Broadband Tech > Security > Security Cleanup > [Virus] Google Redirect Virus (and who knows what else!)

[Virus] Google Redirect Virus (and who knows what else!)

Hi, mathaggie98

Thanks for the MBAM log.. there are still a few more we'll need to see.

»Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance

Our FAQ will tell you what programs we need and how to attempt to get them to run .

It will also show what logs need to be attached to your post - as well as where to locate them

If you could also download and run TDSS Killer (#4), posting the log in your next reply

We'll need the entire log, even if you 'think/see' nothing detected..

»Security Cleanup FAQ »Rootkit Detection Applications

Copy/paste the following into your post (in order):

the contents of OTL.txt (Step 3)
the contents of Extras.txt (Step 3)
the contents of checkup.txt (Step 4)
the contents of the Online AntiVirus Scan log(Step 5)
the log from TDSS Killer

Post back when you're able to so we can get it reviewed for you

reply to mathaggie98
The complete original post exceeded the character limit, but I had to break it up. Here it is...thanks!

~~~~~~~~~~~~~~~~~~~~~~~
the contents of OTL.txt (Step 3)
~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 10/18/2011 12:27:52 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\user\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 67.40% Memory free
5.74 Gb Paging File | 4.70 Gb Available in Paging File | 81.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.42 Gb Total Space | 100.23 Gb Free Space | 44.86% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011/10/18 00:24:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL2.exe
PRC - [2011/09/21 19:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/04/12 17:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/11 15:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/08/17 12:48:46 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/08/17 12:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/08/11 18:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/08/11 18:09:38 | 001,324,384 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe
PRC - [2009/08/11 13:37:50 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/08/10 21:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/06 19:05:18 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2009/08/06 19:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2009/08/05 16:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/05 16:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/05 16:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/08/03 20:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/03 20:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/28 22:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 17:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 16:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 17:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011/10/13 20:50:00 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\cabd75d4716ede2fed948cbff94dcc38\System.ServiceProcess.ni.dll
MOD - [2011/10/13 20:49:56 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/13 20:49:00 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/13 20:48:51 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/13 20:48:43 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/13 20:48:22 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/13 20:47:53 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/04/12 17:46:46 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/04/12 17:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/03/20 14:23:54 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/10/27 17:52:54 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009/08/03 20:17:24 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2009/07/29 17:35:38 | 000,014,648 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2009/07/25 13:07:12 | 000,058,704 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2009/07/16 17:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009/07/16 17:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009/06/22 17:38:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2009/03/12 21:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011/09/21 19:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/10 09:08:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/03 20:12:23 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/08/17 12:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/11 18:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/08/10 21:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/06 19:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/08/05 16:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/03 20:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/28 17:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011/10/11 10:53:58 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys -- (ccHP)
DRV - [2011/09/21 19:35:58 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/05/26 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/10 03:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100528.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/10 03:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100528.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/04/29 09:36:32 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/01/20 16:18:24 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/10/28 17:37:24 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100520.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009/10/27 18:20:41 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\windows\system32\drivers\NIS\1008030.006\SYMEFA.SYS -- (SymEFA)
DRV - [2009/10/27 18:20:41 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS -- (SRTSP)
DRV - [2009/10/27 18:20:41 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/10/27 18:20:41 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/08/28 00:19:22 | 000,859,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/07/30 19:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/24 17:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/14 17:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 17:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/07 10:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/22 19:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/19 21:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.google.com/ig/redirectdomain···mod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.google.com/ig/redirectdomain···mod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.google.com/ig/redirectdomain···mod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »my.netzero.net/start/sp.do
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F6 54 5B EF 0E 30 C6 41 9E 36 66 09 4B 73 82 A5 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\user\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/12 15:38:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\user\AppData\Roaming\Move Networks [2010/04/26 23:20:46 | 000,000,000 | ---D | M]

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [AppleManagerPolicy] rundll32.exe "C:\ProgramData\AppleManagerPolicy.dll",DllRegisterServer File not found
O4 - HKCU..\Run: [MyTOSHIBA] C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
O4 - HKCU..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB03977E-1849-47E3-A11F-DD6AF00DD0EF}: DhcpNameServer = 68.238.96.12 68.238.112.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B297B4D0-0C03-405B-A34C-C2C0AA809EBA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/10/18 00:24:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL2.exe
[2011/10/17 21:41:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2011/10/17 21:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/17 21:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/17 21:41:29 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/10/17 21:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/17 21:40:38 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/17 21:29:44 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\tfc.exe
[2011/10/12 13:11:22 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\psisdecd.dll
[2011/10/12 13:11:22 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\psisrndr.ax
[2011/10/12 13:11:21 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSNP.ax
[2011/10/12 13:11:21 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mpeg2Data.ax
[2011/10/12 13:11:21 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSDvbNP.ax
[2011/10/12 13:11:17 | 002,332,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2011/10/12 13:11:02 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2011/10/12 13:11:02 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/10/12 13:11:02 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/10/12 13:11:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/10/12 13:11:01 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/10/12 13:11:01 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2011/10/12 13:11:01 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/10/12 13:11:01 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/10/12 13:11:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/10/12 13:11:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/10/12 13:11:00 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/10/12 13:11:00 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/10/06 14:24:00 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\tanners halloween birthday 9_PWfiles
[2011/10/05 15:13:18 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\coyotecaringletter_PWfiles
[2011/10/01 01:17:06 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/09/19 12:12:51 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\library card #

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/10/18 00:28:00 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/18 00:24:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL2.exe
[2011/10/18 00:23:43 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/18 00:23:43 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/18 00:21:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3314184215-1613707229-9821939-1001UA.job
[2011/10/18 00:16:10 | 000,000,878 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/18 00:15:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/18 00:15:50 | 2312,097,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/17 21:41:00 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/17 21:29:45 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\tfc.exe
[2011/10/17 15:21:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3314184215-1613707229-9821939-1001Core.job
[2011/10/14 14:42:14 | 001,453,394 | ---- | M] () -- C:\windows\System32\drivers\NIS\1008030.006\Cat.DB
[2011/10/13 20:45:43 | 000,404,384 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/10/13 11:05:58 | 000,000,127 | ---- | M] () -- C:\windows\System32\MRT.INI
[2011/10/13 11:01:25 | 000,632,946 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/10/13 11:01:25 | 000,110,548 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/10/12 15:36:35 | 000,002,425 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/10/11 10:53:58 | 000,467,592 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1008030.006\cchpx86.sys
[2011/10/11 10:53:57 | 000,000,172 | ---- | M] () -- C:\windows\System32\drivers\NIS\1008030.006\isolate.ini
[2011/10/05 15:01:45 | 000,001,827 | ---- | M] () -- C:\Users\user\Documents\coyotecharactercaring - Shortcut.lnk
[2011/10/05 15:01:45 | 000,001,827 | ---- | M] () -- C:\Users\user\Desktop\coyotecharactercaring - Shortcut.lnk
[2011/10/01 01:17:06 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/09/30 21:59:14 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/09/21 19:35:58 | 000,217,464 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1008030.006\symtdi.sys
[2011/09/21 19:35:58 | 000,089,976 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1008030.006\symfw.sys
[2011/09/21 19:35:58 | 000,048,760 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1008030.006\symndisv.sys
[2011/09/21 19:35:58 | 000,036,472 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1008030.006\symndis.sys
[2011/09/21 19:35:58 | 000,033,144 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1008030.006\symids.sys
[2011/09/21 19:35:49 | 000,001,752 | ---- | M] () -- C:\windows\System32\drivers\NIS\1008030.006\ccHPx86.inf
[2011/09/21 19:35:49 | 000,001,560 | ---- | M] () -- C:\windows\System32\drivers\NIS\1008030.006\SymNet.inf
[2011/09/21 19:35:43 | 000,007,450 | ---- | M] () -- C:\windows\System32\drivers\NIS\1008030.006\ccHPx86.cat

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/10/13 11:05:58 | 000,000,127 | ---- | C] () -- C:\windows\System32\MRT.INI
[2011/10/05 15:02:33 | 000,001,827 | ---- | C] () -- C:\Users\user\Documents\coyotecharactercaring - Shortcut.lnk
[2011/10/05 15:01:14 | 000,001,827 | ---- | C] () -- C:\Users\user\Desktop\coyotecharactercaring - Shortcut.lnk
[2011/02/06 14:12:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/07 10:58:54 | 000,000,069 | ---- | C] () -- C:\windows\cglp.ini
[2010/02/04 14:51:50 | 000,000,064 | ---- | C] () -- C:\windows\PrintWorkShop2004LE.ini
[2010/01/08 00:54:03 | 000,000,128 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2010/01/02 12:02:00 | 000,001,056 | ---- | C] () -- C:\windows\KASYS_S.DAT
[2009/12/16 19:02:21 | 000,000,279 | ---- | C] () -- C:\windows\KA.INI
[2009/11/17 22:53:07 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2009/10/27 18:34:10 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/10/27 18:13:17 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2009/10/27 18:13:17 | 000,000,176 | ---- | C] () -- C:\windows\System32\drivers\RTHDAEQ0.dat
[2009/10/27 18:12:31 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/09/03 19:57:33 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/09/03 19:57:33 | 000,000,000 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/08/27 09:57:38 | 000,982,220 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/08/27 09:57:38 | 000,439,300 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/08/27 09:57:38 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/08/27 09:57:38 | 000,092,216 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 23:33:53 | 000,404,384 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,632,946 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,110,548 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

[color=#E56717]========== LOP Check ==========[/color]

[2010/01/21 21:30:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon
[2010/03/20 14:26:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2010/01/08 00:54:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template
[2010/06/12 19:43:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TOSHIBA
[2009/11/17 22:52:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WinBatch
[2010/12/07 17:04:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer
[2011/04/27 07:07:53 | 000,032,572 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

~~~~~~~~~~~~~~~~~~~~~~~
the contents of Extras.txt (Step 3)
~~~~~~~~~~~~~~~~~~~~~~~

OTL Extras logfile created on: 10/18/2011 12:27:52 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\user\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 67.40% Memory free
5.74 Gb Paging File | 4.70 Gb Available in Paging File | 81.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.42 Gb Total Space | 100.23 Gb Free Space | 44.86% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BFDA0F4-BE7A-42f9-9EB2-2488C877AF33}" = eMedia My Violin
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{60C3EE8A-5E27-4CBA-8BA6-C27E6E3C5087}" = ClickArt 250,000
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{952682F8-F40D-11D7-AD8E-0050DA87D0EB}" = Print Workshop 2004 LE
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B3B4E8E4-E2A4-11D6-8D31-00105A629F49}" = My Guitar
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{E24A0015-C73F-4B57-B8DF-5EB84D2E9685}" = Adobe Flash Player 10 ActiveX
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CGlpV10" = Curious George Learns Phonics
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KG_2.4b" = JumpStart Kindergarten v2.4b
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MyCamera" = Canon Utilities MyCamera
"NIS" = Norton Internet Security
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 10/18/2011 1:10:47 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/18/2011 1:10:47 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5085

Error - 10/18/2011 1:10:47 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5085

Error - 10/18/2011 1:10:48 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/18/2011 1:10:48 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6099

Error - 10/18/2011 1:10:48 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6099

Error - 10/18/2011 1:10:50 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/18/2011 1:10:50 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7207

Error - 10/18/2011 1:10:50 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7207

Error - 10/18/2011 1:27:31 AM | Computer Name = user-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.31.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1540 Start Time:
01cc8d5654935150 Termination Time: 16 Application Path: C:\Users\user\Desktop\OTL.exe

Report
Id: c84a99ea-f949-11e0-b901-001e33ff49a0

[ Media Center Events ]
Error - 5/11/2011 12:04:02 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 11:03:53 AM - Error connecting to the internet. 11:03:53 AM - Unable
to contact server..

[ OSession Events ]
Error - 6/21/2010 10:19:15 PM | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 54
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/1/2010 1:08:23 AM | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 1224
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/27/2010 5:22:27 PM | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 200555
seconds with 240 seconds of active time. This session ended with a crash.

Error - 12/2/2010 3:48:06 AM | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 43
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/2/2010 3:54:31 AM | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 44
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/2/2010 3:57:48 AM | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 175
seconds with 60 seconds of active time. This session ended with a crash.

Error - 3/25/2011 1:49:27 PM | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 111
seconds with 60 seconds of active time. This session ended with a crash.

Error - 9/9/2011 1:41:02 AM | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 146
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/30/2011 12:18:41 AM | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 55
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/30/2011 12:20:53 AM | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 93
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/30/2010 11:27:07 PM | Computer Name = user-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 12/3/2010 12:08:46 AM | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

Error - 12/4/2010 6:07:16 PM | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

Error - 12/6/2010 3:41:24 PM | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

Error - 12/10/2010 11:49:48 PM | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

Error - 12/11/2010 4:07:05 PM | Computer Name = user-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:50:25 PM on ?12/?11/?2010 was unexpected.

Error - 12/11/2010 4:30:52 PM | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

Error - 12/14/2010 11:50:06 PM | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

Error - 12/16/2010 10:58:21 PM | Computer Name = user-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:31:16 PM on ?12/?16/?2010 was unexpected.

Error - 12/17/2010 9:49:48 AM | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

~~~~~~~~~~~~~~~~~~~~~~~
the contents of checkup.txt (Step 4)
~~~~~~~~~~~~~~~~~~~~~~~

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
Windows Firewall Enabled!
Norton Internet Security
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
Malwarebytes' Anti-Malware
Java(TM) 6 Update 18
[color=red]Out of date Java installed![/color]
Adobe Flash Player
Adobe Reader 9.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

~~~~~~~~~~~~~~~~~~~~~~~
the contents of the Online AntiVirus Scan log(Step 5)
~~~~~~~~~~~~~~~~~~~~~~~

C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Default\pbcnmgkecgjnagnpmgggnilcdbcihked\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Windows\System32\f3PSSavr.scr Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Windows\System32\sysprep\cryptbase.dll a variant of Win32/Kryptik.TXQ trojan cleaned by deleting - quarantined

reply to mathaggie98
Download and run TDSS Killer, posting the log in this thread. Please post the log, even if nothing is detected.

You'll find the link(s) and instruction(s) here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

reply to mathaggie98
No threats were found:

22:17:19.0533 1064 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
22:17:21.0561 1064 ============================================================
22:17:21.0561 1064 Current date / time: 2011/10/19 22:17:21.0561
22:17:21.0561 1064 SystemInfo:
22:17:21.0561 1064
22:17:21.0561 1064 OS Version: 6.1.7600 ServicePack: 0.0
22:17:21.0561 1064 Product type: Workstation
22:17:21.0561 1064 ComputerName: USER-PC
22:17:21.0561 1064 UserName: user
22:17:21.0561 1064 Windows directory: C:\windows
22:17:21.0561 1064 System windows directory: C:\windows
22:17:21.0561 1064 Processor architecture: Intel x86
22:17:21.0561 1064 Number of processors: 2
22:17:21.0561 1064 Page size: 0x1000
22:17:21.0561 1064 Boot type: Normal boot
22:17:21.0561 1064 ============================================================
22:17:22.0076 1064 Initialize success
22:17:25.0414 2708 ============================================================
22:17:25.0414 2708 Scan started
22:17:25.0414 2708 Mode: Manual;
22:17:25.0414 2708 ============================================================
22:17:28.0347 2708 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
22:17:28.0363 2708 1394ohci - ok
22:17:28.0378 2708 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
22:17:28.0378 2708 ACPI - ok
22:17:28.0519 2708 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
22:17:28.0519 2708 AcpiPmi - ok
22:17:28.0690 2708 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
22:17:28.0690 2708 adp94xx - ok
22:17:28.0815 2708 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
22:17:28.0831 2708 adpahci - ok
22:17:28.0877 2708 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
22:17:28.0877 2708 adpu320 - ok
22:17:29.0033 2708 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
22:17:29.0033 2708 AFD - ok
22:17:29.0127 2708 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
22:17:29.0143 2708 AgereSoftModem - ok
22:17:29.0236 2708 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
22:17:29.0252 2708 agp440 - ok
22:17:29.0283 2708 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
22:17:29.0283 2708 aic78xx - ok
22:17:29.0423 2708 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
22:17:29.0423 2708 aliide - ok
22:17:29.0439 2708 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
22:17:29.0439 2708 amdagp - ok
22:17:29.0501 2708 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
22:17:29.0501 2708 amdide - ok
22:17:29.0611 2708 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
22:17:29.0626 2708 AmdK8 - ok
22:17:29.0657 2708 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
22:17:29.0657 2708 AmdPPM - ok
22:17:29.0751 2708 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
22:17:29.0751 2708 amdsata - ok
22:17:29.0860 2708 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
22:17:29.0860 2708 amdsbs - ok
22:17:29.0923 2708 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
22:17:29.0923 2708 amdxata - ok
22:17:30.0032 2708 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
22:17:30.0032 2708 AppID - ok
22:17:30.0172 2708 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
22:17:30.0172 2708 arc - ok
22:17:30.0188 2708 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
22:17:30.0188 2708 arcsas - ok
22:17:30.0328 2708 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
22:17:30.0328 2708 AsyncMac - ok
22:17:30.0359 2708 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
22:17:30.0359 2708 atapi - ok
22:17:30.0578 2708 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\windows\system32\DRIVERS\atikmdag.sys
22:17:30.0843 2708 atikmdag - ok
22:17:30.0983 2708 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
22:17:30.0983 2708 b06bdrv - ok
22:17:31.0108 2708 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
22:17:31.0108 2708 b57nd60x - ok
22:17:31.0155 2708 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
22:17:31.0155 2708 Beep - ok
22:17:31.0373 2708 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys
22:17:31.0389 2708 BHDrvx86 - ok
22:17:31.0405 2708 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
22:17:31.0405 2708 blbdrive - ok
22:17:31.0561 2708 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
22:17:31.0561 2708 bowser - ok
22:17:31.0592 2708 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
22:17:31.0592 2708 BrFiltLo - ok
22:17:31.0592 2708 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
22:17:31.0607 2708 BrFiltUp - ok
22:17:31.0639 2708 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
22:17:31.0639 2708 Brserid - ok
22:17:31.0748 2708 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
22:17:31.0748 2708 BrSerWdm - ok
22:17:31.0748 2708 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
22:17:31.0763 2708 BrUsbMdm - ok
22:17:31.0763 2708 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
22:17:31.0763 2708 BrUsbSer - ok
22:17:31.0779 2708 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
22:17:31.0779 2708 BTHMODEM - ok
22:17:31.0951 2708 ccHP (3182b846490dc4d71fabd4a8cb6b73ea) C:\windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys
22:17:31.0951 2708 ccHP - ok
22:17:32.0060 2708 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
22:17:32.0060 2708 cdfs - ok
22:17:32.0091 2708 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
22:17:32.0107 2708 cdrom - ok
22:17:32.0216 2708 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
22:17:32.0216 2708 circlass - ok
22:17:32.0263 2708 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
22:17:32.0263 2708 CLFS - ok
22:17:32.0387 2708 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
22:17:32.0387 2708 CmBatt - ok
22:17:32.0403 2708 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
22:17:32.0403 2708 cmdide - ok
22:17:32.0434 2708 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
22:17:32.0434 2708 CNG - ok
22:17:32.0465 2708 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
22:17:32.0465 2708 Compbatt - ok
22:17:32.0528 2708 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
22:17:32.0543 2708 CompositeBus - ok
22:17:32.0590 2708 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
22:17:32.0590 2708 crcdisk - ok
22:17:32.0746 2708 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
22:17:32.0746 2708 DfsC - ok
22:17:32.0777 2708 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
22:17:32.0777 2708 discache - ok
22:17:32.0887 2708 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
22:17:32.0887 2708 Disk - ok
22:17:32.0933 2708 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
22:17:32.0949 2708 drmkaud - ok
22:17:33.0011 2708 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
22:17:33.0027 2708 DXGKrnl - ok
22:17:33.0199 2708 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
22:17:33.0277 2708 ebdrv - ok
22:17:33.0417 2708 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:17:33.0417 2708 eeCtrl - ok
22:17:33.0542 2708 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
22:17:33.0557 2708 elxstor - ok
22:17:33.0573 2708 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
22:17:33.0573 2708 ErrDev - ok
22:17:33.0682 2708 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
22:17:33.0698 2708 exfat - ok
22:17:33.0713 2708 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
22:17:33.0729 2708 fastfat - ok
22:17:33.0760 2708 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
22:17:33.0760 2708 fdc - ok
22:17:33.0854 2708 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
22:17:33.0854 2708 FileInfo - ok
22:17:33.0869 2708 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
22:17:33.0869 2708 Filetrace - ok
22:17:33.0901 2708 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
22:17:33.0901 2708 flpydisk - ok
22:17:33.0994 2708 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
22:17:34.0010 2708 FltMgr - ok
22:17:34.0041 2708 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
22:17:34.0041 2708 FsDepends - ok
22:17:34.0057 2708 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
22:17:34.0057 2708 Fs_Rec - ok
22:17:34.0181 2708 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
22:17:34.0197 2708 fvevol - ok
22:17:34.0228 2708 FwLnk (0f76e205bdc60364f08a5949082771ca) C:\windows\system32\DRIVERS\FwLnk.sys
22:17:34.0228 2708 FwLnk - ok
22:17:34.0322 2708 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
22:17:34.0322 2708 gagp30kx - ok
22:17:34.0478 2708 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:17:34.0493 2708 GEARAspiWDM - ok
22:17:34.0649 2708 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
22:17:34.0649 2708 hcw85cir - ok
22:17:34.0681 2708 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
22:17:34.0696 2708 HdAudAddService - ok
22:17:34.0790 2708 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
22:17:34.0790 2708 HDAudBus - ok
22:17:34.0821 2708 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
22:17:34.0821 2708 HidBatt - ok
22:17:34.0837 2708 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
22:17:34.0837 2708 HidBth - ok
22:17:34.0930 2708 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
22:17:34.0946 2708 HidIr - ok
22:17:34.0977 2708 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
22:17:34.0977 2708 HidUsb - ok
22:17:35.0102 2708 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
22:17:35.0102 2708 HpSAMD - ok
22:17:35.0149 2708 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
22:17:35.0149 2708 HTTP - ok
22:17:35.0227 2708 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
22:17:35.0227 2708 hwpolicy - ok
22:17:35.0258 2708 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
22:17:35.0258 2708 i8042prt - ok
22:17:35.0367 2708 iaStor (01446278d4563b3013c92830ae6cbb26) C:\windows\system32\DRIVERS\iaStor.sys
22:17:35.0367 2708 iaStor - ok
22:17:35.0429 2708 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
22:17:35.0429 2708 iaStorV - ok
22:17:35.0648 2708 IDSVix86 (785b0ab77d977445d58b02ea63c11fb2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100520.001\IDSvix86.sys
22:17:35.0648 2708 IDSVix86 - ok
22:17:35.0866 2708 igfx (315aaaa2bc9bc778adc0454b3ca8dcce) C:\windows\system32\DRIVERS\igdkmd32.sys
22:17:35.0991 2708 igfx - ok
22:17:36.0085 2708 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
22:17:36.0085 2708 iirsp - ok
22:17:36.0225 2708 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
22:17:36.0303 2708 IntcAzAudAddService - ok
22:17:36.0397 2708 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
22:17:36.0397 2708 intelide - ok
22:17:36.0428 2708 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
22:17:36.0428 2708 intelppm - ok
22:17:36.0443 2708 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:17:36.0443 2708 IpFilterDriver - ok
22:17:36.0537 2708 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
22:17:36.0537 2708 IPMIDRV - ok
22:17:36.0568 2708 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
22:17:36.0568 2708 IPNAT - ok
22:17:36.0693 2708 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
22:17:36.0693 2708 IRENUM - ok
22:17:36.0709 2708 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
22:17:36.0709 2708 isapnp - ok
22:17:36.0740 2708 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
22:17:36.0740 2708 iScsiPrt - ok
22:17:36.0849 2708 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
22:17:36.0849 2708 kbdclass - ok
22:17:36.0865 2708 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
22:17:36.0865 2708 kbdhid - ok
22:17:36.0896 2708 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
22:17:36.0896 2708 KSecDD - ok
22:17:36.0943 2708 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
22:17:36.0943 2708 KSecPkg - ok
22:17:37.0067 2708 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
22:17:37.0067 2708 lltdio - ok
22:17:37.0114 2708 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
22:17:37.0114 2708 LSI_FC - ok
22:17:37.0130 2708 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
22:17:37.0130 2708 LSI_SAS - ok
22:17:37.0145 2708 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
22:17:37.0161 2708 LSI_SAS2 - ok
22:17:37.0255 2708 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
22:17:37.0255 2708 LSI_SCSI - ok
22:17:37.0286 2708 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
22:17:37.0286 2708 luafv - ok
22:17:37.0426 2708 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\windows\system32\drivers\mbam.sys
22:17:37.0426 2708 MBAMProtector - ok
22:17:37.0520 2708 MBAMSwissArmy - ok
22:17:37.0551 2708 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
22:17:37.0567 2708 megasas - ok
22:17:37.0598 2708 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
22:17:37.0598 2708 MegaSR - ok
22:17:37.0691 2708 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
22:17:37.0691 2708 Modem - ok
22:17:37.0707 2708 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
22:17:37.0707 2708 monitor - ok
22:17:37.0738 2708 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
22:17:37.0738 2708 mouclass - ok
22:17:37.0847 2708 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
22:17:37.0863 2708 mouhid - ok
22:17:37.0894 2708 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
22:17:37.0894 2708 mountmgr - ok
22:17:37.0910 2708 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
22:17:37.0925 2708 mpio - ok
22:17:38.0003 2708 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
22:17:38.0003 2708 mpsdrv - ok
22:17:38.0035 2708 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
22:17:38.0035 2708 MRxDAV - ok
22:17:38.0113 2708 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
22:17:38.0113 2708 mrxsmb - ok
22:17:38.0253 2708 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:17:38.0253 2708 mrxsmb10 - ok
22:17:38.0315 2708 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:17:38.0315 2708 mrxsmb20 - ok
22:17:38.0362 2708 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
22:17:38.0362 2708 msahci - ok
22:17:38.0456 2708 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
22:17:38.0456 2708 msdsm - ok
22:17:38.0518 2708 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
22:17:38.0518 2708 Msfs - ok
22:17:38.0581 2708 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
22:17:38.0596 2708 mshidkmdf - ok
22:17:38.0643 2708 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
22:17:38.0643 2708 msisadrv - ok
22:17:38.0737 2708 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
22:17:38.0737 2708 MSKSSRV - ok
22:17:38.0830 2708 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
22:17:38.0830 2708 MSPCLOCK - ok
22:17:38.0830 2708 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
22:17:38.0830 2708 MSPQM - ok
22:17:38.0861 2708 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
22:17:38.0861 2708 MsRPC - ok
22:17:38.0924 2708 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
22:17:38.0924 2708 mssmbios - ok
22:17:39.0002 2708 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
22:17:39.0002 2708 MSTEE - ok
22:17:39.0033 2708 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
22:17:39.0033 2708 MTConfig - ok
22:17:39.0064 2708 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
22:17:39.0064 2708 Mup - ok
22:17:39.0127 2708 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
22:17:39.0127 2708 NativeWifiP - ok
22:17:39.0251 2708 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100528.002\NAVENG.SYS
22:17:39.0251 2708 NAVENG - ok
22:17:39.0329 2708 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100528.002\NAVEX15.SYS
22:17:39.0345 2708 NAVEX15 - ok
22:17:39.0470 2708 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
22:17:39.0485 2708 NDIS - ok
22:17:39.0595 2708 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
22:17:39.0595 2708 NdisCap - ok
22:17:39.0626 2708 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
22:17:39.0626 2708 NdisTapi - ok
22:17:39.0688 2708 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
22:17:39.0688 2708 Ndisuio - ok
22:17:39.0766 2708 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
22:17:39.0766 2708 NdisWan - ok
22:17:39.0797 2708 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
22:17:39.0797 2708 NDProxy - ok
22:17:39.0813 2708 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
22:17:39.0813 2708 NetBIOS - ok
22:17:39.0891 2708 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
22:17:39.0907 2708 NetBT - ok
22:17:39.0953 2708 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
22:17:39.0953 2708 nfrd960 - ok
22:17:40.0063 2708 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
22:17:40.0063 2708 Npfs - ok
22:17:40.0109 2708 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
22:17:40.0109 2708 nsiproxy - ok
22:17:40.0187 2708 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
22:17:40.0203 2708 Ntfs - ok
22:17:40.0281 2708 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
22:17:40.0297 2708 Null - ok
22:17:40.0375 2708 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
22:17:40.0375 2708 nvraid - ok
22:17:40.0499 2708 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
22:17:40.0499 2708 nvstor - ok
22:17:40.0531 2708 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
22:17:40.0546 2708 nv_agp - ok
22:17:40.0640 2708 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
22:17:40.0655 2708 ohci1394 - ok
22:17:40.0702 2708 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
22:17:40.0702 2708 Parport - ok
22:17:40.0718 2708 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
22:17:40.0718 2708 partmgr - ok
22:17:40.0811 2708 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
22:17:40.0811 2708 Parvdm - ok
22:17:40.0858 2708 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
22:17:40.0858 2708 pci - ok
22:17:40.0874 2708 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
22:17:40.0874 2708 pciide - ok
22:17:40.0921 2708 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
22:17:40.0921 2708 pcmcia - ok
22:17:40.0999 2708 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
22:17:41.0014 2708 pcw - ok
22:17:41.0045 2708 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
22:17:41.0045 2708 PEAUTH - ok
22:17:41.0155 2708 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
22:17:41.0155 2708 PGEffect - ok
22:17:41.0233 2708 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
22:17:41.0233 2708 PptpMiniport - ok
22:17:41.0326 2708 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
22:17:41.0326 2708 Processor - ok
22:17:41.0373 2708 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
22:17:41.0373 2708 Psched - ok
22:17:41.0482 2708 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
22:17:41.0513 2708 ql2300 - ok
22:17:41.0607 2708 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
22:17:41.0607 2708 ql40xx - ok
22:17:41.0638 2708 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
22:17:41.0638 2708 QWAVEdrv - ok
22:17:41.0638 2708 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
22:17:41.0638 2708 RasAcd - ok
22:17:41.0701 2708 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
22:17:41.0701 2708 RasAgileVpn - ok
22:17:41.0779 2708 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
22:17:41.0794 2708 Rasl2tp - ok
22:17:41.0872 2708 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
22:17:41.0872 2708 RasPppoe - ok
22:17:41.0935 2708 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
22:17:41.0935 2708 RasSstp - ok
22:17:41.0966 2708 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
22:17:41.0966 2708 rdbss - ok
22:17:42.0013 2708 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
22:17:42.0013 2708 rdpbus - ok
22:17:42.0075 2708 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
22:17:42.0075 2708 RDPCDD - ok
22:17:42.0153 2708 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
22:17:42.0153 2708 RDPENCDD - ok
22:17:42.0169 2708 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
22:17:42.0169 2708 RDPREFMP - ok
22:17:42.0200 2708 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
22:17:42.0200 2708 RDPWD - ok
22:17:42.0262 2708 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
22:17:42.0262 2708 rdyboost - ok
22:17:42.0371 2708 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\windows\system32\Drivers\RimUsb.sys
22:17:42.0371 2708 RimUsb - ok
22:17:42.0465 2708 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
22:17:42.0465 2708 rspndr - ok
22:17:42.0527 2708 RSUSBSTOR - ok
22:17:42.0590 2708 RTL8167 (6465166dd9b2f841dabad16abdadbe98) C:\windows\system32\DRIVERS\Rt86win7.sys
22:17:42.0590 2708 RTL8167 - ok
22:17:42.0683 2708 rtl8192se (fd0b1d3ce2e7debd0ae8456494d21488) C:\windows\system32\DRIVERS\rtl8192se.sys
22:17:42.0683 2708 rtl8192se - ok
22:17:42.0761 2708 RtsUIR - ok
22:17:42.0839 2708 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
22:17:42.0839 2708 sbp2port - ok
22:17:42.0886 2708 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
22:17:42.0886 2708 scfilter - ok
22:17:42.0995 2708 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
22:17:42.0995 2708 secdrv - ok
22:17:43.0027 2708 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
22:17:43.0027 2708 Serenum - ok
22:17:43.0136 2708 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
22:17:43.0151 2708 Serial - ok
22:17:43.0183 2708 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
22:17:43.0183 2708 sermouse - ok
22:17:43.0292 2708 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
22:17:43.0292 2708 sffdisk - ok
22:17:43.0323 2708 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
22:17:43.0323 2708 sffp_mmc - ok
22:17:43.0339 2708 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
22:17:43.0339 2708 sffp_sd - ok
22:17:43.0370 2708 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
22:17:43.0370 2708 sfloppy - ok
22:17:43.0385 2708 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
22:17:43.0385 2708 sisagp - ok
22:17:43.0479 2708 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
22:17:43.0495 2708 SiSRaid2 - ok
22:17:43.0510 2708 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
22:17:43.0510 2708 SiSRaid4 - ok
22:17:43.0619 2708 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
22:17:43.0635 2708 Smb - ok
22:17:43.0682 2708 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
22:17:43.0682 2708 spldr - ok
22:17:43.0900 2708 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS
22:17:43.0900 2708 SRTSP - ok
22:17:43.0931 2708 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS
22:17:43.0931 2708 SRTSPX - ok
22:17:43.0994 2708 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
22:17:43.0994 2708 srv - ok
22:17:44.0072 2708 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
22:17:44.0072 2708 srv2 - ok
22:17:44.0103 2708 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
22:17:44.0103 2708 srvnet - ok
22:17:44.0150 2708 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
22:17:44.0150 2708 stexstor - ok
22:17:44.0259 2708 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
22:17:44.0259 2708 swenum - ok
22:17:44.0493 2708 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\windows\system32\drivers\NIS\1008030.006\SYMEFA.SYS
22:17:44.0493 2708 SymEFA - ok
22:17:44.0602 2708 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\windows\system32\Drivers\SYMEVENT.SYS
22:17:44.0618 2708 SymEvent - ok
22:17:44.0711 2708 SYMFW - ok
22:17:44.0805 2708 SymIM (34f1c9d5dcc19df1e824d6b73767b8af) C:\windows\system32\DRIVERS\SymIMv.sys
22:17:44.0805 2708 SymIM - ok
22:17:44.0836 2708 SYMNDISV - ok
22:17:44.0961 2708 SYMTDI (26bc80ec79d7ba478249c266cbdf17b4) C:\windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS
22:17:44.0961 2708 SYMTDI - ok
22:17:45.0070 2708 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
22:17:45.0070 2708 SynTP - ok
22:17:45.0257 2708 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\windows\system32\drivers\tcpip.sys
22:17:45.0273 2708 Tcpip - ok
22:17:45.0413 2708 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\windows\system32\DRIVERS\tcpip.sys
22:17:45.0429 2708 TCPIP6 - ok
22:17:45.0554 2708 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
22:17:45.0554 2708 tcpipreg - ok
22:17:45.0601 2708 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
22:17:45.0601 2708 tdcmdpst - ok
22:17:45.0694 2708 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
22:17:45.0694 2708 TDPIPE - ok
22:17:45.0694 2708 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
22:17:45.0710 2708 TDTCP - ok
22:17:45.0725 2708 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
22:17:45.0725 2708 tdx - ok
22:17:45.0741 2708 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
22:17:45.0741 2708 TermDD - ok
22:17:45.0913 2708 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
22:17:45.0928 2708 tos_sps32 - ok
22:17:45.0991 2708 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
22:17:45.0991 2708 tssecsrv - ok
22:17:46.0100 2708 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
22:17:46.0100 2708 tunnel - ok
22:17:46.0147 2708 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
22:17:46.0147 2708 TVALZ - ok
22:17:46.0209 2708 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
22:17:46.0209 2708 TVALZFL - ok
22:17:46.0256 2708 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
22:17:46.0256 2708 uagp35 - ok
22:17:46.0303 2708 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
22:17:46.0303 2708 udfs - ok
22:17:46.0396 2708 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
22:17:46.0396 2708 uliagpkx - ok
22:17:46.0427 2708 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
22:17:46.0427 2708 umbus - ok
22:17:46.0490 2708 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
22:17:46.0490 2708 UmPass - ok
22:17:46.0583 2708 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\windows\system32\Drivers\usbaapl.sys
22:17:46.0583 2708 USBAAPL - ok
22:17:46.0661 2708 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys
22:17:46.0661 2708 usbccgp - ok
22:17:46.0693 2708 USBCCID - ok
22:17:46.0771 2708 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
22:17:46.0771 2708 usbcir - ok
22:17:46.0849 2708 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\DRIVERS\usbehci.sys
22:17:46.0849 2708 usbehci - ok
22:17:46.0958 2708 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
22:17:46.0958 2708 usbhub - ok
22:17:47.0020 2708 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys
22:17:47.0020 2708 usbohci - ok
22:17:47.0067 2708 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
22:17:47.0083 2708 usbprint - ok
22:17:47.0176 2708 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:17:47.0176 2708 USBSTOR - ok
22:17:47.0254 2708 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\DRIVERS\usbuhci.sys
22:17:47.0254 2708 usbuhci - ok
22:17:47.0363 2708 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
22:17:47.0363 2708 usbvideo - ok
22:17:47.0426 2708 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
22:17:47.0426 2708 vdrvroot - ok
22:17:47.0504 2708 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
22:17:47.0504 2708 vga - ok
22:17:47.0535 2708 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
22:17:47.0535 2708 VgaSave - ok
22:17:47.0551 2708 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
22:17:47.0551 2708 vhdmp - ok
22:17:47.0613 2708 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
22:17:47.0613 2708 viaagp - ok
22:17:47.0675 2708 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
22:17:47.0675 2708 ViaC7 - ok
22:17:47.0722 2708 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
22:17:47.0722 2708 viaide - ok
22:17:47.0769 2708 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
22:17:47.0769 2708 volmgr - ok
22:17:47.0816 2708 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
22:17:47.0831 2708 volmgrx - ok
22:17:47.0863 2708 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
22:17:47.0878 2708 volsnap - ok
22:17:47.0972 2708 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
22:17:47.0972 2708 vsmraid - ok
22:17:48.0034 2708 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
22:17:48.0034 2708 vwifibus - ok
22:17:48.0128 2708 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
22:17:48.0128 2708 vwififlt - ok
22:17:48.0190 2708 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
22:17:48.0190 2708 WacomPen - ok
22:17:48.0221 2708 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
22:17:48.0221 2708 WANARP - ok
22:17:48.0237 2708 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
22:17:48.0237 2708 Wanarpv6 - ok
22:17:48.0362 2708 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
22:17:48.0362 2708 Wd - ok
22:17:48.0440 2708 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
22:17:48.0440 2708 Wdf01000 - ok
22:17:48.0565 2708 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
22:17:48.0565 2708 WfpLwf - ok
22:17:48.0611 2708 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
22:17:48.0611 2708 WIMMount - ok
22:17:48.0752 2708 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
22:17:48.0767 2708 WinUsb - ok
22:17:48.0814 2708 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
22:17:48.0814 2708 WmiAcpi - ok
22:17:48.0923 2708 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
22:17:48.0939 2708 ws2ifsl - ok
22:17:48.0986 2708 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
22:17:48.0986 2708 WudfPf - ok
22:17:49.0017 2708 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
22:17:49.0017 2708 WUDFRd - ok
22:17:49.0064 2708 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
22:17:49.0079 2708 \Device\Harddisk0\DR0 - ok
22:17:49.0095 2708 Boot (0x1200) (77b4b0281b72f18128feca08e1e30d8d) \Device\Harddisk0\DR0\Partition0
22:17:49.0095 2708 \Device\Harddisk0\DR0\Partition0 - ok
22:17:49.0111 2708 ============================================================
22:17:49.0111 2708 Scan finished
22:17:49.0111 2708 ============================================================
22:17:49.0126 3484 Detected object count: 0
22:17:49.0126 3484 Actual detected object count: 0

reply to mathaggie98
Thanks...

First:
The MBAM log shows a few items not selected for removal. It's not serious, but I would like to get them removed.

Run MBAM again, remove all it finds, and post the new log in this thread.

Second:
Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum