
0x00FC9000 \SystemRoot\system32\DRIVERS\PTDUVsp.sys
0x00DCA000 \SystemRoot\system32\DRIVERS\PTDUWWAN.sys
0x065F6000 \SystemRoot\system32\DRIVERS\PTDUWFLT.sys
0x063F5000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS
0x06603000 \SystemRoot\System32\Drivers\usbvideo.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x0663B000 \SystemRoot\System32\drivers\Dxapi.sys
0x06647000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004D0000 \SystemRoot\System32\TSDDD.dll
0x006B0000 \SystemRoot\System32\cdd.dll
0x008B0000 \SystemRoot\System32\ATMFD.DLL
0x0665A000 \SystemRoot\system32\drivers\luafv.sys
0x0667C000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x06699000 \SystemRoot\system32\drivers\spsys.sys
0x06733000 \SystemRoot\system32\DRIVERS\AegisP.sys
0x0673E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06752000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06786000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x06791000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x08406000 \SystemRoot\system32\drivers\HTTP.sys
0x084A9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x084D2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x084F0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0850A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x08533000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0857C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0859B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08601000 \SystemRoot\System32\DRIVERS\srv.sys
0x08695000 \SystemRoot\system32\drivers\peauth.sys
0x0874B000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08756000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08766000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x08790000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x770B0000 \Windows\System32\ntdll.dll

Processes (total 83):
0 System Idle Process
4 System
460 C:\Windows\System32\smss.exe
592 csrss.exe
644 C:\Windows\System32\wininit.exe
664 csrss.exe
700 C:\Windows\System32\services.exe
720 C:\Windows\System32\lsass.exe
728 C:\Windows\System32\lsm.exe
864 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\winlogon.exe
968 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
1012 C:\Windows\System32\svchost.exe
12 C:\Windows\System32\Ati2evxx.exe
856 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\audiodg.exe
1164 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\SLsvc.exe
1212 C:\Windows\System32\svchost.exe
1336 C:\Windows\System32\Ati2evxx.exe
1400 C:\Windows\System32\svchost.exe
1636 C:\Windows\System32\wlanext.exe
1756 C:\Windows\System32\spoolsv.exe
1792 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1804 C:\Windows\System32\svchost.exe
1960 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
2000 C:\Windows\System32\svchost.exe
2016 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1284 C:\Windows\SysWOW64\atashost.exe
1396 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1384 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1812 C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
2088 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
2184 C:\Windows\SysWOW64\svchost.exe
2228 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2320 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
2380 C:\Windows\System32\svchost.exe
2428 C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
2528 C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
2572 C:\TOSHIBA\IVP\ISM\pinger.exe
2608 C:\Windows\System32\svchost.exe
2632 C:\Windows\System32\svchost.exe
2696 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2776 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2800 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2860 C:\Windows\System32\svchost.exe
2932 C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
2968 C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
2996 C:\Windows\System32\TODDSrv.exe
3032 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
3052 C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
2268 C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
2556 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2772 C:\Windows\System32\svchost.exe
688 C:\Windows\System32\svchost.exe
1536 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3088 C:\Windows\System32\SearchIndexer.exe
3360 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3472 C:\Windows\System32\taskeng.exe
1548 C:\Windows\System32\dwm.exe
3460 C:\Windows\System32\taskeng.exe
1316 C:\Windows\explorer.exe
4300 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
4308 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4324 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
4340 C:\Program Files\Toshiba\SmoothView\SmoothView.exe
4364 C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
4380 C:\Windows\ehome\ehtray.exe
4460 C:\Users\Devorah\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
4504 C:\Windows\ehome\ehmsas.exe
4596 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
4620 C:\Program Files (x86)\iTunes\iTunesHelper.exe
5052 C:\Program Files\iPod\bin\iPodService.exe
4212 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4884 C:\Windows\System32\svchost.exe
4020 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
5252 C:\Windows\System32\SearchProtocolHost.exe
1708 C:\Windows\System32\SearchFilterHost.exe
5296 dllhost.exe
5196 dllhost.exe
852 C:\Users\Devorah\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2046GSX, Rev: LB013M
PhysicalDrive1 Model Number: HitachiHTS542520K9SA00, Rev: BBDOC33P

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61
186 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: B8E2175818464D3FFEB1C1B647995AD0F49BFDB5

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

============

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Devorah at 9:20:51.30 on Wed 03/02/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2546 [GMT -6:00]

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Devorah\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Devorah\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uURLSearchHooks: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files (x86)\IObitCom\tbIObi.dll
mURLSearchHooks: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files (x86)\IObitCom\tbIObi.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files (x86)\IObitCom\tbIObi.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files (x86)\IObitCom\tbIObi.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SansaDispatch] C:\Users\Devorah\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with mediAvatar YouTube Video Converter - C:\Program Files (x86)\mediAvatar\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Devorah\AppData\Roaming\Mozilla\Firefox\P rofiles\1nrbjd4v.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - component: C:\Users\Devorah\AppData\Roaming\Mozilla\Firefox\P rofiles\1nrbjd4v.default\extensions\{29956a1f-dda2-4319-a8cc-30966adea17a}\components\FFExternalAlert.dll
FF - component: C:\Users\Devorah\AppData\Roaming\Mozilla\Firefox\P rofiles\1nrbjd4v.default\extensions\{29956a1f-dda2-4319-a8cc-30966adea17a}\components\RadioWMPCore.dll
FF - component: C:\Users\Devorah\AppData\Roaming\Mozilla\Firefox\P rofiles\1nrbjd4v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Devorah\AppData\Roaming\Mozilla\Firefox\P rofiles\1nrbjd4v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: C:\Users\Devorah\AppData\Roaming\Mozilla\Firefox\P rofiles\1nrbjd4v.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: C:\Users\Devorah\AppData\Roaming\Mozilla\Firefox\P rofiles\1nrbjd4v.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: C:\Users\Devorah\AppData\Roaming\Mozilla\Firefox\P rofiles\1nrbjd4v.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: C:\Users\Devorah\AppData\Local\Google\Update\1.2.1 83.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Hebrew Calendar: {C4A22BA1-6D61-45F1-82A9-140FD33F1110} - %profile%\extensions\{C4A22BA1-6D61-45F1-82A9-140FD33F1110}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Expression Web Toolbar: {29956a1f-dda2-4319-a8cc-30966adea17a} - %profile%\extensions\{29956a1f-dda2-4319-a8cc-30966adea17a}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.co m
FF - Ext: Omnibar: omnibar@ajitk.com - %profile%\extensions\omnibar@ajitk.com
FF - Ext: SEO Doctor: seodoctor@prelovac.com - %profile%\extensions\seodoctor@prelovac.com
FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF - Ext: Html Validator: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} - %profile%\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
FF - Ext: YSlow: yslow@yahoo-inc.com - %profile%\extensions\yslow@yahoo-inc.com
FF - Ext: WCAG Contrast checker: colorchecker@colorcheckerniquelao.net - %profile%\extensions\colorchecker@colorcheckerniqu elao.net
FF - Ext: View Source Chart: {68836a21-fc7d-4ea1-a065-7efabd99d414} - %profile%\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboo t64.sys [2009-6-20 33792]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2011-1-30 257232]
R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2011-1-30 452872]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sy s [2011-1-30 816016]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2008-6-27 531968]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-5-7 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-5-7 267944]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2009-2-16 20376]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgn tflt.sys [2010-5-7 83120]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\CHDART64.sys [2008-2-1 222720]
R3 NETw4v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw4v64.sys [2007-9-26 3196416]
R3 O2MDRDR;O2MDRDR;C:\Windows\System32\drivers\o2mdx6 4.sys [2008-1-15 58328]
R3 O2SDRDR;O2SDRDR;C:\Windows\System32\drivers\o2sdx6 4.sys [2008-1-8 51544]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;C:\Windows\System32\drivers\PTDUBus.sys [2010-3-10 70672]
R3 PTDUMdm;PANTECH UM175 Drivers;C:\Windows\System32\drivers\PTDUMdm.sys [2010-3-10 173456]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;C:\Windows\System32\drivers\PTDUVsp.sys [2010-3-10 173456]
R3 PTDUWFLT;PTDUWWAN Filter Driver;C:\Windows\System32\drivers\PTDUWFLT.sys [2010-3-10 12688]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;C:\Windows\System32\drivers\PTDUWWAN.sys [2010-3-10 141840]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2007-4-9 9728]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2007-12-28 391680]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-1-5 9968]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-1-5 74480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 HpGmb001;USB Mobile Packet Filter Driver;C:\Windows\System32\drivers\HpGmb001.sys [2010-4-11 14336]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 PSSDK42;PSSDK42;C:\Windows\System32\drivers\pssdk4 2.sys [2010-2-7 53312]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-1-5 7408]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-1-30 366840]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-1-30 1150936]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64. SYS [2009-5-25 43032]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0. 30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework6 4\v2.0.50727\mscorsvw.exe [2009-7-23 89920]
S4 KR10I64;KR10I64;C:\Windows\System32\drivers\KR10I6 4.sys [2008-2-20 248320]
S4 KR10N64;KR10N64;C:\Windows\System32\drivers\KR10N6 4.sys [2008-2-20 237568]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2011-02-17 01:50:21 -------- d-----w- C:\Users\Devorah\AppData\Roaming\ProgSense
2011-02-17 01:50:17 -------- d-----w- C:\Users\Devorah\AppData\Roaming\GrabPro
2011-02-17 01:50:17 -------- d-----w- C:\downloads
2011-02-09 12:49:33 2048 ----a-w- C:\Windows\SysWow64\winrsmgr.dll
2011-02-09 12:49:33 2048 ----a-w- C:\Windows\System32\winrsmgr.dll
2011-02-09 12:49:30 13312 ----a-w- C:\Windows\System32\wsmplpxy.dll
2011-02-09 12:49:30 13312 ----a-w- C:\Windows\System32\winrssrv.dll
2011-02-09 12:49:20 10240 ----a-w- C:\Windows\SysWow64\wsmplpxy.dll
2011-02-09 12:49:19 10240 ----a-w- C:\Windows\SysWow64\winrssrv.dll
2011-02-09 12:08:59 625152 ----a-w- C:\Windows\System32\dxgi.dll
2011-02-08 18:40:47 -------- d-----w- C:\Users\Devorah\AppData\Roaming\SanDisk
2011-02-07 22:09:53 -------- d-----w- C:\Program Files (x86)\ESET
2011-02-07 18:46:57 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-07 18:46:57 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-07 17

05 -------- d-----w- C:\Users\Devorah\AppData\Local\temp
2011-02-07 17:12:21 -------- d-----w- C:\$RECYCLE.BIN
2011-02-07 17:08:29 1515496 ----a-w- C:\Windows\SysWow64\drivers\ntfs.sys

==================== Find3M ====================

2011-01-21 18:30:06 311296 ----a-w- C:\Windows\SysWow64\EMRegSys.dll
2011-01-20 16:46:10 900480 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-20 16:17:15 366592 ----a-w- C:\Windows\System32\winspool.drv
2011-01-20 16:16:53 287232 ----a-w- C:\Windows\System32\d3d10core.dll
2011-01-20 16:16:52 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-01-20 16:16:52 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-01-20 16:16:52 1268224 ----a-w- C:\Windows\System32\d3d10.dll
2011-01-20 16:16:47 748544 ----a-w- C:\Windows\System32\stobject.dll
2011-01-20 16:16:40 47104 ----a-w- C:\Windows\System32\cdd.dll
2011-01-20 16:16:10 3548672 ----a-w- C:\Windows\System32\mf.dll
2011-01-20 16:16:08 35840 ----a-w- C:\Windows\System32\printfilterpipelineprxy.dll
2011-01-20 16:14:49 278528 ----a-w- C:\Windows\System32\mfplat.dll
2011-01-20 16:14:49 195072 ----a-w- C:\Windows\System32\mfps.dll
2011-01-20 16:08:16 478720 ----a-w- C:\Windows\SysWow64\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- C:\Windows\SysWow64\d3d10.dll
2011-01-20 16:07:42 258048 ----a-w- C:\Windows\SysWow64\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- C:\Windows\SysWow64\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- C:\Windows\SysWow64\mf.dll
2011-01-20 16:04:54 98816 ----a-w- C:\Windows\SysWow64\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- C:\Windows\SysWow64\mfplat.dll
2011-01-20 15:01:50 3068416 ----a-w- C:\Windows\System32\xpsservices.dll
2011-01-20 15:01:09 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-20 14:59:59 1032192 ----a-w- C:\Windows\System32\printfilterpipelinesvc.exe
2011-01-20 14:58:38 1461760 ----a-w- C:\Windows\System32\OpcServices.dll
2011-01-20 14:57:44 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-01-20 14:57:28 231936 ----a-w- C:\Windows\System32\XpsRasterService.dll
2011-01-20 14:42:00 1257984 ----a-w- C:\Windows\System32\MFH264Dec.dll
2011-01-20 14:41:29 428544 ----a-w- C:\Windows\System32\MFHEAACdec.dll
2011-01-20 14:40:17 345088 ----a-w- C:\Windows\System32\mfreadwrite.dll
2011-01-20 14:40:14 34304 ----a-w- C:\Windows\System32\mfpmp.exe
2011-01-20 14:40:11 377344 ----a-w- C:\Windows\System32\mfmp4src.dll
2011-01-20 14:37:06 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2011-01-20 14:35:30 566272 ----a-w- C:\Windows\System32\d3d10level9.dll
2011-01-20 14:28:38 1554432 ----a-w- C:\Windows\SysWow64\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-20 14:25:25 847360 ----a-w- C:\Windows\SysWow64\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- C:\Windows\SysWow64\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- C:\Windows\SysWow64\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2011-01-20 14:06:15 834048 ----a-w- C:\Windows\System32\d2d1.dll
2011-01-20 14:02:46 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2011-01-20 14:02:44 1147904 ----a-w- C:\Windows\System32\FntCache.dll
2011-01-20 13:47:51 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-01-08 09:03:01 48128 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-08 08:47:50 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-08 06:45:51 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-08 06:28:49 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-12-31 14:16:41 2757632 ----a-w- C:\Windows\System32\win32k.sys
2010-12-28 16:08:18 466944 ----a-w- C:\Windows\System32\odbc32.dll
2010-12-28 15:55:03 413696 ----a-w- C:\Windows\SysWow64\odbc32.dll
2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-18 06:55:17 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-12-18 06:50:55 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:50:36 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-12-18 06:50:16 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-12-18 06:50:16 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-12-18 06:27:04 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-12-18 05:57:45 479232 ----a-w- C:\Windows\System32\html.iec
2010-12-18 05:25:26 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 05:16:59 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-12-18 05:15:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 04:48:39 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-12-14 16:15:49 1251840 ----a-w- C:\Windows\System32\sdclt.exe
2010-12-11 00:29:30 64864 ----a-w- C:\Windows\SysWow64\sqlctr90.dll
2010-12-11 00:29:30 2248032 ----a-w- C:\Windows\SysWow64\sqlncli.dll
2010-12-10 23:34:52 2882400 ----a-w- C:\Windows\System32\sqlncli.dll

============= FINISH: 9

25.95 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/27/2008 11

29 PM
System Uptime: 3/2/2011 7:13:26 AM (2 hours ago)

Motherboard: TOSHIBA | | Satellite P305
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | U2E1 | 2000/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 185 GiB total, 98.006 GiB free.
D: is FIXED (NTFS) - 186 GiB total, 186.272 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP941: 2/26/2011 7:07:09 AM - Scheduled Checkpoint
RP942: 2/27/2011 7:01:56 AM - Scheduled Checkpoint
RP943: 2/28/2011 5:38:54 AM - Scheduled Checkpoint
RP944: 3/1/2011 5:34:14 AM - Scheduled Checkpoint
RP945: 3/1/2011 1:58:12 PM - Windows Update

==== Installed Programs ======================

Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Advanced SystemCare 3
Ahnenblatt 2.61
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Amazon MP3 Downloader 1.0.10
Aneesoft 3D Flash Gallery GOTD
Apple Application Support
Apple Software Update
Artensoft Photo Mosaic Wizard
Ashampoo Burning Studio 2010 Advanced
Ashampoo Photo Commander 7.60
Avira AntiVir Personal - Free Antivirus
AWicons Pro
bookTome
BufferChm
BurnPro Version 5.1.1
Calme 2010.0
Camera Assistant Software for Toshiba
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
CCleaner
CD/DVD Drive Acoustic Silencer
Chromagic 1.0
CodedColor PhotoStudio 2010, 6.1.2
CollageIt 1.1.5
ColorPic
Compatibility Pack for the 2007 Office system
Copy
Corner-A ArtStudio
Cover Commander 3.1.3 by Insofta Development
CustomerResearchQFolder
CyberLink PowerCinema for TOSHIBA
D3DX10
Destinations
Device Doctor 1.0.0.1
DeviceManagementQFolder
DigitImg
DocProc
DocProcQFolder
DVD MovieFactory for TOSHIBA
DVDFab 8.0.7.2 (26/01/2011)
EarthSoft Audio Jukebox 1.0.0
Easy Flyer Creator 2.0
Easy Photo Sorter version 2.6
Easy Thumbnails (Remove only)
Efficient Diary 1.75
ESET Online Scanner v3
eSupportQFolder
ExeIcon.com 3D Box Maker (remove only)
Express Burn
Express Rip
Expression Extras SEO Tools for Expression Web 3
Expression Extras SEO Tools for xWeb 2
Fax
FileZilla Client 3.3.2.1
Flash Slideshow Maker Pro 5.00
Flexible Album Studio v0.96 beta 1
FM Tuner Utility
GIMP 2.6.8
Good Keywords v3 042209
Google Chrome
GPL Ghostscript 8.70
Greeting Card Builder Full
Hijackthis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Memories Disc
HP Photosmart Essential
HP Software Update
HP Update
HP Wireless Comfort Mobile Mouse
HPProductAssistant
HPSSupply
Inpaint 3.0
InstantMask 1.4
IObitCom Toolbar
iSEEK AnswerWorks English Runtime
iVocalize Web Conference 4
Java Auto Updater
Java(TM) 6 Update 23
Junk Mail filter update
Karen's Directory Printer
Malwarebytes' Anti-Malware
MarketResearch
McGill English Dictionary of Rhyme & Verse Perfect 2.0
mediAvatar YouTube Video Converter
Microsoft Application Error Reporting
Microsoft Expression Web 2
Microsoft Expression Web 2 MUI (English)
Microsoft Expression Web 3
Microsoft Expression Web 3 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access 2003 Runtime
Microsoft Office Accounting 2009
Microsoft Office Accounting 2009 Equifax Addin
Microsoft Office Accounting 2009 Fixed Asset Manager
Microsoft Office Accounting 2009 PayPal Addin
Microsoft Office Accounting 2009 Tax Integration Add-in
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft XML Parser
Mobile Broadband Manager
Mozilla Firefox (3.0.8)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyHeritage Family Tree Builder
Napster
Napster Burn Engine
Ncesoft Flip Book Maker 2.3.1
NCH Toolbox
NetWaiting
Notepad++
Nuclear Coffee - DiscRipper
One-click CD/DVD Copy
OpenOffice.org 3.1
Panda ActiveScan 2.0
Photosmart 140,240,7200,7600,7700,7900 Series
PhotoWipe 1.0
Picture Collage Maker Pro 2.2.8
Picture Collage Maker Pro Full
PictureFrame Wizard v1.0
PitchPerfect Musical Instrument Tuner
Pixpedia Publisher 3.0.8
Prism Video Converter
Process Lasso
PSShortcuts
PSUsage
QuickBooks Financial Center
QuickTime
Qumana
RAD Video Tools
RealPlayer
Revo Uninstaller 1.91
RocketDock 1.3.5
Safari
Sansa Updater
Scan
Scribus 1.3.6svn
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Serif PagePlus SE 1.0
SimplyGoodPictures
Site Content Analyzer 3.2
SiteSpinner Pro V2
Skins
SolutionCenter
Sothink DHTML Menu 9
Spawn for Expression Web 3
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Spyware Doctor 8.0
SpywareBlaster 4.3
SRWare Iron 2.0.178.0
Status
SUPERAntiSpyware Free Edition
Synovel Spicebird (0.7.1)
taskTome
Toolbox
Toshiba Assist
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Games
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrayApp
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmoiper
TurboTax 2009 wrapper
UnloadSupport
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Expression Web 2 (KB957827)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Vectorian Giotto 2.3.1
VideoPad Video Editor
Visual C++ 8.0 Runtime Setup Package (x64)
VZAccess Manager
WavePad Sound Editor
Web Album Generator 1.8.2
Web Site Publisher 2.1.1
WebDwarf V2
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Wondershare DemoCreator (Build 3.0.6)
Wondershare Flash Gallery Factory Standard 4.8.0.1

==== Event Viewer Messages From Past Week ========

3/2/2011 7:15:26 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep SASDIFSV SASKUTIL
3/2/2011 7:13:50 AM, Error: volmgr [46] - Crash dump initialization failed!
3/2/2011 7:13:48 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
3/2/2011 7:13:48 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/25/2011 9:54:04 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

==== End Of File ===========================

**broni** · 02-03-2011

Looks good, so far

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**Dev** · 03-03-2011

ComboFix 11-03-02.01 - Devorah 03/02/2011 19:00:04.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2312 [GMT -6:00]
Running from: c:\users\Devorah\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Devorah\AppData\Local\temp\ppcrlui_1232_2

.
((((((((((((((((((((((((( Files Created from 2011-02-03 to 2011-03-03 )))))))))))))))))))))))))))))))
.

2011-03-03 01:10 . 2011-03-03 01:13 -------- d-----w- c:\users\Devorah\AppData\Local\temp
2011-03-03 01:10 . 2011-03-03 01:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-03 00:57 . 2011-03-03 00:57 -------- d-----w- C:\32788R22FWJFW
2011-02-17 01:50 . 2011-02-17 01:50 -------- d-----w- c:\users\Devorah\AppData\Roaming\ProgSense
2011-02-17 01:50 . 2011-02-17 01:50 -------- d-----w- c:\users\Devorah\AppData\Roaming\GrabPro
2011-02-17 01:50 . 2011-02-17 01:50 -------- d-----w- C:\downloads
2011-02-17 01:50 . 2011-02-17 01:54 -------- d-----w- c:\users\Devorah\AppData\Roaming\Orbit
2011-02-09 12:49 . 2009-10-09 21:56 2048 ----a-w- c:\windows\SysWow64\winrsmgr.dll
2011-02-09 12:49 . 2009-10-09 21:35 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-09 12:49 . 2009-10-09 21:35 13312 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-09 12:49 . 2009-10-09 21:34 13312 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-09 12:49 . 2009-10-09 21:56 10240 ----a-w- c:\windows\SysWow64\wsmplpxy.dll
2011-02-09 12:49 . 2009-10-09 21:56 10240 ----a-w- c:\windows\SysWow64\winrssrv.dll
2011-02-09 12:08 . 2011-01-20 16:17 625152 ----a-w- c:\windows\system32\dxgi.dll
2011-02-08 18:40 . 2011-02-08 18:40 -------- d-----w- c:\users\Devorah\AppData\Roaming\SanDisk
2011-02-08 01:54 . 2011-02-08 01:54 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-02-07 22:09 . 2011-02-07 22:09 -------- d-----w- c:\program files (x86)\ESET
2011-02-07 18:46 . 2010-11-13 00:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-07 18:46 . 2010-11-13 00:53 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-07 17:08 . 2009-04-11 07:15 1515496 ----a-w- c:\windows\SysWow64\drivers\ntfs.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-01-21 18:30 . 2011-01-21 18:30 311296 ----a-w- c:\windows\SysWow64\EMRegSys.dll
2010-12-28 16:08 . 2011-01-12 13:07 466944 ----a-w- c:\windows\system32\odbc32.dll
2010-12-28 15:55 . 2011-01-12 13:07 413696 ----a-w- c:\windows\SysWow64\odbc32.dll
2010-12-22 22:18 . 2010-12-22 22:18 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2010-12-21 00:09 . 2010-01-13 11:20 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2010-01-13 11:20 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 16:15 . 2011-01-12 13:07 1251840 ----a-w- c:\windows\system32\sdclt.exe
2010-12-11 00:29 . 2010-12-11 00:29 64864 ----a-w- c:\windows\SysWow64\sqlctr90.dll
2010-12-11 00:29 . 2010-12-11 00:29 2248032 ----a-w- c:\windows\SysWow64\sqlncli.dll
2010-12-10 23:34 . 2010-12-10 23:34 2882400 ----a-w- c:\windows\system32\sqlncli.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files (x86)\IObitCom\tbIObi.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2009-10-01 23:29 2166296 ----a-w- c:\program files (x86)\IObitCom\tbIObi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SansaDispatch"="c:\users\Devorah\AppData\Roaming\ SanDisk\Sansa Updater\SansaDispatch.exe" [2011-02-08 79872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-06 281768]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\ windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 HpGmb001;USB Mobile Packet Filter Driver;c:\windows\system32\DRIVERS\HpGmb001.SYS [2009-05-26 14336]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk4 2.sys [2010-02-07 53312]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64. SYS [2009-05-25 43032]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0. 30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 KR10I64;KR10I64;c:\windows\system32\drivers\kr10i6 4.sys [2006-11-09 248320]
R4 KR10N64;KR10N64;c:\windows\system32\drivers\kr10n6 4.sys [2006-11-09 237568]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t64.sys [2008-06-19 33792]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-11-25 257232]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2010-06-29 452872]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sy s [2010-07-16 816016]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2008-01-21 531968]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-06 135336]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2009-02-17 20376]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 175104]
S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART64.sys [2008-02-01 222720]
S3 NETw4v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw4v64.sys [2007-09-26 3196416]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx6 4.sys [2008-01-15 58328]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx6 4.sys [2008-01-09 51544]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [2009-08-12 70672]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys [2009-08-12 173456]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys [2009-08-12 173456]
S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDUWFLT.sys [2009-08-12 12688]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [2009-08-12 141840]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-10 9728]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [2007-12-28 391680]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-03-03 c:\windows\Tasks\AWC Startup.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2009-07-04 22:19]

2011-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4275440598-3698797053-1848500140-1000Core.job
- c:\users\Devorah\AppData\Local\Google\Update\Googl eUpdate.exe [2008-12-04 01:51]

2011-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4275440598-3698797053-1848500140-1000UA.job
- c:\users\Devorah\AppData\Local\Google\Update\Googl eUpdate.exe [2008-12-04 01:51]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-30 1216808]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.toshibadirect.com/dpdstart
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with mediAvatar YouTube Video Converter - c:\program files (x86)\mediAvatar\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Devorah\AppData\Roaming\Mozilla\Firefox\P rofiles\1nrbjd4v.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Hebrew Calendar: {C4A22BA1-6D61-45F1-82A9-140FD33F1110} - %profile%\extensions\{C4A22BA1-6D61-45F1-82A9-140FD33F1110}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Expression Web Toolbar: {29956a1f-dda2-4319-a8cc-30966adea17a} - %profile%\extensions\{29956a1f-dda2-4319-a8cc-30966adea17a}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.co m
FF - Ext: Omnibar: omnibar@ajitk.com - %profile%\extensions\omnibar@ajitk.com
FF - Ext: SEO Doctor: seodoctor@prelovac.com - %profile%\extensions\seodoctor@prelovac.com
FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF - Ext: Html Validator: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} - %profile%\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
FF - Ext: YSlow: yslow@yahoo-inc.com - %profile%\extensions\yslow@yahoo-inc.com
FF - Ext: WCAG Contrast checker: colorchecker@colorcheckerniquelao.net - %profile%\extensions\colorchecker@colorcheckerniqu elao.net
FF - Ext: View Source Chart: {68836a21-fc7d-4ea1-a065-7efabd99d414} - %profile%\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{31C7D459-9CC3-44F2-9DCA-FC11795309B4} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
************************************************** ************************
.
Completion time: 2011-03-02 19:20:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-03 01:20

Pre-Run: 102,763,765,760 bytes free
Post-Run: 102,708,432,896 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 757C0C8B8A4418C106E8C6885395E3B6

**broni** · 03-03-2011

Looks clean.

Any current issues?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

**Dev** · 03-03-2011

I've been trying to paste and submit the OTL.Txt and Extras.Txt but I keep getting an error each time I try to submit my reply whether I paste the logs in separate replies or together in the same reply. Should I attach the logs instead?

After I click "submit reply" it takes a few minutes and then goes to a blank page with the below error:

Fatal error: Maximum execution time of 30 seconds exceeded in /home/7068/daldafor/www.d-a-l.com/public_html/help/includes/functions.php on line 1926

**broni** · 03-03-2011

Please attach those logs.

**Dev** · 03-03-2011

It won't let me attach the OTL.Txt file, saying it is too large but it let me attach the Extras.Txt.

What should I do in order for you to see the OTL.Txt log? I tried pasting again and it still gives the same error.

Possible Infection

Possible Infection

Similar Threads

[Inactive] infection.exe

An Infection That Doesn't Want to Go Away

Please help with Bagle infection!

Spyware Infection

Possible coolwebsearch infection