Trojan.BHO.H Virus

[hijklmnop]

I have downloaded and run the Malware Bytes Anti-Malware and have removed 3 of the 4 trojan viruses that came from a scam called Microsoft Thinkpoint.

However, I have a pesky one that will not come off the computer and every time I run the Malware Bytes program, it shows up immediately. I then remove it and the program asks me if I want to re-start the computer. So, I select to restart the computer and the virus comes right back the next time I run Malware Bytes progam.

The file name that keeps coming up is: C\Users\Amy\AppData\Local\Temp\low\COUPON~1.DLL. I have seen other threads on this Forum where people have been able to get this pesky virus removed, but some say, "If you are a casual viewer, DO NOT, try this on your computer".

PLEASE HELP!!

[RPMcMurphy]

Hello and welcome to Malwarebytes. Please follow these guidelines while we work on your PC:

[*]Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I

[hijklmnop]

Per your request, here's the info...(thank you so much for helping me!)

DDS (Ver_10-10-21.02) - NTFS_AMD64

Run by Amy at 11:21:04.95 on Wed 10/27/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2940.1341 [GMT -4:00]

============== Running Processes ===============

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\windows\system32\igfxext.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\windows\system32\DllHost.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe

C:\windows\system32\wuauclt.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\windows\splwow64.exe

C:\windows\system32\svchost.exe -k SDRSVC

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\Users\Amy\Desktop\dds.scr

C:\windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA

uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll

BHO: TTB000000 Class: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - C:\Users\Amy\AppData\Local\Temp\low\COUPON~1.DLL

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll

TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} - C:\Users\Amy\AppData\Local\Temp\low\CouponsBar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

TB-X64: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File

mRun-x64: [(Default)]

mRun-x64: [igfxTray] C:\windows\system32\igfxtray.exe

mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe

mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun-x64: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe

mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2010-4-15 482384]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-10-26 121936]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-10-26 20048]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-10-26 61008]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-26 40384]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]

R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2010-4-15 126392]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]

R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-26 40384]

R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-26 40384]

R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-4-15 9216]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-5 291328]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-4-26 1103904]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-4-15 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]

R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-16 135664]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-26 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-19 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2010-10-27 11:51:34 -------- d-----w- C:\Program Files (x86)\CCleaner

2010-10-26 23:50:22 61008 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys

2010-10-26 23:50:10 38848 ----a-w- C:\windows\avastSS.scr

2010-10-26 23:50:07 -------- d-----w- C:\PROGRA~3\Alwil Software

2010-10-26 15:14:22 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{2E1D0006-8B33-4981-9605-39F6B647C6DA}\mpengine.dll

2010-10-26 15:13:05 -------- d-----w- C:\Users\Amy\AppData\Roaming\Malwarebytes

2010-10-26 15:12:56 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys

2010-10-26 15:12:55 24664 ----a-w- C:\windows\System32\drivers\mbam.sys

2010-10-26 15:12:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2010-10-26 15:12:55 -------- d-----w- C:\PROGRA~3\Malwarebytes

2010-10-26 12:11:25 -------- d-----w- C:\windows\en

2010-10-26 12:09:21 48488 ----a-w- C:\windows\System32\drivers\fssfltr.sys

2010-10-26 12:08:16 -------- d-----w- C:\Program Files (x86)\MSN Toolbar

2010-10-26 12:08:07 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer

2010-10-26 12:08:03 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll

2010-10-26 12:08:03 523088 ----a-w- C:\windows\System32\d3dx10_42.dll

2010-10-26 12:08:03 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll

2010-10-26 12:08:03 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll

2010-10-26 11:23:25 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3344c8221cb75002e\InstallManager_WLE_WLE.exe

2010-10-26 11:22:59 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2504cdeb1cb750022\MeshBetaRemover.exe

2010-10-26 11:22:39 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\18173a6d1cb75001a\DSETUP.dll

2010-10-26 11:22:39 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\18173a6d1cb75001a\DXSETUP.exe

2010-10-26 11:22:39 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\18173a6d1cb75001a\dsetup32.dll

2010-10-26 11:22:36 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\175ff0781cb750019\DSETUP.dll

2010-10-26 11:22:36 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\175ff0781cb750019\DXSETUP.exe

2010-10-26 11:22:36 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\175ff0781cb750019\dsetup32.dll

2010-10-26 11:21:53 -------- d-----w- C:\Users\Amy\AppData\Local\Windows Live

2010-10-26 11:21:25 257024 ----a-w- C:\windows\System32\mfreadwrite.dll

2010-10-26 11:21:25 206848 ----a-w- C:\windows\System32\mfps.dll

2010-10-26 11:21:25 196608 ----a-w- C:\windows\SysWow64\mfreadwrite.dll

2010-10-26 11:21:25 1619456 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL

2010-10-26 11:21:24 4068864 ----a-w- C:\windows\System32\mf.dll

2010-10-26 11:21:24 3181568 ----a-w- C:\windows\SysWow64\mf.dll

2010-10-26 11:21:24 1888256 ----a-w- C:\windows\System32\WMVDECOD.DLL

2010-10-26 11:21:18 14336 ----a-w- C:\windows\System32\drivers\sffp_sd.sys

2010-10-05 18:47:49 -------- d-----w- C:\Program Files (x86)\Picaboo X

2010-09-29 12:11:29 184832 ----a-w- C:\windows\System32\drivers\usbvideo.sys

2010-09-29 12:11:28 243712 ----a-w- C:\windows\System32\drivers\ks.sys

2010-09-28 19:56:21 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2010-09-28 19:56:21 2048 ----a-w- C:\windows\System32\tzres.dll

2010-09-28 19:56:16 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2010-09-28 19:56:16 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

==================== Find3M ====================

2010-10-19 15:41:44 270720 ------w- C:\windows\System32\MpSigStub.exe

2010-09-23 04:47:28 49016 ----a-w- C:\windows\SysWow64\sirenacm.dll

2010-09-23 04:32:56 301936 ----a-w- C:\windows\WLXPGSS.SCR

2010-09-21 18:49:02 252800 ----a-w- C:\windows\System32\LIVESSP.DLL

2010-09-21 18:03:14 208768 ----a-w- C:\windows\SysWow64\LIVESSP.DLL

2010-09-08 05:36:17 1192960 ----a-w- C:\windows\System32\wininet.dll

2010-09-08 05:34:34 57856 ----a-w- C:\windows\System32\licmgr10.dll

2010-09-08 04:30:04 978432 ----a-w- C:\windows\SysWow64\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll

2010-09-08 04:16:38 482816 ----a-w- C:\windows\System32\html.iec

2010-09-08 03:35:30 1638912 ----a-w- C:\windows\System32\mshtml.tlb

2010-09-08 03:22:31 386048 ----a-w- C:\windows\SysWow64\html.iec

2010-09-08 02:48:16 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb

2010-09-01 05:12:09 12625920 ----a-w- C:\windows\System32\wmploc.DLL

2010-09-01 04:23:49 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL

2010-09-01 02:58:34 3123712 ----a-w- C:\windows\System32\win32k.sys

2010-08-31 04:32:30 954752 ----a-w- C:\windows\SysWow64\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- C:\windows\SysWow64\mfc40u.dll

2010-08-27 06:14:02 236032 ----a-w- C:\windows\System32\srvsvc.dll

2010-08-27 05:46:48 9728 ----a-w- C:\windows\SysWow64\sscore.dll

2010-08-27 03:38:04 463360 ----a-w- C:\windows\System32\drivers\srv.sys

2010-08-27 03:37:48 402944 ----a-w- C:\windows\System32\drivers\srv2.sys

2010-08-27 03:37:26 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys

2010-08-26 05:27:28 148992 ----a-w- C:\windows\System32\t2embed.dll

2010-08-26 04:39:58 109056 ----a-w- C:\windows\SysWow64\t2embed.dll

2010-08-21 06:38:47 1024512 ----a-w- C:\windows\System32\wmpmde.dll

2010-08-21 06:36:49 340992 ----a-w- C:\windows\System32\schannel.dll

2010-08-21 06:31:06 633856 ----a-w- C:\windows\System32\comctl32.dll

2010-08-21 06:29:47 558592 ----a-w- C:\windows\System32\spoolsv.exe

2010-08-21 05:36:33 738816 ----a-w- C:\windows\SysWow64\wmpmde.dll

2010-08-21 05:36:24 224256 ----a-w- C:\windows\SysWow64\schannel.dll

2010-08-21 05:33:24 530432 ----a-w- C:\windows\SysWow64\comctl32.dll

============= FINISH: 11:21:45.19 ===============

Attach.txt

[hijklmnop]

When I tried to run the RK Unhooker LE after saving it to my desktop, it gave me the Error Message: "Error Loading Driver, NSTATUS code: 0xC000036B.

Not sure what to make of that??

[RPMcMurphy]

I see now that you have a 64 bit OS. That will require a different approach; please disregard Rootkit Unhooker and run this for me:

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of OTL.txt into your next post.
  

[hijklmnop]

Here you go. Do you need me to attach the other file that was created?

OTL logfile created on: 10/27/2010 11:57:59 AM - Run 1

OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Amy\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 287.55 Gb Total Space | 246.60 Gb Free Space | 85.76% Space Free | Partition Type: NTFS

Computer Name: AMY-PC | User Name: Amy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/27 11:56:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe

PRC - [2010/10/24 11:32:26 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2010/10/11 07:45:34 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe

PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/04/15 22:11:17 | 000,729,024 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe

PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/11/12 22:35:14 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe

PRC - [2009/07/28 23:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe

PRC - [2009/07/14 22:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe

PRC - [2009/07/13 18:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe

PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe

========== Modules (SafeList) ==========

MOD - [2010/10/27 11:56:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe

MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2009/08/11 19:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2009/08/05 17:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2009/08/04 14:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2009/08/03 22:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2009/07/28 19:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/08/27 14:28:00 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe -- (NIS)

SRV - [2009/08/17 13:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2009/08/10 22:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)

SRV - [2009/07/14 22:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/09/07 10:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2010/04/26 17:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)

DRV:64bit: - [2009/11/05 14:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/08/29 20:16:41 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2009/08/29 20:16:41 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2009/08/27 11:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/08/07 08:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/24 18:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)

DRV:64bit: - [2009/07/20 20:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)

DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2009/08/29 05:00:00 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\EX64.SYS -- (NAVEX15)

DRV - [2009/08/29 05:00:00 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\ENG64.SYS -- (NAVENG)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=TSNA&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\

FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\Amy\AppData\Local\Temp\low\COUPON~1.DLL File not found

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\Amy\AppData\Local\Temp\low\CouponsBar.dll File not found

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\Amy\AppData\Local\Temp\low\CouponsBar.dll File not found

O4:64bit: - HKLM..\Run: [] File not found

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{31f49678-7b0d-11df-8ea0-00266c6afc62}\Shell - "" = AutoRun

O33 - MountPoints2\{31f49678-7b0d-11df-8ea0-00266c6afc62}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/27 11:56:07 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe

[2010/10/27 07:51:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner

[2010/10/26 19:50:26 | 000,121,936 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys

[2010/10/26 19:50:26 | 000,020,048 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys

[2010/10/26 19:50:25 | 000,051,280 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys

[2010/10/26 19:50:25 | 000,028,752 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr.sys

[2010/10/26 19:50:22 | 000,061,008 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys

[2010/10/26 19:50:10 | 000,167,592 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe

[2010/10/26 19:50:10 | 000,038,848 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr

[2010/10/26 19:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software

[2010/10/26 19:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2010/10/26 13:55:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2010/10/26 11:13:05 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Roaming\Malwarebytes

[2010/10/26 11:12:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys

[2010/10/26 11:12:55 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2010/10/26 11:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/10/26 11:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/10/26 08:11:25 | 000,000,000 | ---D | C] -- C:\windows\en

[2010/10/26 08:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2010/10/26 08:08:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar

[2010/10/26 08:08:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer

[2010/10/26 07:21:53 | 000,000,000 | ---D | C] -- C:\Users\Amy\AppData\Local\Windows Live

[2010/10/13 20:12:19 | 000,000,000 | ---D | C] -- C:\Users\Amy\Documents\Outlook Files

[2010/10/05 14:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Picaboo X

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/27 11:56:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Amy\Desktop\OTL.exe

[2010/10/27 11:42:31 | 000,034,560 | ---- | M] () -- C:\windows\SysWow64\drivers\Normandy.sys

[2010/10/27 11:17:24 | 000,545,280 | ---- | M] () -- C:\Users\Amy\Desktop\dds.scr

[2010/10/27 11:06:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/10/27 10:41:59 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/27 10:41:59 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/27 08:07:52 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/10/27 08:05:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2010/10/27 08:05:38 | 2312,097,792 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/27 07:51:35 | 000,001,018 | ---- | M] () -- C:\Users\Amy\Desktop\CCleaner.lnk

[2010/10/26 21:47:47 | 000,016,949 | ---- | M] () -- C:\Users\Amy\Desktop\Chris Phillips Cover Letter.docx

[2010/10/26 21:43:45 | 000,049,152 | ---- | M] () -- C:\Users\Amy\Desktop\Chris Phillips Resume.doc

[2010/10/26 19:50:26 | 000,001,863 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2010/10/26 19:50:22 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt

[2010/10/26 13:55:59 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/10/26 11:12:59 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/26 08:32:32 | 000,000,006 | ---- | M] () -- C:\Users\Amy\AppData\Roaming\completescan

[2010/10/26 08:27:28 | 000,000,010 | ---- | M] () -- C:\Users\Amy\AppData\Roaming\install

[2010/10/26 08:25:43 | 000,000,142 | ---- | M] () -- C:\Users\Amy\Desktop\jkhkj.bat

[2010/10/24 15:26:51 | 000,015,870 | ---- | M] () -- C:\Users\Amy\Desktop\Cover Letter In Body of E-Mail.docx

[2010/10/22 12:55:25 | 000,014,453 | ---- | M] () -- C:\Users\Amy\Documents\Ideas for Christmas Gifts.docx

[2010/10/15 08:23:51 | 000,424,808 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2010/10/15 07:41:27 | 000,740,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2010/10/15 07:41:27 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2010/10/15 07:41:27 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2010/10/14 08:32:44 | 000,015,786 | ---- | M] () -- C:\Users\Amy\Desktop\Cover Letter In Body of E-Mail Template.docx

[2010/10/13 20:12:51 | 000,003,083 | ---- | M] () -- C:\Users\Amy\Desktop\Travis Flenniken.vcf

[2010/10/13 14:26:16 | 000,038,400 | ---- | M] () -- C:\Users\Amy\Documents\BudgetSpreadsheetFall2010(1).xls

[2010/10/07 18:46:19 | 000,090,112 | ---- | M] () -- C:\Users\Amy\Desktop\Chris_Phillips_Resume.doc

[2010/10/07 18:46:04 | 000,011,033 | ---- | M] () -- C:\Users\Amy\Desktop\AIMS_Essay.docx

[2010/10/05 14:47:50 | 000,000,892 | ---- | M] () -- C:\Users\Public\Desktop\Picaboo X.lnk

[2010/10/04 09:57:50 | 000,047,104 | ---- | M] () -- C:\Users\Amy\Desktop\Christopher J. Phillips Resume.doc

[2010/10/04 09:52:37 | 000,047,104 | ---- | M] () -- C:\Users\Amy\Desktop\Chris J. Phillips Resume.doc

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/27 11:31:52 | 000,034,560 | ---- | C] () -- C:\windows\SysWow64\drivers\Normandy.sys

[2010/10/27 11:17:14 | 000,545,280 | ---- | C] () -- C:\Users\Amy\Desktop\dds.scr

[2010/10/27 07:51:35 | 000,001,018 | ---- | C] () -- C:\Users\Amy\Desktop\CCleaner.lnk

[2010/10/26 19:50:26 | 000,001,863 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2010/10/26 19:50:22 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt

[2010/10/26 13:55:59 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/10/26 12:00:29 | 000,001,290 | ---- | C] () -- C:\Users\Amy\Desktop\dfrgui.lnk

[2010/10/26 12:00:07 | 000,001,252 | ---- | C] () -- C:\Users\Amy\Desktop\Disk Cleanup.lnk

[2010/10/26 11:12:59 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/26 08:32:32 | 000,000,006 | ---- | C] () -- C:\Users\Amy\AppData\Roaming\completescan

[2010/10/26 08:27:28 | 000,000,010 | ---- | C] () -- C:\Users\Amy\AppData\Roaming\install

[2010/10/26 08:25:43 | 000,000,142 | ---- | C] () -- C:\Users\Amy\Desktop\jkhkj.bat

[2010/10/15 16:32:56 | 000,014,453 | ---- | C] () -- C:\Users\Amy\Documents\Ideas for Christmas Gifts.docx

[2010/10/14 08:32:44 | 000,015,786 | ---- | C] () -- C:\Users\Amy\Desktop\Cover Letter In Body of E-Mail Template.docx

[2010/10/14 07:43:54 | 000,015,870 | ---- | C] () -- C:\Users\Amy\Desktop\Cover Letter In Body of E-Mail.docx

[2010/10/13 20:12:50 | 000,003,083 | ---- | C] () -- C:\Users\Amy\Desktop\Travis Flenniken.vcf

[2010/10/13 14:26:16 | 000,038,400 | ---- | C] () -- C:\Users\Amy\Documents\BudgetSpreadsheetFall2010(1).xls

[2010/10/07 18:46:17 | 000,090,112 | ---- | C] () -- C:\Users\Amy\Desktop\Chris_Phillips_Resume.doc

[2010/10/07 18:46:04 | 000,011,033 | ---- | C] () -- C:\Users\Amy\Desktop\AIMS_Essay.docx

[2010/10/06 20:19:37 | 000,016,949 | ---- | C] () -- C:\Users\Amy\Desktop\Chris Phillips Cover Letter.docx

[2010/10/05 14:47:50 | 000,000,892 | ---- | C] () -- C:\Users\Public\Desktop\Picaboo X.lnk

[2010/10/04 09:57:50 | 000,047,104 | ---- | C] () -- C:\Users\Amy\Desktop\Christopher J. Phillips Resume.doc

[2010/10/04 09:52:36 | 000,047,104 | ---- | C] () -- C:\Users\Amy\Desktop\Chris J. Phillips Resume.doc

[2010/10/02 09:18:15 | 000,049,152 | ---- | C] () -- C:\Users\Amy\Desktop\Chris Phillips Resume.doc

[2010/06/24 15:39:40 | 000,000,000 | ---- | C] () -- C:\Users\Amy\AppData\Roaming\wklnhst.dat

[2010/04/15 22:30:42 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI

[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll

[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/08/23 10:28:51 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1

[2010/06/27 22:16:30 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\E-centives

[2010/10/06 19:50:55 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\Toshiba

[2010/06/16 17:05:04 | 000,000,000 | ---D | M] -- C:\Users\Amy\AppData\Roaming\WinBatch

[2009/07/14 01:08:49 | 000,026,396 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

[RPMcMurphy]

Save that Extras.txt log, but I don't need it right now.

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  

  :OTL
  O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\Amy\AppData\Local\Temp\low\COUPON~1.DLL File not found
  O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\Amy\AppData\Local\Temp\low\CouponsBar.dll File not found
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\Amy\AppData\Local\Temp\low\CouponsBar.dll File not found
  O4:64bit: - HKLM..\Run: [] File not found
  O33 - MountPoints2\{31f49678-7b0d-11df-8ea0-00266c6afc62}\Shell - "" = AutoRun
  O33 - MountPoints2\{31f49678-7b0d-11df-8ea0-00266c6afc62}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
  [2010/10/26 08:25:43 | 000,000,142 | ---- | M] () -- C:\Users\Amy\Desktop\jkhkj.bat
  [2010/10/26 08:32:32 | 000,000,006 | ---- | M] () -- C:\Users\Amy\AppData\Roaming\completescan
  [2010/10/26 08:27:28 | 000,000,010 | ---- | M] () -- C:\Users\Amy\AppData\Roaming\install
  :Commands
  [EmptyFlash]
  [EmptyTemp]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, it will reboot when it is done and produce a log
  

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

• Click the Update tab
  
• Click Check for Updates
  
• If an update is found, it will download and install the latest version.
  
• The program will close to update and reopen.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:

• MBAM log
  
• OTL Fix log
  

[hijklmnop]

Here are the latest logs from OTL and MBAM: (Note: MBAM found no infected files so there was no removal)

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31f49678-7b0d-11df-8ea0-00266c6afc62}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31f49678-7b0d-11df-8ea0-00266c6afc62}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31f49678-7b0d-11df-8ea0-00266c6afc62}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31f49678-7b0d-11df-8ea0-00266c6afc62}\ not found.

File E:\LaunchU3.exe not found.

C:\Users\Amy\Desktop\jkhkj.bat moved successfully.

C:\Users\Amy\AppData\Roaming\completescan moved successfully.

C:\Users\Amy\AppData\Roaming\install moved successfully.

========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Amy

->Flash cache emptied: 59683 bytes

User: Default

->Flash cache emptied: 56504 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4966

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10/27/2010 1:13:20 PM

mbam-log-2010-10-27 (13-13-20).txt

Scan type: Quick scan

Objects scanned: 140170

Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Save that Extras.txt log, but I don't need it right now.

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  

  :OTL
  O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\Amy\AppData\Local\Temp\low\COUPON~1.DLL File not found
  O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\Amy\AppData\Local\Temp\low\CouponsBar.dll File not found
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\Amy\AppData\Local\Temp\low\CouponsBar.dll File not found
  O4:64bit: - HKLM..\Run: [] File not found
  O33 - MountPoints2\{31f49678-7b0d-11df-8ea0-00266c6afc62}\Shell - "" = AutoRun
  O33 - MountPoints2\{31f49678-7b0d-11df-8ea0-00266c6afc62}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
  [2010/10/26 08:25:43 | 000,000,142 | ---- | M] () -- C:\Users\Amy\Desktop\jkhkj.bat
  [2010/10/26 08:32:32 | 000,000,006 | ---- | M] () -- C:\Users\Amy\AppData\Roaming\completescan
  [2010/10/26 08:27:28 | 000,000,010 | ---- | M] () -- C:\Users\Amy\AppData\Roaming\install
  :Commands
  [EmptyFlash]
  [EmptyTemp]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, it will reboot when it is done and produce a log
  

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

• Click the Update tab
  
• Click Check for Updates
  
• If an update is found, it will download and install the latest version.
  
• The program will close to update and reopen.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:

• MBAM log
  
• OTL Fix log
  

[RPMcMurphy]

Please do this next:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Java 6 Update 14 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. If it does not, let me know.

Once the install is complete...

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

• On the General tab, under Temporary Internet Files, click the Settings button.
  
• Next, click on the Delete Files button
  
• There are two options in the window to clear the cache - Leave BOTH Checked
  
  • Applications and Applets
    
  • Trace and Log Files
    

  [*]Click OK on Delete Temporary Files Window

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

• Click OK to leave the Temporary Files Window
  
• Click OK to leave the Java Control Panel.
  

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
  

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

• Once the update is complete, click on Settings.
  
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • 
    
  • Spyware, adware, dialers, and other riskware
    
  • Archives
    
  • E-mail databases
    

  [*]Click on My Computer under the green Scan bar to the left to start the scan.

  [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

  [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

  [*]Click View report... at the bottom.

  [*] Click the Save report... button.

  [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Please include the following in your next post:

• Kaspersky log
  

[hijklmnop]

I have disconnected AVAST but I cannot find microsoft essentials on the computer. How do I get to it or do I not have this? (MSE was where the initial warning came from).

[hijklmnop]

Per your request, here is the report run from the Kaspersky website...

KASPERSKY ONLINE SCANNER 7.0: scan report

Wednesday, October 27, 2010

Operating system: Microsoft (build 7600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Wednesday, October 27, 2010 14:50:57

Records in database: 4179029

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

Scan statistics:

Objects scanned: 112441

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 02:11:41

No threats found. Scanned area is clean.

Selected area has been scanned.

[RPMcMurphy]

Your logs are looking good. I don't think you ever had Microsoft Security Essentials (MSSE) installed - what you saw was the malware pretending to be MSSE. How is your computer running now?

[hijklmnop]

I can't believe it! Before, when I would run Malware Bytes and do either a quick scan or a full scan, within the first few seconds, that stupid Trojan.BHO.H virus would inevitably pop up. I am currently running the full scan using Malware Bytes and nothing popped up like it was doing previously. Somehow, that stupid virus got zapped out of our boot up process (not technical term I know). I'm going to let the full scan run just to make sure, but it looks promising as of now. I will respond back to you once the Full Scan is complete with the results. Thank you so much for your assistance! We greatly appreciate it!

[hijklmnop]

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4966

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10/28/2010 8:23:01 AM

mbam-log-2010-10-28 (08-23-01).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 242857

Time elapsed: 1 hour(s), 22 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

THANK YOU SO VERY MUCH!!!! This is amazing! We appreciate all of your help!

[RPMcMurphy]

Looks good! All I have left for you to do is some very important cleanup:

Clean up with OTL:

• Double-click OTL.exe to start the program.
  
• Close all other programs apart from OTL as this step will require a reboot
  
• On the OTL main screen, press the CLEANUP button
  
• Say Yes to the prompt and then allow the program to reboot your computer.
  
• Manually delete any remaining logs or tools.
  

Finally, I'd like to make a couple of suggestions to help you stay clean in the future:

• Restart any anti-malware programs that we disabled while we were cleaning your machine.
  
• Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  
• Please visit our General Computer Security Forum and review this post for some helpful information.
  

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

[hijklmnop]

OTL clean up was run and everything looks good! Again, thanks for all of your help!

[RPMcMurphy]

You're very welcome. Take care.

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.