Lingering infection?

[thewonderwaller]

Greetings,

I had a malware infection several weeks ago that I thought I had removed, but I have not been able to get Windows Defender working properly since the infection. I received a 0x80070424 error every time I start Windows Defender. In addition when I ran a full system scan with AntiVir I received 4 warnings and I was unable to save the log file by clicking the "save" dialog button. Clicking the save button prompted an error message stating that I did not have administrator privileges. I was able to save the log file by creating a randomly named .txt file to my desktop and copy-pasting the contents of the log file.

Here are my logs from MBAM, AntiVir, and DDS, as well as a .zip with ark.txt and Attach.txt

-----------------------------------------------------------

mbam-log-2011-08-10 (15-20-26)

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7429

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

8/10/2011 3:20:26 PM

mbam-log-2011-08-10 (15-20-26).txt

Scan type: Quick scan

Objects scanned: 206630

Time elapsed: 6 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

----------------------------

AVSCAN-20110810-152652-D720115C9.txt

Avira AntiVir Personal

Report file date: Wednesday, August 10, 2011 15:27

Scanning for 3357946 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows Vista 64 Bit

Windows version : (Service Pack 1) [6.1.7601]

Boot mode : Normally booted

Username : SYSTEM

Computer name : ERIC-LAPTOP

Version information:

BUILD.DAT : 9.0.0.429 21701 Bytes 10/6/2010 10:04:00

AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 18:26:33

AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 17:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 18:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 17:58:52

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:35:52

VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 14:09:14

VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 16:55:06

VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 16:46:33

VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 21:58:39

VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 05:13:28

VBASE006.VDF : 7.11.10.252 2048 Bytes 7/7/2011 05:13:28

VBASE007.VDF : 7.11.10.253 2048 Bytes 7/7/2011 05:13:28

VBASE008.VDF : 7.11.10.254 2048 Bytes 7/7/2011 05:13:29

VBASE009.VDF : 7.11.10.255 2048 Bytes 7/7/2011 05:13:29

VBASE010.VDF : 7.11.11.0 2048 Bytes 7/7/2011 05:13:29

VBASE011.VDF : 7.11.11.1 2048 Bytes 7/7/2011 05:13:29

VBASE012.VDF : 7.11.11.2 2048 Bytes 7/7/2011 05:13:30

VBASE013.VDF : 7.11.11.75 688128 Bytes 7/12/2011 05:13:30

VBASE014.VDF : 7.11.11.104 978944 Bytes 7/13/2011 01:53:09

VBASE015.VDF : 7.11.11.137 655360 Bytes 7/14/2011 01:53:12

VBASE016.VDF : 7.11.11.184 699392 Bytes 7/18/2011 01:53:16

VBASE017.VDF : 7.11.11.214 414208 Bytes 7/19/2011 01:53:18

VBASE018.VDF : 7.11.11.242 772096 Bytes 7/20/2011 01:53:21

VBASE019.VDF : 7.11.12.3 1291776 Bytes 7/20/2011 01:53:27

VBASE020.VDF : 7.11.12.30 844288 Bytes 7/21/2011 22:34:43

VBASE021.VDF : 7.11.12.67 149504 Bytes 7/24/2011 22:34:44

VBASE022.VDF : 7.11.12.93 195072 Bytes 7/25/2011 22:34:45

VBASE023.VDF : 7.11.12.113 150528 Bytes 7/26/2011 22:34:46

VBASE024.VDF : 7.11.12.152 182784 Bytes 7/28/2011 22:34:49

VBASE025.VDF : 7.11.12.181 117760 Bytes 8/1/2011 05:33:18

VBASE026.VDF : 7.11.12.205 148480 Bytes 8/3/2011 05:33:20

VBASE027.VDF : 7.11.12.229 252928 Bytes 8/5/2011 15:39:44

VBASE028.VDF : 7.11.12.243 134656 Bytes 8/8/2011 21:26:11

VBASE029.VDF : 7.11.12.244 2048 Bytes 8/8/2011 21:26:11

VBASE030.VDF : 7.11.12.245 2048 Bytes 8/8/2011 21:26:11

VBASE031.VDF : 7.11.13.12 155648 Bytes 8/10/2011 21:26:13

Engineversion : 8.2.6.28

AEVDF.DLL : 8.1.2.1 106868 Bytes 7/31/2010 04:38:58

AESCRIPT.DLL : 8.1.3.74 1622393 Bytes 8/7/2011 15:40:33

AESCN.DLL : 8.1.7.2 127349 Bytes 11/30/2010 03:06:46

AESBX.DLL : 8.2.1.34 323957 Bytes 6/5/2011 21:59:42

AERDL.DLL : 8.1.9.13 639349 Bytes 7/21/2011 01:53:51

AEPACK.DLL : 8.2.9.5 676214 Bytes 7/21/2011 01:53:49

AEOFFICE.DLL : 8.1.2.13 201083 Bytes 7/28/2011 22:35:08

AEHEUR.DLL : 8.1.2.151 3584374 Bytes 8/7/2011 15:40:22

AEHELP.DLL : 8.1.17.7 254327 Bytes 7/28/2011 22:34:52

AEGEN.DLL : 8.1.5.7 401778 Bytes 8/7/2011 15:39:58

AEEMU.DLL : 8.1.3.0 393589 Bytes 11/30/2010 03:06:22

AECORE.DLL : 8.1.22.4 196983 Bytes 7/21/2011 01:53:32

AEBB.DLL : 8.1.1.0 53618 Bytes 4/23/2010 16:30:57

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 15:47:59

AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 22:14:02

AVREP.DLL : 10.0.0.9 174120 Bytes 3/6/2011 19:01:28

AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 17:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 22:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 17:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 22:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 15:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 17:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 22:39:58

RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 19:25:47

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files (x86)\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: quarantine

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Wednesday, August 10, 2011 15:27

Starting search for hidden objects.

The driver could not be initialized.

The scan of running processes will be started

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'googletalkplugin.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'VSSVC.exe' - '0' Module(s) have been scanned

Scan process 'mbam.exe' - '1' Module(s) have been scanned

Scan process 'plugin-container.exe' - '1' Module(s) have been scanned

Scan process 'TosSENotify.exe' - '0' Module(s) have been scanned

Scan process 'TPCHWMsg.exe' - '0' Module(s) have been scanned

Scan process 'TosSmartSrv.exe' - '0' Module(s) have been scanned

Scan process 'TPCHSrv.exe' - '0' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'TMachInfo.exe' - '0' Module(s) have been scanned

Scan process 'FsynSrvStarter.exe' - '1' Module(s) have been scanned

Scan process 'HTCVBTServer.exe' - '1' Module(s) have been scanned

Scan process 'CFSwMgr.exe' - '1' Module(s) have been scanned

Scan process 'epmworker.exe' - '1' Module(s) have been scanned

Scan process 'ClientInitiatedStarter.exe' - '1' Module(s) have been scanned

Scan process 'Generic.exe' - '1' Module(s) have been scanned

Scan process 'iPodService.exe' - '0' Module(s) have been scanned

Scan process 'dllhost.exe' - '0' Module(s) have been scanned

Scan process 'logger.exe' - '1' Module(s) have been scanned

Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned

Scan process 'CarboniteUI.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned

Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'ToshibaServiceStation.exe' - '0' Module(s) have been scanned

Scan process 'NDSTray.exe' - '1' Module(s) have been scanned

Scan process 'CFProcSRVC.exe' - '1' Module(s) have been scanned

Scan process 'CFIWmxSvcs64.exe' - '0' Module(s) have been scanned

Scan process 'taskeng.exe' - '0' Module(s) have been scanned

Scan process 'KHALMNPR.exe' - '0' Module(s) have been scanned

Scan process 'SetPoint32.exe' - '1' Module(s) have been scanned

Scan process 'wmpnetwk.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'SetPoint.exe' - '0' Module(s) have been scanned

Scan process 'igfxext.exe' - '0' Module(s) have been scanned

Scan process 'SynTPHelper.exe' - '0' Module(s) have been scanned

Scan process 'Teco.exe' - '0' Module(s) have been scanned

Scan process 'TCrdMain.exe' - '0' Module(s) have been scanned

Scan process 'TSVNCache.exe' - '0' Module(s) have been scanned

Scan process 'SmoothView.exe' - '0' Module(s) have been scanned

Scan process 'TPwrMain.exe' - '0' Module(s) have been scanned

Scan process 'ThpSrv.exe' - '0' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '0' Module(s) have been scanned

Scan process 'RAVCpl64.exe' - '0' Module(s) have been scanned

Scan process 'igfxpers.exe' - '0' Module(s) have been scanned

Scan process 'hkcmd.exe' - '0' Module(s) have been scanned

Scan process 'igfxsrvc.exe' - '0' Module(s) have been scanned

Scan process 'igfxtray.exe' - '0' Module(s) have been scanned

Scan process 'explorer.exe' - '0' Module(s) have been scanned

Scan process 'dwm.exe' - '0' Module(s) have been scanned

Scan process 'taskhost.exe' - '0' Module(s) have been scanned

Scan process 'mscorsvw.exe' - '0' Module(s) have been scanned

Scan process 'mscorsvw.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'WLIDSVCM.EXE' - '0' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '0' Module(s) have been scanned

Scan process 'WLIDSVC.EXE' - '0' Module(s) have been scanned

Scan process 'TecoService.exe' - '0' Module(s) have been scanned

Scan process 'TosCoSrv.exe' - '0' Module(s) have been scanned

Scan process 'TODDSrv.exe' - '0' Module(s) have been scanned

Scan process 'ThpSrv.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'SeaPort.exe' - '1' Module(s) have been scanned

Scan process 'CarboniteService.exe' - '0' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'spoolsv.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'lsm.exe' - '0' Module(s) have been scanned

Scan process 'lsass.exe' - '0' Module(s) have been scanned

Scan process 'winlogon.exe' - '0' Module(s) have been scanned

Scan process 'services.exe' - '0' Module(s) have been scanned

Scan process 'csrss.exe' - '0' Module(s) have been scanned

Scan process 'wininit.exe' - '0' Module(s) have been scanned

Scan process 'csrss.exe' - '0' Module(s) have been scanned

Scan process 'smss.exe' - '0' Module(s) have been scanned

28 processes with 28 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '29' files ).

Starting the file scan:

Begin scan in 'C:\' <TI102782W0E>

C:\hiberfil.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6NILA1R\IE9-win7[1].msu

[0] Archive type: CAB (Microsoft)

--> Windows6.1-KB982861-x64.cab

[WARNING] No further files can be extracted from this archive. The archive will be closed

[WARNING] No further files can be extracted from this archive. The archive will be closed

End of the scan: Wednesday, August 10, 2011 18:35

Used time: 3:07:59 Hour(s)

The scan has been done completely.

63010 Scanned directories

1256798 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

2 Files cannot be scanned

1256796 Files not concerned

10017 Archives were scanned

4 Warnings

2 Notes

----------------------------------

DDS.txt

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Eric at 19:52:17 on 2011-08-10

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2098 [GMT -6:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\ThpSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\ThpSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\windows\system32\igfxext.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe

C:\windows\system32\DllHost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe

C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\system32\vssvc.exe

C:\windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

uRun: [Google Update] "C:\Users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [googletalk] C:\Users\Eric\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{C877E47E-AB5B-48FA-A10F-E09920502C8B} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{C877E47E-AB5B-48FA-A10F-E09920502C8B}\2375942554238363 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{C877E47E-AB5B-48FA-A10F-E09920502C8B}\2375942554834303 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{C877E47E-AB5B-48FA-A10F-E09920502C8B}\255637964656E636560294E6E6 : DhcpNameServer = 8.8.8.8 8.8.4.4 208.67.220.220

TCP: Interfaces\{C877E47E-AB5B-48FA-A10F-E09920502C8B}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 192.168.1.254

TCP: Interfaces\{C877E47E-AB5B-48FA-A10F-E09920502C8B}\451686F656 : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{C877E47E-AB5B-48FA-A10F-E09920502C8B}\74C6F62616C6355796475675962756C6563737 : DhcpNameServer = 4.2.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe /SETUP

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\vcowo715.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Users\Eric\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll

FF - plugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\vcowo715.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll

FF - plugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\Eric\AppData\Roaming\Move Networks

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

.

============= SERVICES / DRIVERS ===============

.

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2009-12-7 108289]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2009-12-7 185089]

R2 avgntflt;avgntflt;C:\windows\system32\DRIVERS\avgntflt.sys --> C:\windows\system32\DRIVERS\avgntflt.sys [?]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]

R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]

R2 rimspci;rimspci;C:\windows\system32\DRIVERS\rimspe64.sys --> C:\windows\system32\DRIVERS\rimspe64.sys [?]

R2 risdpcie;risdpcie;C:\windows\system32\DRIVERS\risdpe64.sys --> C:\windows\system32\DRIVERS\risdpe64.sys [?]

R2 rixdpcie;rixdpcie;C:\windows\system32\DRIVERS\rixdpe64.sys --> C:\windows\system32\DRIVERS\rixdpe64.sys [?]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]

R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\windows\system32\drivers\IntcHdmi.sys --> C:\windows\system32\drivers\IntcHdmi.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-11-17 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-9-17 137560]

R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 HTCAND64;HTC Device Driver;C:\windows\system32\Drivers\ANDROIDUSB.sys --> C:\windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\windows\system32\DRIVERS\S3XXx64.sys --> C:\windows\system32\DRIVERS\S3XXx64.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-08-10 15:34:14 338432 ----a-w- C:\windows\System32\conhost.exe

2011-08-10 15:33:59 1923968 ----a-w- C:\windows\System32\drivers\tcpip.sys

2011-07-21 02:17:23 342528 ----a-w- C:\windows\System32\MCSCM.dll

2011-07-21 02:17:20 -------- d-----w- C:\Program Files (x86)\SCM Microsystems

2011-07-13 00:38:40 552960 ----a-w- C:\windows\System32\drivers\bthport.sys

2011-07-13 00:38:39 80384 ----a-w- C:\windows\System32\drivers\BTHUSB.SYS

2011-07-13 00:38:33 3137536 ----a-w- C:\windows\System32\win32k.sys

.

==================== Find3M ====================

.

2011-07-22 05:22:26 1638912 ----a-w- C:\windows\System32\mshtml.tlb

2011-07-22 04:54:18 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb

2011-07-16 05:41:50 362496 ----a-w- C:\windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:46:28 288768 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys

2011-07-07 00:52:42 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-07 00:52:42 25912 ----a-w- C:\windows\System32\drivers\mbam.sys

2011-06-24 05:34:53 214528 ----a-w- C:\windows\System32\winsrv.dll

2011-06-23 05:43:12 5561216 ----a-w- C:\windows\System32\ntoskrnl.exe

2011-06-23 04:33:57 3967872 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2011-06-23 04:33:57 3912576 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2011-06-21 06:20:53 1188864 ----a-w- C:\windows\System32\wininet.dll

2011-06-21 05:28:33 981504 ----a-w- C:\windows\SysWow64\wininet.dll

2011-06-16 12:54:06 69888 ----a-w- C:\windows\System32\drivers\S3XXx64.sys

2011-06-15 10:02:23 212992 ----a-w- C:\windows\System32\odbctrac.dll

2011-06-15 10:02:23 163840 ----a-w- C:\windows\System32\odbccp32.dll

2011-06-15 10:02:23 106496 ----a-w- C:\windows\System32\odbccu32.dll

2011-06-15 10:02:23 106496 ----a-w- C:\windows\System32\odbccr32.dll

2011-06-15 08:55:19 86016 ----a-w- C:\windows\SysWow64\odbccu32.dll

2011-06-15 08:55:19 81920 ----a-w- C:\windows\SysWow64\odbccr32.dll

2011-06-15 08:55:19 319488 ----a-w- C:\windows\SysWow64\odbcjt32.dll

2011-06-15 08:55:19 163840 ----a-w- C:\windows\SysWow64\odbctrac.dll

2011-06-15 08:55:19 122880 ----a-w- C:\windows\SysWow64\odbccp32.dll

2011-05-24 11:42:55 404480 ----a-w- C:\windows\System32\umpnpmgr.dll

2011-05-24 10:40:05 64512 ----a-w- C:\windows\SysWow64\devobj.dll

2011-05-24 10:40:05 44544 ----a-w- C:\windows\SysWow64\devrtl.dll

2011-05-24 10:39:38 145920 ----a-w- C:\windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37:54 252928 ----a-w- C:\windows\SysWow64\drvinst.exe

.

============= FINISH: 19:53:53.44 ===============

ark.zip

[screen317]

Hi and welcome to Malwarebytes.

Is your account an administrator account?

Create a new account with administrator privileges and see if the error occurs there.

[thewonderwaller]

Hi and welcome to Malwarebytes.

Is your account an administrator account?

Create a new account with administrator privileges and see if the error occurs there.

Hi, thanks for your reply.

The user account I used for my antivir/antimalware programs is an administrator account.

[screen317]

Create a new account with administrator privileges and see if the error occurs there.

[thewonderwaller]

I created a new administrator account and once again I could not save a copy of the Antivir log file anywhere. The error message states:

"C:\windows\system32\config\systemprofile\Desktop is not accessible.

Access is denied."

A second error message pops up when I hit the save button:

"C:\windows\system32\config\systemprofile\Desktop\AVSCAN-20110816-135315-D1D8200C.LOG

You don't have permission to save in this location.

Contact the administrator to obtain permission.

Would you like to save in the [username] folder instead?"

It will then let me save the log in my user folder.

[screen317]

How odd.

Right-click this folder and click Properties. Check the Permissions on it and see that your profile is given Full Access:

C:\windows\system32\config\systemprofile\Desktop

[thewonderwaller]

According to the Permissions tab, I have full access on my account but it still will not allow me to save files after verifying the user permissions and trying another virus scan.

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!